diff options
Diffstat (limited to 'modules/nixos/grafana.nix')
| -rw-r--r-- | modules/nixos/grafana.nix | 125 |
1 files changed, 0 insertions, 125 deletions
diff --git a/modules/nixos/grafana.nix b/modules/nixos/grafana.nix deleted file mode 100644 index 233c9e5..0000000 --- a/modules/nixos/grafana.nix +++ /dev/null @@ -1,125 +0,0 @@ -{ - config, - inputs, - lib, - libNginx, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.grafana; -in -{ - options.nixfiles.modules.grafana = { - enable = mkEnableOption "Grafana"; - - port = mkOption { - description = "Port."; - type = with types; port; - default = 30101; - }; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; nullOr str; - default = "grafana.${config.networking.domain}"; - }; - }; - - config = - let - db = "grafana"; - in - mkIf cfg.enable { - ark.directories = [ config.services.grafana.dataDir ]; - - secrets = { - grafana-key = { - file = "${inputs.self}/secrets/grafana-key"; - owner = "grafana"; - group = "grafana"; - }; - grafana-admin-password = { - file = "${inputs.self}/secrets/grafana-admin-password"; - owner = "grafana"; - group = "grafana"; - }; - grafana-smtp-password = { - file = "${inputs.self}/secrets/smtp-password"; - owner = "grafana"; - group = "grafana"; - }; - }; - - nixfiles.modules = { - nginx = { - enable = true; - upstreams.grafana.servers."127.0.0.1:${toString cfg.port}" = { }; - virtualHosts.${cfg.domain} = { - locations."/" = { - proxyPass = "http://grafana"; - proxyWebsockets = true; - }; - extraConfig = libNginx.config.internalOnly; - }; - }; - postgresql = { - enable = true; - extraPostStart = [ - '' - $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' - '' - ]; - }; - }; - - services = { - grafana = { - enable = true; - - settings = { - server = with cfg; { - protocol = "http"; - http_addr = "127.0.0.1"; - http_port = port; - inherit domain; - enable_gzip = true; - }; - database = { - type = "postgres"; - host = "/run/postgresql"; - name = db; - user = db; - }; - smtp = { - enable = true; - user = "azahi@shire.net"; - host = my.domain.shire; - password = "$__file{${config.secrets.grafana-smtp-password.path}}"; - }; - user = { - allow_org_create = false; - allow_sign_up = false; - auto_assign_org = false; - auto_assign_org_role = "Viewer"; - }; - security = with config.secrets; { - secret_key = "$__file{${grafana-key.path}}"; - admin_password = "$__file{${grafana-admin-password.path}}"; - }; - analytics.reporting_enable = false; - }; - }; - - postgresql = { - ensureDatabases = [ db ]; - ensureUsers = [ - { - name = db; - ensureDBOwnership = true; - } - ]; - }; - }; - }; -} |