2023-06-28 14:35:45 +02:00
|
|
|
{ config, lib, libS, options, ... }:
|
2022-12-23 05:53:53 +01:00
|
|
|
|
|
|
|
let
|
|
|
|
cfg = config.services.grafana;
|
2023-06-28 13:40:11 +02:00
|
|
|
opt = options.services.grafana;
|
2022-12-23 05:53:53 +01:00
|
|
|
in
|
|
|
|
{
|
2023-01-03 02:05:36 +01:00
|
|
|
options = {
|
2023-01-20 23:42:45 +01:00
|
|
|
services.grafana.recommendedDefaults = libS.mkOpinionatedOption "set recommended and secure default settings";
|
2022-12-23 05:53:53 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
config = lib.mkIf cfg.enable {
|
2023-06-28 13:40:11 +02:00
|
|
|
assertions = [
|
|
|
|
{
|
|
|
|
assertion = cfg.settings.security.secret_key == opt.settings.security.secret_key.default;
|
|
|
|
message = "services.grafana.settings.security.secret_key must be changed from it's default value!";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
2023-01-04 01:08:25 +01:00
|
|
|
services.grafana.settings = lib.mkIf cfg.recommendedDefaults (libS.modules.mkRecursiveDefault {
|
2023-06-28 13:40:25 +02:00
|
|
|
# no analytics, sorry, not sorry
|
2022-12-23 05:53:53 +01:00
|
|
|
analytics = {
|
2023-06-28 13:40:25 +02:00
|
|
|
# TODO: drop after https://github.com/NixOS/nixpkgs/pull/240323 is merged
|
2022-12-23 05:53:53 +01:00
|
|
|
check_for_updates = false;
|
2023-06-28 13:40:25 +02:00
|
|
|
feedback_links_enabled = false;
|
2022-12-23 05:53:53 +01:00
|
|
|
reporting_enabled = false;
|
|
|
|
};
|
|
|
|
security = {
|
|
|
|
cookie_secure = true;
|
|
|
|
content_security_policy = true;
|
2023-06-28 13:40:32 +02:00
|
|
|
strict_transport_security = true;
|
2022-12-23 05:53:53 +01:00
|
|
|
};
|
|
|
|
server = {
|
|
|
|
enable_gzip = true;
|
|
|
|
root_url = "https://${cfg.settings.server.domain}";
|
|
|
|
};
|
|
|
|
});
|
|
|
|
};
|
|
|
|
}
|