{ config, ... }: # Dashboards: # - Synapse: https://github.com/element-hq/synapse/tree/master/contrib/grafana { imports = [ ../../services/nginx.nix ../../services/prometheus-nginx.nix ]; services = { grafana = { enable = true; settings = { server.http_addr = "::1"; database = { type = "postgres"; name = "grafana"; user = "grafana"; host = "sql.berlin.ccc.de:5432"; password = "$__file{${config.age.secrets.postgres-grafana.path}}"; }; security = { secret_key = "$__file{${config.age.secrets.grafana_secret_key.path}}"; admin_user = "xengi"; admin_password = "$__file{${config.age.secrets.grafana_admin_password.path}}"; admin_email = "cccb-grafana@xengi.de"; }; analytics = { reporting_enabled = false; feedback_links_enabled = false; }; }; provision = { enable = true; datasources.settings.datasources = [ { name = "Prometheus"; type = "prometheus"; url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}"; jsonData = { httpMethod = "GET"; prometheusType = "Prometheus"; cacheLevel = "High"; }; } ]; }; }; nginx = { upstreams."grafana".servers."[${config.services.grafana.settings.server.http_addr}]:${toString config.services.grafana.settings.server.http_port}" = { }; virtualHosts."monitoring.${config.networking.domain}" = { default = true; quic = true; kTLS = true; forceSSL = true; enableACME = true; #extraConfig = '' # map $http_upgrade $connection_upgrade { # default upgrade; # \'\' close; # } #''; locations = { "/" = { basicAuthFile = config.age.secrets.grafana_basic_auth.path; proxyPass = "http://grafana"; recommendedProxySettings = true; }; "/api/live/" = { proxyPass = "http://grafana"; recommendedProxySettings = true; proxyWebsockets = true; }; }; }; }; }; }