Replace telegraf with node exporter
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
@@ -74,7 +74,7 @@ in
|
||||
jwks = [ { key = hmConfig.sops.placeholder."authelia/oidcKey"; } ];
|
||||
|
||||
authorization_policies = {
|
||||
admin = {
|
||||
admin_two_factor = {
|
||||
default_policy = "deny";
|
||||
rules = [
|
||||
{
|
||||
@@ -83,6 +83,16 @@ in
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
admin_one_factor = {
|
||||
default_policy = "deny";
|
||||
rules = [
|
||||
{
|
||||
policy = "one_factor";
|
||||
subject = [ "group:admins" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -105,6 +115,8 @@ in
|
||||
};
|
||||
|
||||
theme = "auto";
|
||||
|
||||
telemetry.metrics.enabled = true;
|
||||
}
|
||||
);
|
||||
|
||||
@@ -125,13 +137,13 @@ in
|
||||
networks.authelia.networkConfig.internal = true;
|
||||
|
||||
volumes = {
|
||||
"authelia-redis" = { };
|
||||
"authelia-postgresql" = { };
|
||||
authelia-redis = { };
|
||||
authelia-postgresql = { };
|
||||
authelia = { };
|
||||
};
|
||||
|
||||
containers = {
|
||||
"authelia-init" = {
|
||||
authelia-init = {
|
||||
containerConfig = {
|
||||
image = "docker-archive:${selfPkgs.docker-yq}";
|
||||
volumes = [
|
||||
@@ -140,7 +152,7 @@ in
|
||||
];
|
||||
exec = [
|
||||
"eval-all"
|
||||
". as $item ireduce ({}; . * $item)"
|
||||
". as $item ireduce ({}; . *+ $item)"
|
||||
"/etc/authelia/users.yaml"
|
||||
"/etc/authelia/users.yaml.default"
|
||||
"-i"
|
||||
@@ -167,6 +179,7 @@ in
|
||||
networks = [
|
||||
networks.authelia.ref
|
||||
networks.traefik.ref
|
||||
networks.prometheus.ref
|
||||
];
|
||||
exec = [
|
||||
"--config"
|
||||
@@ -183,18 +196,18 @@ in
|
||||
};
|
||||
|
||||
unitConfig.After = [
|
||||
"${containers."authelia-init"._serviceName}.service"
|
||||
"${containers."authelia-postgresql"._serviceName}.service"
|
||||
"${containers."authelia-redis"._serviceName}.service"
|
||||
"${containers.authelia-init._serviceName}.service"
|
||||
"${containers.authelia-postgresql._serviceName}.service"
|
||||
"${containers.authelia-redis._serviceName}.service"
|
||||
"sops-nix.service"
|
||||
];
|
||||
};
|
||||
|
||||
"authelia-postgresql" = {
|
||||
authelia-postgresql = {
|
||||
containerConfig = {
|
||||
image = "docker-archive:${selfPkgs.docker-postgresql}";
|
||||
networks = [ networks.authelia.ref ];
|
||||
volumes = [ "${volumes."authelia-postgresql".ref}:/var/lib/postgresql/data" ];
|
||||
volumes = [ "${volumes.authelia-postgresql.ref}:/var/lib/postgresql/data" ];
|
||||
environments = {
|
||||
POSTGRES_DB = "authelia";
|
||||
POSTGRES_USER = "authelia";
|
||||
@@ -205,12 +218,37 @@ in
|
||||
unitConfig.After = [ "sops-nix.service" ];
|
||||
};
|
||||
|
||||
"authelia-redis".containerConfig = {
|
||||
authelia-redis.containerConfig = {
|
||||
image = "docker-archive:${selfPkgs.docker-redis}";
|
||||
networks = [ networks.authelia.ref ];
|
||||
volumes = [ "${volumes."authelia-redis".ref}:/var/lib/redis" ];
|
||||
volumes = [ "${volumes.authelia-redis.ref}:/var/lib/redis" ];
|
||||
exec = [ "--save 60 1" ];
|
||||
};
|
||||
|
||||
prometheus-init.containerConfig.volumes =
|
||||
let
|
||||
autheliaConfig = (pkgs.formats.yaml { }).generate "authelia.yml" {
|
||||
scrape_configs =
|
||||
let
|
||||
hostname = config.networking.hostName;
|
||||
in
|
||||
[
|
||||
{
|
||||
job_name = "${hostname}-authelia";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [ "authelia:9959" ];
|
||||
labels = {
|
||||
app = "authelia";
|
||||
inherit user hostname;
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
in
|
||||
[ "${autheliaConfig}:/etc/prometheus/conf.d/authelia.yml" ];
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user