treewide: move nixos modules

2024-07-18 15:04:18 +02:00 · 2024-07-18 15:04:18 +02:00 · 8eff4c5e4f
commit 8eff4c5e4f
parent d84be7c616
73 changed files with 62 additions and 62 deletions
--- a/modules/nixos/services/grafana/default.nix
+++ b/modules/nixos/services/grafana/default.nix
@ -0,0 +1,97 @@
+{ config, lib, pkgs, ... }:
+
+{
+  options.chvp.services.grafana.enable = lib.mkEnableOption "grafana";
+
+  config = lib.mkIf config.chvp.services.grafana.enable {
+    chvp.services.nginx.hosts = [{
+      fqdn = "stats.chvp.be";
+      options.locations."/" = {
+        proxyPass = "http://grafana";
+        proxyWebsockets = true;
+      };
+    }];
+    users.users = {
+      influxdb2.extraGroups = [ "acme" ];
+      nginx.extraGroups = [ "grafana" ];
+    };
+    networking.firewall.allowedTCPPorts = [ 8086 ];
+    services = {
+      nginx.upstreams.grafana.servers = { "unix:/run/grafana/grafana.sock" = { }; };
+      influxdb2 = {
+        enable = true;
+        settings = {
+          reporting-disabled = true;
+          tls-cert = "${config.security.acme.certs."vanpetegem.me".directory}/fullchain.pem";
+          tls-key = "${config.security.acme.certs."vanpetegem.me".directory}/key.pem";
+        };
+      };
+      grafana = {
+        enable = true;
+        dataDir = "${config.chvp.dataPrefix}/var/lib/grafana";
+        settings = {
+          analytics.reporting_enabled = false;
+          "auth.anonymous" = {
+            enabled = "true";
+            org_name = "Van Petegem";
+          };
+          database = {
+            user = "grafana";
+            type = "postgres";
+            host = "/run/postgresql/";
+            name = "grafana";
+          };
+          security = {
+            admin_user = "chvp";
+            admin_password = "$__file{${config.age.secrets."passwords/services/grafana/admin-password".path}}";
+            secret_key = "$__file{${config.age.secrets."passwords/services/grafana/secret-key".path}}";
+          };
+          server = {
+            domain = "stats.chvp.be";
+            http_port = 3000;
+            protocol = "socket";
+            root_url = "https://stats.chvp.be";
+            socket = "/run/grafana/grafana.sock";
+          };
+          smtp = {
+            enabled = true;
+            host = "mail.vanpetegem.me:25";
+            user = "noreply@vanpetegem.me";
+            from_address = "noreply@vanpetegem.me";
+            password = "$__file{${config.age.secrets."passwords/services/grafana/smtp".path}}";
+          };
+          users = {
+            default_theme = "light";
+            allow_sign_up = false;
+          };
+        };
+      };
+      grafana-image-renderer = {
+        enable = true;
+        provisionGrafana = true;
+        chromium = pkgs.ungoogled-chromium;
+      };
+      postgresql = {
+        enable = true;
+        dataDir = "${config.chvp.dataPrefix}/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
+        ensureDatabases = [ "grafana" ];
+        ensureUsers = [{
+          name = "grafana";
+          ensureDBOwnership = true;
+        }];
+      };
+    };
+    age.secrets."passwords/services/grafana/smtp" = {
+      file = ../../../../secrets/passwords/services/grafana/smtp.age;
+      owner = "grafana";
+    };
+    age.secrets."passwords/services/grafana/admin-password" = {
+      file = ../../../../secrets/passwords/services/grafana/admin-password.age;
+      owner = "grafana";
+    };
+    age.secrets."passwords/services/grafana/secret-key" = {
+      file = ../../../../secrets/passwords/services/grafana/secret-key.age;
+      owner = "grafana";
+    };
+  };
+}