diff options
| author | Azat Bahawi <azat@bahawi.net> | 2022-12-17 16:39:09 +0300 |
|---|---|---|
| committer | Azat Bahawi <azat@bahawi.net> | 2022-12-17 16:39:09 +0300 |
| commit | 8f137c28230623259a964484adcf31fe00756594 (patch) | |
| tree | 82bce6a13fda125087cf6d9dc80aa91d9230d6c4 /modules/nixos/grafana.nix | |
| parent | 2022-11-20 (diff) | |
2022-12-17
Diffstat (limited to 'modules/nixos/grafana.nix')
| -rw-r--r-- | modules/nixos/grafana.nix | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/modules/nixos/grafana.nix b/modules/nixos/grafana.nix new file mode 100644 index 0000000..a614502 --- /dev/null +++ b/modules/nixos/grafana.nix @@ -0,0 +1,119 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.grafana; +in { + options.nixfiles.modules.grafana = { + enable = mkEnableOption "Grafana"; + + port = mkOption { + description = "Port."; + type = with types; port; + default = 30101; + }; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; nullOr str; + default = "grafana.${config.networking.domain}"; + }; + }; + + config = let + db = "grafana"; + in + mkIf cfg.enable { + secrets = { + grafana-key = { + file = "${inputs.self}/secrets/grafana-key"; + owner = "grafana"; + group = "grafana"; + }; + grafana-admin-password = { + file = "${inputs.self}/secrets/grafana-admin-password"; + owner = "grafana"; + group = "grafana"; + }; + grafana-smtp-password = { + file = "${inputs.self}/secrets/grafana-smtp-password"; + owner = "grafana"; + group = "grafana"; + }; + }; + + nixfiles.modules = { + nginx = { + enable = true; + upstreams.grafana.servers."127.0.0.1:${toString cfg.port}" = {}; + virtualHosts.${cfg.domain} = { + locations."/" = { + proxyPass = "http://grafana"; + proxyWebsockets = true; + }; + extraConfig = nginxInternalOnly; + }; + }; + postgresql = { + enable = true; + extraPostStart = [ + '' + $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' + '' + ]; + }; + }; + + services = { + grafana = { + enable = true; + + settings = { + server = with cfg; { + protocol = "http"; + http_addr = "127.0.0.1"; + http_port = port; + inherit domain; + enable_gzip = true; + }; + database = { + type = "postgres"; + host = "/run/postgresql"; + name = db; + user = db; + }; + smtp = { + enable = true; + user = "azahi@shire.me"; + host = my.domain.shire; + password = "$__file{${config.secrets.grafana-smtp-password.path}}"; + }; + user = { + allow_org_create = false; + allow_sign_up = false; + auto_assign_org = false; + auto_assign_org_role = "Viewer"; + }; + security = with config.secrets; { + secret_key = grafana-key.path; + admin_password = grafana-admin-password.path; + }; + analytics.reporting_enable = false; + }; + }; + + postgresql = { + ensureDatabases = [db]; + ensureUsers = [ + { + name = db; + ensurePermissions."DATABASE \"${db}\"" = "ALL"; + } + ]; + }; + }; + }; +} |