tigor/NixOS
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

telemetry: deployed grafana service

Browse source
This commit is contained in:
Tigor Hutasuhut 2024-08-28 20:31:11 +07:00
parent bd535914c0
commit 860884c688
5 changed files with 107 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
options/services.nix
View file

@ -22,5 +22,29 @@ in
wireguard.enable = mkEnableOption "wireguard"; wireguard.enable = mkEnableOption "wireguard";
photoprism.enable = mkEnableOption "photoprism"; photoprism.enable = mkEnableOption "photoprism";
navidrome.enable = mkEnableOption "navidrome"; navidrome.enable = mkEnableOption "navidrome";
telemetry = {
enable = mkEnableOption "telemetry";
grafana.enable = mkOption {
type = types.bool;
default = config.profile.services.telemetry.enable;
};
loki.enable = mkOption {
type = types.bool;
default = config.profile.services.telemetry.enable;
};
promtail.enable = mkOption {
type = types.bool;
default = config.profile.services.telemetry.enable;
};
tempo.enable = mkOption {
type = types.bool;
default = config.profile.services.telemetry.enable;
};
minio.enable = mkOption {
type = types.bool;
default = config.profile.services.telemetry.enable;
};
};
}; };
} }

1
profiles/homeserver.nix
View file

@ -69,6 +69,7 @@
wireguard.enable = true; wireguard.enable = true;
photoprism.enable = true; photoprism.enable = true;
navidrome.enable = true; navidrome.enable = true;
telemetry.enable = true;
}; };
}; };
} }

25
secrets/telemetry.yaml Normal file
View file

@ -0,0 +1,25 @@
grafana:
admin_user: ENC[AES256_GCM,data:pg3WnfsF8L+/Tg==,iv:wh8VM567ClsFz7GS00OCh9kx3HZCz5GZ/BaTtOt3ksk=,tag:k6mJiktl1Met6Kzl738jpQ==,type:str]
admin_password: ENC[AES256_GCM,data:EFJfC78YtBLF5CIxLLhN9deZYcSL7/EfS4w=,iv:qrNi3WsRD26W5L67Fxch7qasEUh9vTj6HUWZs5PGz4o=,tag:bxW1CJyXOcz/pgN39ncQ+w==,type:str]
admin_email: ENC[AES256_GCM,data:2cvoq65K2/mdDuykkPVZryDJeNCK,iv:rU4jUYm+3dcvx1KooN9mWQDoovn7t+V7z1eU1m7VagE=,tag:Bhdbiq4BXO3nDwG9StUOkQ==,type:str]
secret_key: ENC[AES256_GCM,data:f4f1YF27VU/893HASHmCVL8vnsJEaHD33GOdFVpMj81MOutXqb7d03Hb1DYkDV3aMVmEdpvBcFK3SpZdFma3,iv:q6d59H1PniaVhw6tbd1maCelEGlAC4y2i38jMZ9Jn/Q=,tag:uSbCRstKy7C4Vwp+/FxF/Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1KzFkak5QQ01MUVV0djVH
cXlveDhxU3RRelhNL3JQbE1xVWNlaFYzem40CmtGYlpZMTJPS2lKUGl2Vy9CVW5j
bFoyNVlJM1lmSGhSM2lGREN3N3VXWTAKLS0tIE9xWFpoTUdrVVBtOS9lckRXWGc1
bzYzSEQrRkN6WVVmN254a2NCcUxGVFkK4aHv8tiFiNEnd7I5LB0Jd/4upkEEEXis
9A5hdTn20EqL62QuHeYRav1TRu42dp+R4iZAlVl9cRzThkzZKJdHlg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-28T13:04:02Z"
mac: ENC[AES256_GCM,data:b0F+YQZI7lVoOarse5dNBU6WQfnGRMgSlw/SaEE4ZuANXaL8zK1vY+zztB/MMEd5Y2mrNn/rBZt/9V9RXkMp49Bns0tCtUzAghOT8vIRjVk+hjYVuTiET5o5JokGOiT3vrSWIAo1zFuASq4lUlgXaWX3rX57EVvq7iFb7Lye53Q=,iv:xAtK6HMC8rt+OtnYYq6u3eOYhxV2PjfYB7yf0KmY9eg=,tag:++XgTe4zvEeAehCj2KsqYw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

1
system/services/default.nix
View file

@ -15,5 +15,6 @@
./syncthing.nix ./syncthing.nix
./wireguard.nix ./wireguard.nix
./photoprism.nix ./photoprism.nix
./telemetry.nix
]; ];
} }

56
system/services/telemetry.nix Normal file
View file

@ -0,0 +1,56 @@
{ config, lib, pkgs, ... }:
let
cfg = config.profile.services.telemetry;
inherit (lib) mkIf;
grafanaDomain = "grafana.tigor.web.id";
in
{
config = mkIf cfg.enable {
sops.secrets =
let
opts = { sopsFile = ../../secrets/telemetry.yaml; owner = "grafana"; };
in
mkIf cfg.grafana.enable {
"grafana/admin_user" = opts;
"grafana/admin_password" = opts;
"grafana/admin_email" = opts;
"grafana/secret_key" = opts;
};
services.caddy.virtualHosts.${grafanaDomain}.extraConfig = mkIf cfg.grafana.enable ''
reverse_proxy ${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}
'';
services.grafana = mkIf cfg.grafana.enable {
enable = true;
package = pkgs.grafana;
settings = {
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/
server = {
protocol = "http"; # served behind caddy
http_addr = "0.0.0.0";
http_port = 44518;
domain = grafanaDomain;
root_url = "https://${grafanaDomain}";
enable_gzip = true;
};
database = {
type = "sqlite3";
cache_mode = "shared";
wal = true;
query_retries = 3;
};
security = {
# Admin credentials is already available in the secrets
admin_user = "$__file{${config.sops.secrets."grafana/admin_user".path}}";
admin_password = "$__file{${config.sops.secrets."grafana/admin_password".path}}";
admin_email = "$__file{${config.sops.secrets."grafana/admin_email".path}}";
secret_key = "$__file{${config.sops.secrets."grafana/secret_key".path}}";
cookie_secure = true;
cookie_samesite = "lax";
strict_transport_security = true;
};
};
};
};
}