Format

2022-12-19 23:36:57 +01:00 · 2022-12-19 23:36:57 +01:00 · 003e37582c
parent 86f2edb5dd
commit 003e37582c
1 changed files with 98 additions and 86 deletions
--- a/hosts/grafana/default.nix
+++ b/hosts/grafana/default.nix
@ -7,94 +7,89 @@
    isInHq = false;
  };

-  networking.hostName = "grafana";
-
-  # http https influxdb
-  networking.firewall.allowedTCPPorts = [ 80 443 8086 ];
-  # collectd
-  networking.firewall.allowedUDPPorts = [ 25826 ];
-
-  services.nginx = {
-    enable = true;
-    virtualHosts = {
-      "grafana.hq.c3d2.de" = {
-        default = true;
-        enableACME = true;
-        forceSSL = true;
-        locations = { "/".proxyPass = "http://localhost:3000/"; };
-      };
-    };
-  };
-  services.grafana = {
-    enable = true;
-
-    provision = {
-      enable = true;
-      # curl https://root:SECRET@grafana.hq.c3d2.de/api/datasources | jq > hosts/grafana/datasources.json
-      datasources.settings.datasources = map (datasource: {
-        inherit (datasource) name type access orgId url password user database isDefault jsonData;
-      }) (with builtins; fromJSON (readFile ./datasources.json));
-      dashboards.settings.providers = [ {
-        settings = {
-          apiVersion = 1;
-          providers = [ {
-            name = "c3d2";
-          } ];
-        };
-        # for id in `curl https://root:SECRET@grafana.hq.c3d2.de/api/search | jq -j 'map(.uid) | join(" ")'`; do curl https://root:SECRET@grafana.hq.c3d2.de/api/dashboards/uid/$id | jq .dashboard > hosts/grafana/dashboards/$id.json;done
-        options.path = ./dashboards;
-      } ];
-    };
-
-    settings = {
-      "auth.anonymous" = {
-        enabled = false;
-        org_name = "Chaos";
-      };
-      security = {
-        admin_password = "$__file{${config.sops.secrets."grafana/admin-password".path}}";
-        secret_key = "$__file{${config.sops.secrets."grafana/secret-key".path}}";
-      };
-      server.domain = "grafana.hq.c3d2.de";
-      users.allow_sign_up = false;
-    };
-  };
-  services.influxdb = let
-    collectdTypes = pkgs.runCommand "collectd-types" {} ''
-      mkdir -p $out/share/collectd
-      cat ${pkgs.collectd-data}/share/collectd/types.db >> $out/share/collectd/types.db
-      echo "stations  value:GAUGE:0:U" >> $out/share/collectd/types.db
-    '';
-  in {
-    enable = true;
-    extraConfig = {
-      logging.level = "debug";
-      collectd = [{
-        enabled = true;
-        database = "collectd";
-        typesdb = "${collectdTypes}/share/collectd/types.db";
-        # create retention policy "30d" on collectd duration 30d replication 1 default
-        retention-policy = "30d";
-      }];
-    };
-  };
-  systemd.services =
-    builtins.foldl' (services: service:
-      services // {
-        "${service}".serviceConfig = {
-          RestartSec = 60;
-          Restart = "always";
-        };
-      }
-    ) {} [ "grafana" "influxdb" ]
-    // {
-      # work around our slow storage that can't keep up
-      influxdb.serviceConfig.LimitNOFILE = "1048576:1048576";
-      influxdb.serviceConfig.TimeoutStartSec = "infinity";
-    };
-
  environment.systemPackages = with pkgs; [ influxdb ];

+  networking = {
+    firewall = {
+      # http https influxdb
+      allowedTCPPorts = [ 80 443 8086 ];
+      # collectd
+      allowedUDPPorts = [ 25826 ];
+    };
+    hostName = "grafana";
+  };
+
+  services = {
+    grafana = {
+      enable = true;
+
+      provision = {
+        enable = true;
+        # curl https://root:SECRET@grafana.hq.c3d2.de/api/datasources | jq > hosts/grafana/datasources.json
+        datasources.settings.datasources = map
+          (datasource: {
+            inherit (datasource) name type access orgId url password user database isDefault jsonData;
+          })
+          (with builtins; fromJSON (readFile ./datasources.json));
+        dashboards.settings.providers = [{
+          settings = {
+            apiVersion = 1;
+            providers = [{
+              name = "c3d2";
+            }];
+          };
+          # for id in `curl https://root:SECRET@grafana.hq.c3d2.de/api/search | jq -j 'map(.uid) | join(" ")'`; do curl https://root:SECRET@grafana.hq.c3d2.de/api/dashboards/uid/$id | jq .dashboard > hosts/grafana/dashboards/$id.json;done
+          options.path = ./dashboards;
+        }];
+      };
+
+      settings = {
+        "auth.anonymous" = {
+          enabled = false;
+          org_name = "Chaos";
+        };
+        security = {
+          admin_password = "$__file{${config.sops.secrets."grafana/admin-password".path}}";
+          secret_key = "$__file{${config.sops.secrets."grafana/secret-key".path}}";
+        };
+        server.domain = "grafana.hq.c3d2.de";
+        users.allow_sign_up = false;
+      };
+    };
+    influxdb =
+      let
+        collectdTypes = pkgs.runCommand "collectd-types" { } ''
+          mkdir -p $out/share/collectd
+          cat ${pkgs.collectd-data}/share/collectd/types.db >> $out/share/collectd/types.db
+          echo "stations  value:GAUGE:0:U" >> $out/share/collectd/types.db
+        '';
+      in
+      {
+        enable = true;
+        extraConfig = {
+          logging.level = "debug";
+          collectd = [{
+            enabled = true;
+            database = "collectd";
+            typesdb = "${collectdTypes}/share/collectd/types.db";
+            # create retention policy "30d" on collectd duration 30d replication 1 default
+            retention-policy = "30d";
+          }];
+        };
+      };
+    nginx = {
+      enable = true;
+      virtualHosts = {
+        "grafana.hq.c3d2.de" = {
+          default = true;
+          enableACME = true;
+          forceSSL = true;
+          locations = { "/".proxyPass = "http://localhost:3000/"; };
+        };
+      };
+    };
+  };
+
  sops = {
    defaultSopsFile = ./secrets.yaml;
    secrets = {
@ -109,5 +104,22 @@
    };
  };

+  systemd.services =
+    builtins.foldl'
+      (services: service:
+        services // {
+          "${service}".serviceConfig = {
+            RestartSec = 60;
+            Restart = "always";
+          };
+        }
+      )
+      { } [ "grafana" "influxdb" ]
+    // {
+      # work around our slow storage that can't keep up
+      influxdb.serviceConfig.LimitNOFILE = "1048576:1048576";
+      influxdb.serviceConfig.TimeoutStartSec = "infinity";
+    };
+
  system.stateVersion = "22.05";
 }