torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

monitoring02: add Caddy reverse proxy for VictoriaMetrics and vmalert

Browse Source 
Add metrics.home.2rjus.net and vmalert.home.2rjus.net CNAMEs with
Caddy TLS termination via internal ACME CA.

Refactors Grafana's Caddy config from configFile to globalConfig +
virtualHosts so both modules can contribute routes to the same
Caddy instance.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-02-17 00:36:11 +01:00
parent e329f87b0b
commit 4cbaa33475
3 changed files with 21 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/monitoring02/configuration.nix
View File

@@ -18,8 +18,7 @@
role = "monitoring"; role = "monitoring";
}; };
# DNS CNAME for Grafana test instance homelab.dns.cnames = [ "grafana-test" "metrics" "vmalert" ];
homelab.dns.cnames = [ "grafana-test" ];
# Enable Vault integration # Enable Vault integration
vault.enable = true; vault.enable = true;

26
services/grafana/default.nix
View File

@@ -87,22 +87,20 @@
services.caddy = { services.caddy = {
enable = true; enable = true;
package = pkgs.unstable.caddy; package = pkgs.unstable.caddy;
configFile = pkgs.writeText "Caddyfile" '' globalConfig = ''
{ acme_ca https://vault.home.2rjus.net:8200/v1/pki_int/acme/directory
acme_ca https://vault.home.2rjus.net:8200/v1/pki_int/acme/directory metrics
metrics '';
} virtualHosts."grafana-test.home.2rjus.net".extraConfig = ''
log {
grafana-test.home.2rjus.net { output file /var/log/caddy/grafana.log {
log { mode 644
output file /var/log/caddy/grafana.log {
mode 644
}
} }
reverse_proxy http://127.0.0.1:3000
} }
reverse_proxy http://127.0.0.1:3000
'';
# Metrics endpoint on plain HTTP for Prometheus scraping
extraConfig = ''
http://${config.networking.hostName}.home.2rjus.net/metrics { http://${config.networking.hostName}.home.2rjus.net/metrics {
metrics metrics
} }

8
services/victoriametrics/default.nix
View File

@@ -183,6 +183,14 @@ in
}; };
}; };
# Caddy reverse proxy for VictoriaMetrics and vmalert
services.caddy.virtualHosts."metrics.home.2rjus.net".extraConfig = ''
reverse_proxy http://127.0.0.1:8428
'';
services.caddy.virtualHosts."vmalert.home.2rjus.net".extraConfig = ''
reverse_proxy http://127.0.0.1:8880
'';
# Alertmanager - same config as monitoring01 but will only receive # Alertmanager - same config as monitoring01 but will only receive
# alerts after cutover (vmalert notifier is disabled above) # alerts after cutover (vmalert notifier is disabled above)
services.prometheus.alertmanager = { services.prometheus.alertmanager = {