Simon Bruder
ebfa0ec16a
Sadly, they are so interconnected, that it is not easily possible to migrate it in smaller steps. It should be refactored to make them more modularised and independent of each other.
54 lines
1.2 KiB
Nix
54 lines
1.2 KiB
Nix
{ config, ... }:
|
|
let
|
|
cfg = config.services.grafana;
|
|
in
|
|
{
|
|
services.grafana = {
|
|
enable = true;
|
|
# grafana supports sockets, but no permission management (always 660 grafana:grafana)
|
|
addr = "127.0.0.1";
|
|
port = 3002;
|
|
domain = "grafana.sbruder.de";
|
|
rootUrl = "https://%(domain)s/";
|
|
database = {
|
|
type = "postgres";
|
|
host = "/run/postgresql";
|
|
user = "grafana";
|
|
};
|
|
provision = {
|
|
enable = true;
|
|
datasources = [
|
|
{
|
|
name = "Prometheus";
|
|
type = "prometheus";
|
|
url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}";
|
|
isDefault = true;
|
|
}
|
|
];
|
|
};
|
|
analytics.reporting.enable = false;
|
|
};
|
|
|
|
systemd.services.grafana.after = [ "postgresql.service" ];
|
|
|
|
services.postgresql = {
|
|
enable = true;
|
|
ensureDatabases = [ cfg.database.name ];
|
|
ensureUsers = [
|
|
{
|
|
name = cfg.database.user;
|
|
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
|
|
}
|
|
];
|
|
};
|
|
|
|
services.nginx.virtualHosts."grafana.sbruder.de" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations = {
|
|
"/".proxyPass = "http://${cfg.addr}:${toString cfg.port}";
|
|
};
|
|
};
|
|
}
|