48 lines
1.3 KiB
Nix
48 lines
1.3 KiB
Nix
{config, ...}: let
|
|
domain = "metrics.${config.services.nginx.domain}";
|
|
in {
|
|
services.grafana = {
|
|
enable = true;
|
|
settings = {
|
|
server.http_port = 3001; # Default overlaps with gitea
|
|
|
|
security = {
|
|
admin_user = "tlater";
|
|
admin_password = "$__file{${config.sops.secrets."grafana/adminPassword".path}}";
|
|
secret_key = "$__file{${config.sops.secrets."grafana/secretKey".path}}";
|
|
cookie_secure = true;
|
|
cookie_samesite = "strict";
|
|
content_security_policy = true;
|
|
};
|
|
|
|
database = {
|
|
user = "grafana";
|
|
name = "grafana";
|
|
type = "postgres";
|
|
host = "/run/postgresql";
|
|
};
|
|
};
|
|
|
|
provision = {
|
|
enable = true;
|
|
|
|
datasources.settings.datasources = [
|
|
{
|
|
name = "Victoriametrics - tlater.net";
|
|
url = "http://localhost:8428";
|
|
type = "prometheus";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."${domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
extraConfig = ''
|
|
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
|
access_log /var/log/nginx/${domain}/access.log upstream_time;
|
|
'';
|
|
locations."/".proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}";
|
|
};
|
|
}
|