From d1cf0f698f716642d11e60bc7df39a0dde929f51 Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Wed, 24 Feb 2021 20:55:21 +0100 Subject: [PATCH] fuuko: Add grafana --- machines/fuuko/configuration.nix | 1 + machines/fuuko/services/grafana.nix | 52 +++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 machines/fuuko/services/grafana.nix diff --git a/machines/fuuko/configuration.nix b/machines/fuuko/configuration.nix index 1c7cf10..e90f52a 100644 --- a/machines/fuuko/configuration.nix +++ b/machines/fuuko/configuration.nix @@ -5,6 +5,7 @@ ../../modules ../../users/simon + ./services/grafana.nix ./services/prometheus.nix ]; diff --git a/machines/fuuko/services/grafana.nix b/machines/fuuko/services/grafana.nix new file mode 100644 index 0000000..11eb18e --- /dev/null +++ b/machines/fuuko/services/grafana.nix @@ -0,0 +1,52 @@ +{ config, ... }: +let + cfg = config.services.grafana; +in +{ + services.grafana = { + enable = true; + # grafana supports sockets, but no permission management (always 660 grafana:grafana) + addr = "127.0.0.1"; + domain = "grafana.sbruder.de"; + rootUrl = "https://%(domain)s/"; + database = { + type = "postgres"; + host = "/run/postgresql"; + user = "grafana"; + }; + provision = { + enable = true; + datasources = [ + { + name = "Prometheus"; + type = "prometheus"; + url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}"; + isDefault = true; + } + ]; + }; + analytics.reporting.enable = false; + }; + + systemd.services.grafana.after = [ "postgresql.service" ]; + + services.postgresql = { + enable = true; + ensureDatabases = [ cfg.database.name ]; + ensureUsers = [ + { + name = cfg.database.user; + ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; + } + ]; + }; + + services.nginx.virtualHosts."grafana.sbruder.de" = { + enableACME = true; + forceSSL = true; + + locations = { + "/".proxyPass = "http://${cfg.addr}:${toString cfg.port}"; + }; + }; +}