felix/nixos
1
0
Fork 0
mirror of https://github.com/Stunkymonkey/nixos.git synced 2025-05-24 09:54:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

service/nginx: enable monitoring

Browse source
This commit is contained in:
Felix Buehler 2023-04-13 20:14:33 +02:00
parent 913cece20f
commit 36bbc03252
2 changed files with 43 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

41
modules/services/nginx/default.nix
View file

@ -203,6 +203,7 @@ in
; ;
services.nginx = { services.nginx = {
enable = true; enable = true;
statusPage = true; # For monitoring scraping.
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
@ -224,20 +225,20 @@ in
# some applications set it to wildcard, therefore this overrides it # some applications set it to wildcard, therefore this overrides it
proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Origin;
add_header Access-Control-Allow-Origin https://${config.networking.domain}; add_header Access-Control-Allow-Origin https://${config.networking.domain};
# Minimize information leaked to other domains # Minimize information leaked to other domains
add_header 'Referrer-Policy' 'strict-origin-when-cross-origin'; add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';
# Disable embedding as a frame # Disable embedding as a frame
add_header X-Frame-Options DENY; add_header X-Frame-Options DENY;
# Prevent injection of code in other mime types (XSS Attacks) # Prevent injection of code in other mime types (XSS Attacks)
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
# Enable XSS protection of the browser. # Enable XSS protection of the browser.
# May be unnecessary when CSP is configured properly (see above) # May be unnecessary when CSP is configured properly (see above)
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
# This might create errors # This might create errors
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
@ -405,5 +406,35 @@ in
}; };
}; };
}; };
# services.prometheus = lib.mkIf cfg.monitoring.enable {
services.prometheus = {
exporters.nginx = {
enable = true;
listenAddress = "127.0.0.1";
};
scrapeConfigs = [
{
job_name = "nginx";
static_configs = [
{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}" ];
labels = {
instance = config.networking.hostName;
};
}
];
}
];
};
services.grafana.provision = {
dashboards.settings.providers = [
{
name = "Nginx";
options.path = pkgs.grafana-dashboards.nginx;
disableDeletion = true;
}
];
};
}; };
} }

7
pkgs/grafana-dashboards/default.nix
View file

@ -33,4 +33,11 @@ in
version = "31"; version = "31";
hash = "sha256-QsRHsnayYRRGc+2MfhaKGYpNdH02PesnR5b50MDzHIg="; hash = "sha256-QsRHsnayYRRGc+2MfhaKGYpNdH02PesnR5b50MDzHIg=";
}; };
nginx = buildGrafanaDashboard {
id = 12708;
pname = "nginx";
version = "1";
hash = "sha256-T1HqWbwt+i/We+Y2B7hcl3CijGxZF5QI38aPcXjk9y0=";
};
}) })