2024-05-08 21:49:37 +02:00
|
|
|
{ config, ... }:
|
|
|
|
|
let
|
|
|
|
|
inherit (config.networking) domain;
|
|
|
|
|
grafana_host = "grafana.${domain}";
|
|
|
|
|
grafana_port = 8082;
|
2024-05-08 21:50:08 +02:00
|
|
|
in
|
|
|
|
|
{
|
2024-05-08 21:49:37 +02:00
|
|
|
age.secrets.grafana_admin_pass = {
|
|
|
|
|
file = ../secrets/grafana_admin_pass.age;
|
|
|
|
|
owner = "grafana";
|
|
|
|
|
group = "grafana";
|
|
|
|
|
mode = "0600";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
security.acme.certs."${domain}".extraDomainNames = [ grafana_host ];
|
|
|
|
|
services.grafana = {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings = {
|
|
|
|
|
security = {
|
|
|
|
|
admin_user = "admin";
|
|
|
|
|
admin_email = "admin@${domain}";
|
|
|
|
|
admin_password = "$__file{${config.age.secrets.grafana_admin_pass.path}}";
|
|
|
|
|
};
|
|
|
|
|
server = {
|
|
|
|
|
domain = grafana_host;
|
|
|
|
|
root_url = "https://${grafana_host}";
|
|
|
|
|
http_port = grafana_port;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
virtualHosts."${grafana_host}" = {
|
|
|
|
|
serverName = grafana_host;
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
useACMEHost = domain;
|
|
|
|
|
locations."/" = {
|
|
|
|
|
proxyPass = "http://127.0.0.1:${builtins.toString config.services.grafana.settings.server.http_port}";
|
|
|
|
|
proxyWebsockets = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
