NixOS/system/services/telemetry/grafana.nix

{ config, lib, pkgs, ... }:
let
  cfg = config.profile.services.telemetry.grafana;
  inherit (lib) mkIf;
  grafanaDomain = "grafana.tigor.web.id";
in
{
  config = mkIf cfg.enable {
    sops.secrets =
      let
        opts = {
          sopsFile = ../../../secrets/telemetry.yaml;
          owner = "grafana";
        };
      in
      {
        "grafana/admin_user" = opts;
        "grafana/admin_password" = opts;
        "grafana/admin_email" = opts;
        "grafana/secret_key" = opts;
      };

    services.caddy.virtualHosts.${grafanaDomain}.extraConfig = ''
      reverse_proxy ${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}
    '';

    services.grafana = {
      enable = true;
      package = pkgs.grafana;
      settings = {
        # https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/
        server = {
          protocol = "http"; # served behind caddy
          http_addr = "0.0.0.0";
          http_port = 44518;
          domain = grafanaDomain;
          root_url = "https://${grafanaDomain}";
          enable_gzip = true;
        };
        database = {
          type = "sqlite3";
          cache_mode = "shared";
          wal = true;
          query_retries = 3;
        };
        security = {
          # Admin credentials is already available in the secrets
          admin_user = "$__file{${config.sops.secrets."grafana/admin_user".path}}";
          admin_password = "$__file{${config.sops.secrets."grafana/admin_password".path}}";
          admin_email = "$__file{${config.sops.secrets."grafana/admin_email".path}}";
          secret_key = "$__file{${config.sops.secrets."grafana/secret_key".path}}";
          cookie_secure = true;
          cookie_samesite = "lax";
          strict_transport_security = true;
        };
      };
    };
  };
}
telemetry: deployed grafana service 2024-08-28 20:31:11 +07:00			`{ config, lib, pkgs, ... }:`
			`let`
telemetry: added loki 2024-08-29 11:51:08 +07:00			`cfg = config.profile.services.telemetry.grafana;`
telemetry: deployed grafana service 2024-08-28 20:31:11 +07:00			`inherit (lib) mkIf;`
			`grafanaDomain = "grafana.tigor.web.id";`
			`in`
			`{`
			`config = mkIf cfg.enable {`
			`sops.secrets =`
			`let`
telemetry: added loki 2024-08-29 11:51:08 +07:00			`opts = {`
			`sopsFile = ../../../secrets/telemetry.yaml;`
			`owner = "grafana";`
			`};`
telemetry: deployed grafana service 2024-08-28 20:31:11 +07:00			`in`
telemetry: added loki 2024-08-29 11:51:08 +07:00			`{`
telemetry: deployed grafana service 2024-08-28 20:31:11 +07:00			`"grafana/admin_user" = opts;`
			`"grafana/admin_password" = opts;`
			`"grafana/admin_email" = opts;`
			`"grafana/secret_key" = opts;`
			`};`

telemetry: added loki 2024-08-29 11:51:08 +07:00			`services.caddy.virtualHosts.${grafanaDomain}.extraConfig = ''`
telemetry: deployed grafana service 2024-08-28 20:31:11 +07:00			`reverse_proxy ${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}`
			`'';`

telemetry: added loki 2024-08-29 11:51:08 +07:00			`services.grafana = {`
telemetry: deployed grafana service 2024-08-28 20:31:11 +07:00			`enable = true;`
			`package = pkgs.grafana;`
			`settings = {`
			`# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/`
			`server = {`
			`protocol = "http"; # served behind caddy`
			`http_addr = "0.0.0.0";`
			`http_port = 44518;`
			`domain = grafanaDomain;`
			`root_url = "https://${grafanaDomain}";`
			`enable_gzip = true;`
			`};`
			`database = {`
			`type = "sqlite3";`
			`cache_mode = "shared";`
			`wal = true;`
			`query_retries = 3;`
			`};`
			`security = {`
			`# Admin credentials is already available in the secrets`
			`admin_user = "$__file{${config.sops.secrets."grafana/admin_user".path}}";`
			`admin_password = "$__file{${config.sops.secrets."grafana/admin_password".path}}";`
			`admin_email = "$__file{${config.sops.secrets."grafana/admin_email".path}}";`
			`secret_key = "$__file{${config.sops.secrets."grafana/secret_key".path}}";`
			`cookie_secure = true;`
			`cookie_samesite = "lax";`
			`strict_transport_security = true;`
			`};`
			`};`
			`};`
			`};`
			`}`