From 058fc0b6672b3b4536ee7c25167025171ac968a7 Mon Sep 17 00:00:00 2001 From: Christine Elisabeth Koppel Date: Sat, 14 Feb 2026 14:50:17 +0100 Subject: [PATCH] Expose Grafana on port 3005 and add Traefik route with Anubis auth --- nix-system-configs/modules/system/gramethus.nix | 4 +++- nix-system-configs/modules/system/traefik.nix | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/nix-system-configs/modules/system/gramethus.nix b/nix-system-configs/modules/system/gramethus.nix index 5c3baa2..f672023 100644 --- a/nix-system-configs/modules/system/gramethus.nix +++ b/nix-system-configs/modules/system/gramethus.nix @@ -61,7 +61,6 @@ in { enable = true; settings = { server = { - http_addr = "127.0.0.1"; http_port = 3005; enforce_domain = true; enable_gzip = true; @@ -106,5 +105,8 @@ in { # Enable Tailscale for remote access to Traefik dashboard and configuration services.tailscale.enable = true; + + networking.firewall.allowedTCPPorts = [3005]; + networking.firewall.allowedUDPPorts = [3005]; }; } diff --git a/nix-system-configs/modules/system/traefik.nix b/nix-system-configs/modules/system/traefik.nix index f87af3d..84005a5 100644 --- a/nix-system-configs/modules/system/traefik.nix +++ b/nix-system-configs/modules/system/traefik.nix @@ -212,6 +212,15 @@ in { tls = {}; middlewares = ["anubisForwardAuth"]; }; + + # Protected service: Grafana + grafana = { + rule = "Host(`grafana.prg-radio.org`)"; + service = "grafana"; + entryPoints = ["websecure"]; + tls = {}; + middlewares = ["anubisForwardAuth"]; + }; }; http.services = { @@ -243,6 +252,12 @@ in { {url = "http://10.1.1.249:8087";} ]; }; + + grafana.loadBalancer = { + servers = [ + {url = "http://10.1.1.10:3005";} + ]; + }; }; # TCP routing for TeamSpeak