fuuko: Add grafana

machines/fuuko/configuration.nix

@@ -5,6 +5,7 @@
     ../../modules
     ../../users/simon
 
+    ./services/grafana.nix
     ./services/prometheus.nix
   ];
 

machines/fuuko/services/grafana.nix

@@ -0,0 +1,52 @@
+{ config, ... }:
+let
+  cfg = config.services.grafana;
+in
+{
+  services.grafana = {
+    enable = true;
+    # grafana supports sockets, but no permission management (always 660 grafana:grafana)
+    addr = "127.0.0.1";
+    domain = "grafana.sbruder.de";
+    rootUrl = "https://%(domain)s/";
+    database = {
+      type = "postgres";
+      host = "/run/postgresql";
+      user = "grafana";
+    };
+    provision = {
+      enable = true;
+      datasources = [
+        {
+          name = "Prometheus";
+          type = "prometheus";
+          url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}";
+          isDefault = true;
+        }
+      ];
+    };
+    analytics.reporting.enable = false;
+  };
+
+  systemd.services.grafana.after = [ "postgresql.service" ];
+
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ cfg.database.name ];
+    ensureUsers = [
+      {
+        name = cfg.database.user;
+        ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
+      }
+    ];
+  };
+
+  services.nginx.virtualHosts."grafana.sbruder.de" = {
+    enableACME = true;
+    forceSSL = true;
+
+    locations = {
+      "/".proxyPass = "http://${cfg.addr}:${toString cfg.port}";
+    };
+  };
+}