2023-11-07 19:28:24 +01:00
|
|
|
{ config, pkgs, ... }:
|
2019-01-17 23:45:26 +01:00
|
|
|
|
2022-12-18 22:16:29 +01:00
|
|
|
{
|
2022-06-18 02:09:33 +02:00
|
|
|
microvm.mem = 4096;
|
2022-12-21 19:43:47 +01:00
|
|
|
c3d2.deployment.server = "server10";
|
2019-12-03 15:01:10 +01:00
|
|
|
|
2022-12-19 23:36:57 +01:00
|
|
|
environment.systemPackages = with pkgs; [ influxdb ];
|
2019-01-17 23:45:26 +01:00
|
|
|
|
2022-12-19 23:36:57 +01:00
|
|
|
networking = {
|
|
|
|
firewall = {
|
2022-12-20 04:31:37 +01:00
|
|
|
# influxdb
|
|
|
|
allowedTCPPorts = [ 8086 ];
|
2022-12-19 23:36:57 +01:00
|
|
|
# collectd
|
|
|
|
allowedUDPPorts = [ 25826 ];
|
2021-10-11 23:04:05 +02:00
|
|
|
};
|
2022-12-19 23:36:57 +01:00
|
|
|
hostName = "grafana";
|
2019-01-17 23:45:26 +01:00
|
|
|
};
|
2022-06-16 02:26:07 +02:00
|
|
|
|
2022-12-19 23:36:57 +01:00
|
|
|
services = {
|
2023-11-14 01:48:59 +01:00
|
|
|
backup = {
|
|
|
|
enable = true;
|
|
|
|
paths = [ "/var/lib/grafana/" ];
|
|
|
|
};
|
|
|
|
|
2022-12-19 23:36:57 +01:00
|
|
|
grafana = {
|
2022-06-16 02:26:07 +02:00
|
|
|
enable = true;
|
2023-12-03 16:57:50 +01:00
|
|
|
configureNginx = true;
|
|
|
|
oauth = {
|
|
|
|
enable = true;
|
|
|
|
adminGroup = "grafana-admins";
|
|
|
|
enableViewerRole = true;
|
|
|
|
userGroup = "grafana-users";
|
|
|
|
};
|
2022-10-27 21:35:39 +02:00
|
|
|
|
2022-12-19 23:36:57 +01:00
|
|
|
provision = {
|
|
|
|
enable = true;
|
|
|
|
# curl https://root:SECRET@grafana.hq.c3d2.de/api/datasources | jq > hosts/grafana/datasources.json
|
|
|
|
datasources.settings.datasources = map
|
|
|
|
(datasource: {
|
|
|
|
inherit (datasource) name type access orgId url password user database isDefault jsonData;
|
|
|
|
})
|
|
|
|
(with builtins; fromJSON (readFile ./datasources.json));
|
|
|
|
dashboards.settings.providers = [{
|
|
|
|
settings = {
|
|
|
|
apiVersion = 1;
|
|
|
|
providers = [{
|
|
|
|
name = "c3d2";
|
|
|
|
}];
|
|
|
|
};
|
|
|
|
# for id in `curl https://root:SECRET@grafana.hq.c3d2.de/api/search | jq -j 'map(.uid) | join(" ")'`; do curl https://root:SECRET@grafana.hq.c3d2.de/api/dashboards/uid/$id | jq .dashboard > hosts/grafana/dashboards/$id.json;done
|
|
|
|
options.path = ./dashboards;
|
|
|
|
}];
|
2022-10-27 21:35:39 +02:00
|
|
|
};
|
2022-12-19 23:36:57 +01:00
|
|
|
|
|
|
|
settings = {
|
2023-04-26 18:59:23 +02:00
|
|
|
"auth.anonymous" = {
|
|
|
|
enabled = true;
|
|
|
|
org_name = "Chaos";
|
|
|
|
};
|
2023-12-03 16:57:50 +01:00
|
|
|
"auth.generic_oauth".client_secret = "$__file{${config.sops.secrets."grafana/client-secret".path}}";
|
2022-12-19 23:36:57 +01:00
|
|
|
security = {
|
|
|
|
admin_password = "$__file{${config.sops.secrets."grafana/admin-password".path}}";
|
|
|
|
secret_key = "$__file{${config.sops.secrets."grafana/secret-key".path}}";
|
|
|
|
};
|
|
|
|
server.domain = "grafana.hq.c3d2.de";
|
|
|
|
users.allow_sign_up = false;
|
2022-10-27 21:35:39 +02:00
|
|
|
};
|
2022-06-16 02:26:07 +02:00
|
|
|
};
|
2023-07-01 23:41:50 +02:00
|
|
|
|
2022-12-19 23:36:57 +01:00
|
|
|
influxdb =
|
|
|
|
let
|
|
|
|
collectdTypes = pkgs.runCommand "collectd-types" { } ''
|
|
|
|
mkdir -p $out/share/collectd
|
|
|
|
cat ${pkgs.collectd-data}/share/collectd/types.db >> $out/share/collectd/types.db
|
|
|
|
echo "stations value:GAUGE:0:U" >> $out/share/collectd/types.db
|
|
|
|
'';
|
|
|
|
in
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
extraConfig = {
|
|
|
|
logging.level = "debug";
|
|
|
|
collectd = [{
|
|
|
|
enabled = true;
|
|
|
|
database = "collectd";
|
|
|
|
typesdb = "${collectdTypes}/share/collectd/types.db";
|
|
|
|
# create retention policy "30d" on collectd duration 30d replication 1 default
|
|
|
|
retention-policy = "30d";
|
|
|
|
}];
|
2022-03-29 00:01:28 +02:00
|
|
|
};
|
2022-12-19 23:36:57 +01:00
|
|
|
};
|
2023-07-01 23:41:50 +02:00
|
|
|
|
2022-12-19 23:36:57 +01:00
|
|
|
nginx = {
|
|
|
|
enable = true;
|
|
|
|
virtualHosts = {
|
2023-12-03 16:57:50 +01:00
|
|
|
"${config.services.grafana.settings.server.domain}" = {
|
2022-12-19 23:36:57 +01:00
|
|
|
default = true;
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
};
|
|
|
|
};
|
2022-03-29 00:01:28 +02:00
|
|
|
};
|
2022-12-19 23:36:57 +01:00
|
|
|
};
|
2019-01-17 23:45:26 +01:00
|
|
|
|
2022-10-27 21:35:39 +02:00
|
|
|
sops = {
|
|
|
|
defaultSopsFile = ./secrets.yaml;
|
2022-12-23 08:22:28 +01:00
|
|
|
secrets = let
|
2023-11-14 01:38:25 +01:00
|
|
|
grafana = config.systemd.services.grafana.serviceConfig.User;
|
2022-12-23 08:22:28 +01:00
|
|
|
in {
|
2023-11-14 01:38:25 +01:00
|
|
|
"grafana/admin-password".owner = grafana;
|
|
|
|
"grafana/client-secret".owner = grafana;
|
|
|
|
"grafana/secret-key".owner = grafana;
|
2022-10-27 21:35:39 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-12-06 23:42:13 +01:00
|
|
|
systemd.services = {
|
|
|
|
# work around our slow storage that can't keep up
|
|
|
|
influxdb.serviceConfig.LimitNOFILE = "1048576:1048576";
|
|
|
|
influxdb.serviceConfig.TimeoutStartSec = "infinity";
|
|
|
|
};
|
2022-12-19 23:36:57 +01:00
|
|
|
|
2022-10-27 21:35:39 +02:00
|
|
|
system.stateVersion = "22.05";
|
2023-12-06 23:42:13 +01:00
|
|
|
|
|
|
|
users.users.nginx.extraGroups = [ "grafana" ];
|
2019-01-17 23:45:26 +01:00
|
|
|
}
|