86 lines
2.0 KiB
Nix
86 lines
2.0 KiB
Nix
# Module: services/healthchecks
|
|
# Enables a healthchecks server
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
pkgsUnstable,
|
|
inputs,
|
|
...
|
|
}:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.healthchecks;
|
|
healthchecksHost = "127.0.0.1";
|
|
healthchecksPort = 8890;
|
|
in
|
|
{
|
|
options.healthchecks = {
|
|
enable = mkEnableOption "Enables healthchecks module";
|
|
|
|
environmentFile = mkOption {
|
|
type = types.path;
|
|
default = null;
|
|
description = "Path of file containing extra env settings";
|
|
example = "../secrets/healthchecks.env";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services.healthchecks = {
|
|
enable = true;
|
|
# We want to use stable here, it depends on some Python libraries
|
|
package = pkgs.healthchecks;
|
|
listenAddress = healthchecksHost;
|
|
port = healthchecksPort;
|
|
|
|
settings = {
|
|
ALLOWED_HOSTS = [
|
|
"hc.its-et.me"
|
|
"tail755c5.ts.net"
|
|
"localhost"
|
|
];
|
|
DEBUG = false;
|
|
INTEGRATIONS_ALLOW_PRIVATE_IPS = "False";
|
|
PROMETHEUS_ENABLED = "True";
|
|
SITE_NAME = "its-et.me Healthchecks";
|
|
SITE_ROOT = "https://hc.its-et.me";
|
|
WEBHOOKS_ENABLED = "True";
|
|
};
|
|
|
|
settingsFile = cfg.environmentFile;
|
|
};
|
|
|
|
services.traefik.dynamicConfigOptions = {
|
|
http.routers.healthchecks = {
|
|
entrypoints = [ "websecure" ];
|
|
rule = "Host(`hc.its-et.me`)";
|
|
middlewares = [
|
|
"authentik@file"
|
|
#allow-tailscale@file
|
|
];
|
|
tls.certresolver = "production";
|
|
service = "healthchecks";
|
|
priority = 1;
|
|
};
|
|
|
|
# Unprotect ping route to ensure that pings reach the service properly
|
|
http.routers.healthchecks-ping = {
|
|
entrypoints = [ "websecure" ];
|
|
rule = "Host(`hc.its-et.me`) && PathPrefix(`/ping/`)";
|
|
tls.certresolver = "production";
|
|
service = "healthchecks";
|
|
priority = 50;
|
|
};
|
|
|
|
http.services.healthchecks.loadbalancer.servers = [
|
|
{
|
|
url = "http://${healthchecksHost}:${toString healthchecksPort}";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
}
|