tristan/nix
1
0
Fork 0
Code Projects Releases Packages Activity
nix/nixos/services/grafana.nix
Tristan 123e7088f5 alpine: many changes 
- updates
- snapserver
- graphana dashboards
- loki
- ddclient
- arr suite, jellyseer
- mautrix fixes
2025-01-18 00:18:11 +00:00

64 lines
2.3 KiB
Nix
Raw Blame History

{config, lib, pkgs, ...}: let
cfg = config.services.grafana;
secrets = config.sops.secrets;
mkDashboards = dashboards: pkgs.symlinkJoin {
name = "dashboards";
paths = map mkDashboard dashboards;
};
mkDashboard = {name, url, sha256}: pkgs.writeTextFile {
inherit name;
text = builtins.readFile ( builtins.fetchurl {inherit url sha256;} );
destination = "/dash/${name}.json";
};
in {
sops.secrets."grafana/oidc_client_secret" = {
owner = "grafana";
};
services.grafana = {
enable = true;
settings = {
server = {
root_url = "https://${cfg.settings.server.domain}";
domain = "monitor.${config.networking.domain}";
};
"auth.generic_oauth" = {
enabled = true;
name = "authentik";
client_id = "TNMLGFxpovO0jPptxD0nYmjnuytXd1MphjFS20uE";
client_secret = "$__file{${secrets."grafana/oidc_client_secret".path}}";
scopes = toString ["openid" "profile" "email"];
auth_url = "https://auth.tristans.cloud/application/o/authorize/";
token_url = "https://auth.tristans.cloud/application/o/token/";
api_url = "https://auth.tristans.cloud/application/o/userinfo/";
redirect_url = "https://auth.tristans.cloud/application/o/grafana/end-session/";
role_attribute_path = "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'";
};
};
provision.dashboards.settings.providers = [{
name = "Node Exporter";
type = "file";
options.path = mkDashboards [
{
name = "node-exporter";
url = "https://grafana.com/api/dashboards/1860/revisions/37/download";
sha256 = "sha256:0qza4j8lywrj08bqbww52dgh2p2b9rkhq5p313g72i57lrlkacfl";
}
{
name = "synapse";
url = "https://raw.githubusercontent.com/element-hq/synapse/refs/heads/master/contrib/grafana/synapse.json";
sha256 = "sha256:07qlr0waw9phmyd38bv22bn5v303w3397b89l44l3lzwhpnhs16s";
}
];
}];
};
services.nginx.virtualHosts = {
${cfg.settings.server.domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:${toString cfg.settings.server.http_port}";
};
};
};
}
View git blame Copy permalink