REWRITE

2026-05-20 23:21:36 +03:00
parent 171ff2f3bc
commit 08e8b5edbe
17 changed files with 419 additions and 322 deletions
@@ -38,7 +38,7 @@ let
 in
 {
  options.homey.monitoring = {
-    enable = lib.mkEnableOption "Prometheus + Grafana monitoring stack";
+    enable = lib.mkEnableOption "Prometheus + Grafana monitoring stack" // { default = true; };

    prometheusPort = lib.mkOption {
      type    = lib.types.port;
@@ -205,6 +205,30 @@ in
      mode = "0444";
    };

+    # -----------------------------------------------------------------------
+    # Caddy virtual host — forward_auth; Caddy maps Remote-User → X-WEBAUTH-USER
+    # so Grafana's proxy auth auto-signs the user in
+    # -----------------------------------------------------------------------
+    homey.caddy.virtualHosts = [{
+      subdomain = "grafana";
+      port      = cfg.grafanaPort;
+      auth      = true;
+      extraConfig = ''
+        reverse_proxy localhost:${toString cfg.grafanaPort} {
+          header_up X-WEBAUTH-USER {http.request.header.Remote-User}
+        }
+      '';
+      extraHttpConfig = ''
+        reverse_proxy localhost:${toString cfg.grafanaPort} {
+          header_up X-Forwarded-Proto https
+          header_up X-WEBAUTH-USER {http.request.header.Remote-User}
+        }
+      '';
+    }];
+
+    # Grafana and Prometheus use system state dirs (/var/lib/grafana,
+    # /var/lib/prometheus2) — no extraDirs or backup entries needed.
+
    # -----------------------------------------------------------------------
    # Uptime Kuma monitor for Grafana
    # -----------------------------------------------------------------------