tlaternet-server/configuration/services/metrics/grafana.nix

{config, ...}: let
  domain = "metrics.${config.services.nginx.domain}";
in {
  services.grafana = {
    enable = true;
    settings = {
      server.http_port = 3001; # Default overlaps with gitea

      security = {
        admin_user = "tlater";
        admin_password = "$__file{${config.sops.secrets."grafana/adminPassword".path}}";
        secret_key = "$__file{${config.sops.secrets."grafana/secretKey".path}}";
        cookie_secure = true;
        cookie_samesite = "strict";
        content_security_policy = true;
      };

      database = {
        user = "grafana";
        name = "grafana";
        type = "postgres";
        host = "/run/postgresql";
      };
    };

    provision = {
      enable = true;

      datasources.settings.datasources = [
        {
          name = "Victoriametrics - tlater.net";
          url = "http://localhost:8428";
          type = "prometheus";
        }
      ];
    };
  };

  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
    extraConfig = ''
      add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
      access_log /var/log/nginx/${domain}/access.log upstream_time;
    '';
    locations."/".proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}";
  };
}
metrics: Add metrics with victoriametrics + grafana 2023-10-07 21:14:43 +01:00			`{config, ...}: let`
			`domain = "metrics.${config.services.nginx.domain}";`
			`in {`
			`services.grafana = {`
			`enable = true;`
			`settings = {`
			`server.http_port = 3001; # Default overlaps with gitea`

			`security = {`
			`admin_user = "tlater";`
			`admin_password = "$__file{${config.sops.secrets."grafana/adminPassword".path}}";`
			`secret_key = "$__file{${config.sops.secrets."grafana/secretKey".path}}";`
			`cookie_secure = true;`
			`cookie_samesite = "strict";`
			`content_security_policy = true;`
			`};`

			`database = {`
			`user = "grafana";`
			`name = "grafana";`
			`type = "postgres";`
			`host = "/run/postgresql";`
			`};`
			`};`

			`provision = {`
			`enable = true;`

			`datasources.settings.datasources = [`
			`{`
			`name = "Victoriametrics - tlater.net";`
			`url = "http://localhost:8428";`
			`type = "prometheus";`
			`}`
			`];`
			`};`
			`};`

			`services.nginx.virtualHosts."${domain}" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`extraConfig = ''`
			`add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;`
			`access_log /var/log/nginx/${domain}/access.log upstream_time;`
			`'';`
			`locations."/".proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}";`
			`};`
			`}`