28 lines
721 B
Nix
28 lines
721 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
let
|
|
domain = "grafana.fablab-nea.de";
|
|
srv = config.services.grafana.settings.server;
|
|
in
|
|
{
|
|
services.grafana = {
|
|
enable = true;
|
|
settings.server.domain = domain;
|
|
};
|
|
|
|
services.nginx.virtualHosts."${domain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://${srv.http_addr}:${toString srv.http_port}";
|
|
recommendedProxySettings = true;
|
|
};
|
|
extraConfig = ''
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header X-Content-Type-Options "nosniff";
|
|
'';
|
|
};
|
|
}
|