telemetry: deployed grafana service
This commit is contained in:
parent
bd535914c0
commit
860884c688
|
@ -22,5 +22,29 @@ in
|
||||||
wireguard.enable = mkEnableOption "wireguard";
|
wireguard.enable = mkEnableOption "wireguard";
|
||||||
photoprism.enable = mkEnableOption "photoprism";
|
photoprism.enable = mkEnableOption "photoprism";
|
||||||
navidrome.enable = mkEnableOption "navidrome";
|
navidrome.enable = mkEnableOption "navidrome";
|
||||||
|
|
||||||
|
telemetry = {
|
||||||
|
enable = mkEnableOption "telemetry";
|
||||||
|
grafana.enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = config.profile.services.telemetry.enable;
|
||||||
|
};
|
||||||
|
loki.enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = config.profile.services.telemetry.enable;
|
||||||
|
};
|
||||||
|
promtail.enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = config.profile.services.telemetry.enable;
|
||||||
|
};
|
||||||
|
tempo.enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = config.profile.services.telemetry.enable;
|
||||||
|
};
|
||||||
|
minio.enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = config.profile.services.telemetry.enable;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -69,6 +69,7 @@
|
||||||
wireguard.enable = true;
|
wireguard.enable = true;
|
||||||
photoprism.enable = true;
|
photoprism.enable = true;
|
||||||
navidrome.enable = true;
|
navidrome.enable = true;
|
||||||
|
telemetry.enable = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
25
secrets/telemetry.yaml
Normal file
25
secrets/telemetry.yaml
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
grafana:
|
||||||
|
admin_user: ENC[AES256_GCM,data:pg3WnfsF8L+/Tg==,iv:wh8VM567ClsFz7GS00OCh9kx3HZCz5GZ/BaTtOt3ksk=,tag:k6mJiktl1Met6Kzl738jpQ==,type:str]
|
||||||
|
admin_password: ENC[AES256_GCM,data:EFJfC78YtBLF5CIxLLhN9deZYcSL7/EfS4w=,iv:qrNi3WsRD26W5L67Fxch7qasEUh9vTj6HUWZs5PGz4o=,tag:bxW1CJyXOcz/pgN39ncQ+w==,type:str]
|
||||||
|
admin_email: ENC[AES256_GCM,data:2cvoq65K2/mdDuykkPVZryDJeNCK,iv:rU4jUYm+3dcvx1KooN9mWQDoovn7t+V7z1eU1m7VagE=,tag:Bhdbiq4BXO3nDwG9StUOkQ==,type:str]
|
||||||
|
secret_key: ENC[AES256_GCM,data:f4f1YF27VU/893HASHmCVL8vnsJEaHD33GOdFVpMj81MOutXqb7d03Hb1DYkDV3aMVmEdpvBcFK3SpZdFma3,iv:q6d59H1PniaVhw6tbd1maCelEGlAC4y2i38jMZ9Jn/Q=,tag:uSbCRstKy7C4Vwp+/FxF/Q==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1KzFkak5QQ01MUVV0djVH
|
||||||
|
cXlveDhxU3RRelhNL3JQbE1xVWNlaFYzem40CmtGYlpZMTJPS2lKUGl2Vy9CVW5j
|
||||||
|
bFoyNVlJM1lmSGhSM2lGREN3N3VXWTAKLS0tIE9xWFpoTUdrVVBtOS9lckRXWGc1
|
||||||
|
bzYzSEQrRkN6WVVmN254a2NCcUxGVFkK4aHv8tiFiNEnd7I5LB0Jd/4upkEEEXis
|
||||||
|
9A5hdTn20EqL62QuHeYRav1TRu42dp+R4iZAlVl9cRzThkzZKJdHlg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-08-28T13:04:02Z"
|
||||||
|
mac: ENC[AES256_GCM,data:b0F+YQZI7lVoOarse5dNBU6WQfnGRMgSlw/SaEE4ZuANXaL8zK1vY+zztB/MMEd5Y2mrNn/rBZt/9V9RXkMp49Bns0tCtUzAghOT8vIRjVk+hjYVuTiET5o5JokGOiT3vrSWIAo1zFuASq4lUlgXaWX3rX57EVvq7iFb7Lye53Q=,iv:xAtK6HMC8rt+OtnYYq6u3eOYhxV2PjfYB7yf0KmY9eg=,tag:++XgTe4zvEeAehCj2KsqYw==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -15,5 +15,6 @@
|
||||||
./syncthing.nix
|
./syncthing.nix
|
||||||
./wireguard.nix
|
./wireguard.nix
|
||||||
./photoprism.nix
|
./photoprism.nix
|
||||||
|
./telemetry.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
56
system/services/telemetry.nix
Normal file
56
system/services/telemetry.nix
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.profile.services.telemetry;
|
||||||
|
inherit (lib) mkIf;
|
||||||
|
grafanaDomain = "grafana.tigor.web.id";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
sops.secrets =
|
||||||
|
let
|
||||||
|
opts = { sopsFile = ../../secrets/telemetry.yaml; owner = "grafana"; };
|
||||||
|
in
|
||||||
|
mkIf cfg.grafana.enable {
|
||||||
|
"grafana/admin_user" = opts;
|
||||||
|
"grafana/admin_password" = opts;
|
||||||
|
"grafana/admin_email" = opts;
|
||||||
|
"grafana/secret_key" = opts;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.caddy.virtualHosts.${grafanaDomain}.extraConfig = mkIf cfg.grafana.enable ''
|
||||||
|
reverse_proxy ${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}
|
||||||
|
'';
|
||||||
|
|
||||||
|
services.grafana = mkIf cfg.grafana.enable {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.grafana;
|
||||||
|
settings = {
|
||||||
|
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/
|
||||||
|
server = {
|
||||||
|
protocol = "http"; # served behind caddy
|
||||||
|
http_addr = "0.0.0.0";
|
||||||
|
http_port = 44518;
|
||||||
|
domain = grafanaDomain;
|
||||||
|
root_url = "https://${grafanaDomain}";
|
||||||
|
enable_gzip = true;
|
||||||
|
};
|
||||||
|
database = {
|
||||||
|
type = "sqlite3";
|
||||||
|
cache_mode = "shared";
|
||||||
|
wal = true;
|
||||||
|
query_retries = 3;
|
||||||
|
};
|
||||||
|
security = {
|
||||||
|
# Admin credentials is already available in the secrets
|
||||||
|
admin_user = "$__file{${config.sops.secrets."grafana/admin_user".path}}";
|
||||||
|
admin_password = "$__file{${config.sops.secrets."grafana/admin_password".path}}";
|
||||||
|
admin_email = "$__file{${config.sops.secrets."grafana/admin_email".path}}";
|
||||||
|
secret_key = "$__file{${config.sops.secrets."grafana/secret_key".path}}";
|
||||||
|
cookie_secure = true;
|
||||||
|
cookie_samesite = "lax";
|
||||||
|
strict_transport_security = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue