zaphyra's git: nixfiles

zaphyra and void's nixfiles

path: /config/nixos/modules/websites/grafana.infra.zaphyra.eu.nix 2.38 KB | plain
1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
63 
64 
65 
66 
67 
68 
69 
70 
71 
72 
73 
74 
75 
76 
77 
78 
79 
80 
81 
82 
83 
84 
85 
86 
87 
88 
89 
90 
91 
92 
93 
94 
95 
96 
97 
98 
99 
100 
{
  inputs,
  povSelf,
  config,
  lib,
  pkgs,
  ...
}:

let
  inherit (lib) types;
  cfg = lib.getAttrFromPath povSelf config;

in
{

  options = {
    enable = {
      type = types.bool;
      default = false;
    };
    subdomain = {
      type = types.str;
      default = "grafana.infra";
    };
    domain = {
      type = types.str;
      default = "zaphyra.eu";
    };
    prometheusUrl = {
      type = types.str;
      default = "https://prometheus.infra.zaphyra.eu/";
    };
  };

  config = lib.mkIf cfg.enable {
    dns.zones."${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ];

    modules.filesystem.impermanence.system.dirs = [
      {
        directory = "/var/lib/grafana";
        mode = "0700";
        user = "grafana";
        group = "grafana";
      }
    ];

    services.grafana = {
      enable = true;
      settings = {
        server = {
          domain = "${cfg.subdomain}.${cfg.domain}";
          root_url = "https://${config.services.grafana.settings.server.domain}/";
          http_addr = "::1";
          http_port = 3001;
        };
        dashboards.min_refresh_interval = "15s";
        security.allow_embedding = true;
        "users".auto_assign_org_role = "Viewer";
        "users".viewers_can_edit = true;
        "users".home_page = "/d/rYdddlPWk/node-exporter-full";
        "auth".disable_login_form = true;
        "auth.basic".enabled = false;
        "auth.anonymous".enabled = true;
        "auth.anonymous".org_name = "Main Org.";
        "auth.anonymous".org_role = "Viewer";
      };

      provision = {
        enable = true;
        datasources.settings.datasources = [
          {
            name = "Prometheus";
            type = "prometheus";
            url = cfg.prometheusUrl;
            isDefault = true;
            editable = false;
            jsonData.timeInterval = "20s";
          }
        ];
        dashboards.settings.providers = [
          {
            folder = "provisioned";
            allowUiUpdates = false;
            options.path = ../../../../resources/grafanaDashboards;
          }
        ];
      };
    };

    services.nginx.virtualHosts."${cfg.subdomain}.${cfg.domain}" = {
      useACMEHost = "${config.networking.fqdn}";
      forceSSL = true;
      kTLS = true;
      locations."/".proxyPass =
        "http://[::1]:${toString config.services.grafana.settings.server.http_port}/";
    };
  };

}