jalr/nixos-configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-configuration/hosts/iron/services/grafana.nix
Jakob Lechner c7222d9500 Add Grafana to iron
2025-11-13 00:53:25 +01:00

146 lines
3.8 KiB
Nix
Raw Blame History

{ config
, lib
, pkgs
, ...
}:
let
inherit (config.networking) ports;
domain = "grafana.jalr.de";
cfg = config.services.grafana;
in
{
sops.secrets = {
"grafana/secret-key" = {
sopsFile = ../secrets.yaml;
owner = config.systemd.services.grafana.serviceConfig.User;
};
};
services.grafana = {
enable = true;
settings = {
server = {
inherit domain;
root_url = "https://%(domain)s";
http_addr = "127.0.0.1";
http_port = ports.grafana.tcp;
};
security = {
content_security_policy = true;
cookie_samesite = "strict";
cookie_secure = true;
secret_key = "$__file{${config.sops.secrets."grafana/secret-key".path}}";
strict_transport_security = true;
strict_transport_security_preload = true;
strict_transport_security_subdomains = true;
};
analytics = {
reporting_enabled = false;
check_for_updates = false;
check_for_plugin_updates = false;
};
};
provision = {
datasources.settings = {
apiVersion = 1;
datasources = with config.services.prometheus;
(
lib.lists.optional enable {
name = "Prometheus";
type = "prometheus";
url = "http://${listenAddress}:${toString port}";
orgId = 1;
}
)
++ (with config.services.prometheus.alertmanager; (
lib.lists.optional enable {
name = "Alertmanager";
type = "alertmanager";
url = "http://${listenAddress}:${toString port}";
orgId = 1;
}
));
deleteDatasources = [
{
name = "Prometheus";
orgId = 1;
}
{
name = "Alertmanager";
orgId = 1;
}
];
};
dashboards.settings.providers =
let
# https://grafana.com/grafana/dashboards/
fetchDashboard =
{ name
, hash
, id
, version
,
}:
pkgs.fetchurl {
inherit name hash;
url = "https://grafana.com/api/dashboards/${toString id}/revisions/${toString version}/download";
recursiveHash = true;
postFetch = ''
mv "$out" temp
mkdir -p "$out"
mv temp "$out/${name}.json";
'';
};
dashboard = name: fetchArgs: {
inherit name;
options.path = fetchDashboard fetchArgs;
};
in
[
(dashboard "Node Exporter Full"
{
name = "node-exporter-full";
hash = "sha256-QTHG9ioy7E8U8O8x/qFabOxK2qBjlGlzuEvwYKug0CQ=";
id = 1860;
version = 36;
})
(dashboard "Node Exporter"
{
name = "node-exporter";
hash = "sha256-2xgE0m3SUFiux501uCVb4aH3zGfapW/SmfxRsFC/514=";
id = 13978;
version = 2;
})
(dashboard "AlertManager"
{
name = "alertmanager";
hash = "sha256-Yvw0DGQJpqBYNzE4ES/x7ZAYF7iJ4SUNBKB+sJRuGBw=";
id = 9578;
version = 4;
})
];
};
};
services.nginx.virtualHosts = {
"${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${cfg.settings.server.http_addr}:${toString cfg.settings.server.http_port}";
proxyWebsockets = true;
recommendedProxySettings = true;
};
};
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/grafana";
user = "grafana";
group = "grafana";
mode = "u=rwx,g=,o=";
}
];
}
Reference in a new issue View git blame Copy permalink