Format
This commit is contained in:
parent
86f2edb5dd
commit
003e37582c
|
@ -7,94 +7,89 @@
|
|||
isInHq = false;
|
||||
};
|
||||
|
||||
networking.hostName = "grafana";
|
||||
|
||||
# http https influxdb
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 8086 ];
|
||||
# collectd
|
||||
networking.firewall.allowedUDPPorts = [ 25826 ];
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"grafana.hq.c3d2.de" = {
|
||||
default = true;
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = { "/".proxyPass = "http://localhost:3000/"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
|
||||
provision = {
|
||||
enable = true;
|
||||
# curl https://root:SECRET@grafana.hq.c3d2.de/api/datasources | jq > hosts/grafana/datasources.json
|
||||
datasources.settings.datasources = map (datasource: {
|
||||
inherit (datasource) name type access orgId url password user database isDefault jsonData;
|
||||
}) (with builtins; fromJSON (readFile ./datasources.json));
|
||||
dashboards.settings.providers = [ {
|
||||
settings = {
|
||||
apiVersion = 1;
|
||||
providers = [ {
|
||||
name = "c3d2";
|
||||
} ];
|
||||
};
|
||||
# for id in `curl https://root:SECRET@grafana.hq.c3d2.de/api/search | jq -j 'map(.uid) | join(" ")'`; do curl https://root:SECRET@grafana.hq.c3d2.de/api/dashboards/uid/$id | jq .dashboard > hosts/grafana/dashboards/$id.json;done
|
||||
options.path = ./dashboards;
|
||||
} ];
|
||||
};
|
||||
|
||||
settings = {
|
||||
"auth.anonymous" = {
|
||||
enabled = false;
|
||||
org_name = "Chaos";
|
||||
};
|
||||
security = {
|
||||
admin_password = "$__file{${config.sops.secrets."grafana/admin-password".path}}";
|
||||
secret_key = "$__file{${config.sops.secrets."grafana/secret-key".path}}";
|
||||
};
|
||||
server.domain = "grafana.hq.c3d2.de";
|
||||
users.allow_sign_up = false;
|
||||
};
|
||||
};
|
||||
services.influxdb = let
|
||||
collectdTypes = pkgs.runCommand "collectd-types" {} ''
|
||||
mkdir -p $out/share/collectd
|
||||
cat ${pkgs.collectd-data}/share/collectd/types.db >> $out/share/collectd/types.db
|
||||
echo "stations value:GAUGE:0:U" >> $out/share/collectd/types.db
|
||||
'';
|
||||
in {
|
||||
enable = true;
|
||||
extraConfig = {
|
||||
logging.level = "debug";
|
||||
collectd = [{
|
||||
enabled = true;
|
||||
database = "collectd";
|
||||
typesdb = "${collectdTypes}/share/collectd/types.db";
|
||||
# create retention policy "30d" on collectd duration 30d replication 1 default
|
||||
retention-policy = "30d";
|
||||
}];
|
||||
};
|
||||
};
|
||||
systemd.services =
|
||||
builtins.foldl' (services: service:
|
||||
services // {
|
||||
"${service}".serviceConfig = {
|
||||
RestartSec = 60;
|
||||
Restart = "always";
|
||||
};
|
||||
}
|
||||
) {} [ "grafana" "influxdb" ]
|
||||
// {
|
||||
# work around our slow storage that can't keep up
|
||||
influxdb.serviceConfig.LimitNOFILE = "1048576:1048576";
|
||||
influxdb.serviceConfig.TimeoutStartSec = "infinity";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [ influxdb ];
|
||||
|
||||
networking = {
|
||||
firewall = {
|
||||
# http https influxdb
|
||||
allowedTCPPorts = [ 80 443 8086 ];
|
||||
# collectd
|
||||
allowedUDPPorts = [ 25826 ];
|
||||
};
|
||||
hostName = "grafana";
|
||||
};
|
||||
|
||||
services = {
|
||||
grafana = {
|
||||
enable = true;
|
||||
|
||||
provision = {
|
||||
enable = true;
|
||||
# curl https://root:SECRET@grafana.hq.c3d2.de/api/datasources | jq > hosts/grafana/datasources.json
|
||||
datasources.settings.datasources = map
|
||||
(datasource: {
|
||||
inherit (datasource) name type access orgId url password user database isDefault jsonData;
|
||||
})
|
||||
(with builtins; fromJSON (readFile ./datasources.json));
|
||||
dashboards.settings.providers = [{
|
||||
settings = {
|
||||
apiVersion = 1;
|
||||
providers = [{
|
||||
name = "c3d2";
|
||||
}];
|
||||
};
|
||||
# for id in `curl https://root:SECRET@grafana.hq.c3d2.de/api/search | jq -j 'map(.uid) | join(" ")'`; do curl https://root:SECRET@grafana.hq.c3d2.de/api/dashboards/uid/$id | jq .dashboard > hosts/grafana/dashboards/$id.json;done
|
||||
options.path = ./dashboards;
|
||||
}];
|
||||
};
|
||||
|
||||
settings = {
|
||||
"auth.anonymous" = {
|
||||
enabled = false;
|
||||
org_name = "Chaos";
|
||||
};
|
||||
security = {
|
||||
admin_password = "$__file{${config.sops.secrets."grafana/admin-password".path}}";
|
||||
secret_key = "$__file{${config.sops.secrets."grafana/secret-key".path}}";
|
||||
};
|
||||
server.domain = "grafana.hq.c3d2.de";
|
||||
users.allow_sign_up = false;
|
||||
};
|
||||
};
|
||||
influxdb =
|
||||
let
|
||||
collectdTypes = pkgs.runCommand "collectd-types" { } ''
|
||||
mkdir -p $out/share/collectd
|
||||
cat ${pkgs.collectd-data}/share/collectd/types.db >> $out/share/collectd/types.db
|
||||
echo "stations value:GAUGE:0:U" >> $out/share/collectd/types.db
|
||||
'';
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
extraConfig = {
|
||||
logging.level = "debug";
|
||||
collectd = [{
|
||||
enabled = true;
|
||||
database = "collectd";
|
||||
typesdb = "${collectdTypes}/share/collectd/types.db";
|
||||
# create retention policy "30d" on collectd duration 30d replication 1 default
|
||||
retention-policy = "30d";
|
||||
}];
|
||||
};
|
||||
};
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"grafana.hq.c3d2.de" = {
|
||||
default = true;
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = { "/".proxyPass = "http://localhost:3000/"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
|
@ -109,5 +104,22 @@
|
|||
};
|
||||
};
|
||||
|
||||
systemd.services =
|
||||
builtins.foldl'
|
||||
(services: service:
|
||||
services // {
|
||||
"${service}".serviceConfig = {
|
||||
RestartSec = 60;
|
||||
Restart = "always";
|
||||
};
|
||||
}
|
||||
)
|
||||
{ } [ "grafana" "influxdb" ]
|
||||
// {
|
||||
# work around our slow storage that can't keep up
|
||||
influxdb.serviceConfig.LimitNOFILE = "1048576:1048576";
|
||||
influxdb.serviceConfig.TimeoutStartSec = "infinity";
|
||||
};
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue