From 860884c6889d3d0662c1049cf7967aa06bdb7c1a Mon Sep 17 00:00:00 2001 From: Tigor Hutasuhut Date: Wed, 28 Aug 2024 20:31:11 +0700 Subject: [PATCH] telemetry: deployed grafana service --- options/services.nix | 24 +++++++++++++++ profiles/homeserver.nix | 1 + secrets/telemetry.yaml | 25 ++++++++++++++++ system/services/default.nix | 1 + system/services/telemetry.nix | 56 +++++++++++++++++++++++++++++++++++ 5 files changed, 107 insertions(+) create mode 100644 secrets/telemetry.yaml create mode 100644 system/services/telemetry.nix diff --git a/options/services.nix b/options/services.nix index 43e198e..5123a5d 100644 --- a/options/services.nix +++ b/options/services.nix @@ -22,5 +22,29 @@ in wireguard.enable = mkEnableOption "wireguard"; photoprism.enable = mkEnableOption "photoprism"; navidrome.enable = mkEnableOption "navidrome"; + + telemetry = { + enable = mkEnableOption "telemetry"; + grafana.enable = mkOption { + type = types.bool; + default = config.profile.services.telemetry.enable; + }; + loki.enable = mkOption { + type = types.bool; + default = config.profile.services.telemetry.enable; + }; + promtail.enable = mkOption { + type = types.bool; + default = config.profile.services.telemetry.enable; + }; + tempo.enable = mkOption { + type = types.bool; + default = config.profile.services.telemetry.enable; + }; + minio.enable = mkOption { + type = types.bool; + default = config.profile.services.telemetry.enable; + }; + }; }; } diff --git a/profiles/homeserver.nix b/profiles/homeserver.nix index e4ae261..ca9a7f2 100644 --- a/profiles/homeserver.nix +++ b/profiles/homeserver.nix @@ -69,6 +69,7 @@ wireguard.enable = true; photoprism.enable = true; navidrome.enable = true; + telemetry.enable = true; }; }; } diff --git a/secrets/telemetry.yaml b/secrets/telemetry.yaml new file mode 100644 index 0000000..52aa725 --- /dev/null +++ b/secrets/telemetry.yaml @@ -0,0 +1,25 @@ +grafana: + admin_user: ENC[AES256_GCM,data:pg3WnfsF8L+/Tg==,iv:wh8VM567ClsFz7GS00OCh9kx3HZCz5GZ/BaTtOt3ksk=,tag:k6mJiktl1Met6Kzl738jpQ==,type:str] + admin_password: ENC[AES256_GCM,data:EFJfC78YtBLF5CIxLLhN9deZYcSL7/EfS4w=,iv:qrNi3WsRD26W5L67Fxch7qasEUh9vTj6HUWZs5PGz4o=,tag:bxW1CJyXOcz/pgN39ncQ+w==,type:str] + admin_email: ENC[AES256_GCM,data:2cvoq65K2/mdDuykkPVZryDJeNCK,iv:rU4jUYm+3dcvx1KooN9mWQDoovn7t+V7z1eU1m7VagE=,tag:Bhdbiq4BXO3nDwG9StUOkQ==,type:str] + secret_key: ENC[AES256_GCM,data:f4f1YF27VU/893HASHmCVL8vnsJEaHD33GOdFVpMj81MOutXqb7d03Hb1DYkDV3aMVmEdpvBcFK3SpZdFma3,iv:q6d59H1PniaVhw6tbd1maCelEGlAC4y2i38jMZ9Jn/Q=,tag:uSbCRstKy7C4Vwp+/FxF/Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1KzFkak5QQ01MUVV0djVH + cXlveDhxU3RRelhNL3JQbE1xVWNlaFYzem40CmtGYlpZMTJPS2lKUGl2Vy9CVW5j + bFoyNVlJM1lmSGhSM2lGREN3N3VXWTAKLS0tIE9xWFpoTUdrVVBtOS9lckRXWGc1 + bzYzSEQrRkN6WVVmN254a2NCcUxGVFkK4aHv8tiFiNEnd7I5LB0Jd/4upkEEEXis + 9A5hdTn20EqL62QuHeYRav1TRu42dp+R4iZAlVl9cRzThkzZKJdHlg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-28T13:04:02Z" + mac: ENC[AES256_GCM,data:b0F+YQZI7lVoOarse5dNBU6WQfnGRMgSlw/SaEE4ZuANXaL8zK1vY+zztB/MMEd5Y2mrNn/rBZt/9V9RXkMp49Bns0tCtUzAghOT8vIRjVk+hjYVuTiET5o5JokGOiT3vrSWIAo1zFuASq4lUlgXaWX3rX57EVvq7iFb7Lye53Q=,iv:xAtK6HMC8rt+OtnYYq6u3eOYhxV2PjfYB7yf0KmY9eg=,tag:++XgTe4zvEeAehCj2KsqYw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/system/services/default.nix b/system/services/default.nix index 81266e1..63deab3 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -15,5 +15,6 @@ ./syncthing.nix ./wireguard.nix ./photoprism.nix + ./telemetry.nix ]; } diff --git a/system/services/telemetry.nix b/system/services/telemetry.nix new file mode 100644 index 0000000..01392b2 --- /dev/null +++ b/system/services/telemetry.nix @@ -0,0 +1,56 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.profile.services.telemetry; + inherit (lib) mkIf; + grafanaDomain = "grafana.tigor.web.id"; +in +{ + config = mkIf cfg.enable { + sops.secrets = + let + opts = { sopsFile = ../../secrets/telemetry.yaml; owner = "grafana"; }; + in + mkIf cfg.grafana.enable { + "grafana/admin_user" = opts; + "grafana/admin_password" = opts; + "grafana/admin_email" = opts; + "grafana/secret_key" = opts; + }; + + services.caddy.virtualHosts.${grafanaDomain}.extraConfig = mkIf cfg.grafana.enable '' + reverse_proxy ${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port} + ''; + + services.grafana = mkIf cfg.grafana.enable { + enable = true; + package = pkgs.grafana; + settings = { + # https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/ + server = { + protocol = "http"; # served behind caddy + http_addr = "0.0.0.0"; + http_port = 44518; + domain = grafanaDomain; + root_url = "https://${grafanaDomain}"; + enable_gzip = true; + }; + database = { + type = "sqlite3"; + cache_mode = "shared"; + wal = true; + query_retries = 3; + }; + security = { + # Admin credentials is already available in the secrets + admin_user = "$__file{${config.sops.secrets."grafana/admin_user".path}}"; + admin_password = "$__file{${config.sops.secrets."grafana/admin_password".path}}"; + admin_email = "$__file{${config.sops.secrets."grafana/admin_email".path}}"; + secret_key = "$__file{${config.sops.secrets."grafana/secret_key".path}}"; + cookie_secure = true; + cookie_samesite = "lax"; + strict_transport_security = true; + }; + }; + }; + }; +}