xengi/infra
0
1
Fork 0
Code Pull requests Activity Actions
infra/hosts/monitoring/grafana.nix

82 lines
2.3 KiB
Nix
Raw Blame History

{ config, ... }:
# Dashboards:
# - Synapse: https://github.com/element-hq/synapse/tree/master/contrib/grafana
{
imports = [
../../services/nginx.nix
../../services/prometheus-nginx.nix
];
services = {
grafana = {
enable = true;
settings = {
server.http_addr = "::1";
database = {
type = "postgres";
name = "grafana";
user = "grafana";
host = "sql.berlin.ccc.de:5432";
password = "$__file{${config.age.secrets.postgres-grafana.path}}";
};
security = {
secret_key = "$__file{${config.age.secrets.grafana_secret_key.path}}";
admin_user = "xengi";
admin_password = "$__file{${config.age.secrets.grafana_admin_password.path}}";
admin_email = "cccb-grafana@xengi.de";
};
analytics = {
reporting_enabled = false;
feedback_links_enabled = false;
};
};
provision = {
enable = true;
datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}";
jsonData = {
httpMethod = "GET";
prometheusType = "Prometheus";
cacheLevel = "High";
};
}
];
};
};
nginx = {
upstreams."grafana".servers."[${config.services.grafana.settings.server.http_addr}]:${toString config.services.grafana.settings.server.http_port}" =
{ };
virtualHosts."monitoring.${config.networking.domain}" = {
default = true;
quic = true;
kTLS = true;
forceSSL = true;
enableACME = true;
#extraConfig = ''
# map $http_upgrade $connection_upgrade {
# default upgrade;
# \'\' close;
# }
#'';
locations = {
"/" = {
basicAuthFile = config.age.secrets.grafana_basic_auth.path;
proxyPass = "http://grafana";
recommendedProxySettings = true;
};
"/api/live/" = {
proxyPass = "http://grafana";
recommendedProxySettings = true;
proxyWebsockets = true;
};
};
};
};
};
}
View git blame Copy permalink