WIP: add grafana & victoriametrics

2025-03-27 18:35:57 +01:00 · 2025-03-27 18:35:57 +01:00 · a184d18f4b
commit a184d18f4b
parent a8e3c97ef4
6 changed files with 159 additions and 1 deletions
--- a/profiles/grafana.nix
+++ b/profiles/grafana.nix
@ -0,0 +1,73 @@
+{ pkgs, lib, config, ... }: 
+let
+  cfg = config.services.grafana;
+  fileProvider = path: "$__file{${path}}";
+in {
+  age.secrets = {
+    grafana-admin-password = {
+      file = ../secrets/grafana-admin-password.age;
+      owner = "grafana";
+      group = "grafana";
+    };
+    grafana-secret-key = {
+      file = ../secrets/grafana-secret-key.age;
+      owner = "grafana";
+      group = "grafana";
+    };
+  };
+
+  services.grafana = {
+    enable = true;
+
+    settings = {
+      server.protocol = "socket";
+      analytics = {
+        reporting_enabled = false;
+        feedback_links_enabled = false;
+      };
+      security = {
+        admin_user = "admin";
+        admin_password = fileProvider config.age.secrets.grafana-admin-password.path;
+        secret_key = fileProvider config.age.secrets.grafana-secret-key.path;
+      };
+    };
+
+    declarativePlugins = lib.mkIf config.services.victoriametrics.enable
+      [ pkgs.grafanaPlugins.victoriametrics-metrics-datasource ];
+
+    provision.datasources.settings.datasources = lib.mkIf
+      config.services.victoriametrics.enable
+      [
+        {
+          name = "VictoriaMetrics";
+          type = "victoriametrics-metrics-datasource";
+          uid = "vm";
+          url = "http://localhost:8248";
+          editable = false;
+          jsonData = {
+            isDefault = true;
+          };
+        }
+      ];
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+    upstreams.grafana.servers."unix:/${cfg.settings.server.socket}" = {};
+    virtualHosts."grafana.federez.net" = {
+      root = cfg.settings.server.static_root_path;
+      enableACME = true;
+      forceSSL = true;
+      locations."/".tryFiles = "$uri @grafana";
+      locations."@grafana".proxyPass = "http://grafana";
+    };
+  };
+
+  users.users.${config.services.nginx.user}.extraGroups = [ "grafana" ];
+}