nixos-modules/modules/grafana.nix

{ config, lib, libS, options, ... }:

let
  cfg = config.services.grafana;
  opt = options.services.grafana;
in
{
  options = {
    services.grafana.recommendedDefaults = libS.mkOpinionatedOption "set recommended and secure default settings";
  };

  config = lib.mkIf cfg.enable {
    assertions = [
      {
        assertion = cfg.settings.security.secret_key == opt.settings.security.secret_key.default;
        message = "services.grafana.settings.security.secret_key must be changed from it's default value!";
      }
    ];

    services.grafana.settings = lib.mkIf cfg.recommendedDefaults (libS.modules.mkRecursiveDefault {
      # no analytics, sorry, not sorry
      analytics = {
        # TODO: drop after https://github.com/NixOS/nixpkgs/pull/240323 is merged
        check_for_updates = false;
        feedback_links_enabled = false;
        reporting_enabled = false;
      };
      security = {
        cookie_secure = true;
        content_security_policy = true;
        strict_transport_security = true;
      };
      server = {
        enable_gzip = true;
        root_url = "https://${cfg.settings.server.domain}";
      };
    });
  };
}
grafana: fix eval 2023-06-28 14:35:45 +02:00			`{ config, lib, libS, options, ... }:`
Add grafana 2022-12-23 05:53:53 +01:00
			`let`
			`cfg = config.services.grafana;`
grafana: error if default secret is used 2023-06-28 13:40:11 +02:00			`opt = options.services.grafana;`
Add grafana 2022-12-23 05:53:53 +01:00			`in`
			`{`
Add lib.mkOpinionatedOption and use it 2023-01-03 02:05:36 +01:00			`options = {`
ssh: add recommendedDefaults 2023-01-20 23:42:45 +01:00			`services.grafana.recommendedDefaults = libS.mkOpinionatedOption "set recommended and secure default settings";`
Add grafana 2022-12-23 05:53:53 +01:00			`};`

			`config = lib.mkIf cfg.enable {`
grafana: error if default secret is used 2023-06-28 13:40:11 +02:00			`assertions = [`
			`{`
			`assertion = cfg.settings.security.secret_key == opt.settings.security.secret_key.default;`
			`message = "services.grafana.settings.security.secret_key must be changed from it's default value!";`
			`}`
			`];`

Fix typo 2023-01-04 01:08:25 +01:00			`services.grafana.settings = lib.mkIf cfg.recommendedDefaults (libS.modules.mkRecursiveDefault {`
grafana: disable link feedback 2023-06-28 13:40:25 +02:00			`# no analytics, sorry, not sorry`
Add grafana 2022-12-23 05:53:53 +01:00			`analytics = {`
grafana: disable link feedback 2023-06-28 13:40:25 +02:00			`# TODO: drop after https://github.com/NixOS/nixpkgs/pull/240323 is merged`
Add grafana 2022-12-23 05:53:53 +01:00			`check_for_updates = false;`
grafana: disable link feedback 2023-06-28 13:40:25 +02:00			`feedback_links_enabled = false;`
Add grafana 2022-12-23 05:53:53 +01:00			`reporting_enabled = false;`
			`};`
			`security = {`
			`cookie_secure = true;`
			`content_security_policy = true;`
grafana: enable hsts 2023-06-28 13:40:32 +02:00			`strict_transport_security = true;`
Add grafana 2022-12-23 05:53:53 +01:00			`};`
			`server = {`
			`enable_gzip = true;`
			`root_url = "https://${cfg.settings.server.domain}";`
			`};`
			`});`
			`};`
			`}`