80 lines
2.6 KiB
Nix
80 lines
2.6 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
cfg = config.services.grafana;
|
|
secrets = config.sops.secrets;
|
|
mkDashboards = dashboards:
|
|
pkgs.symlinkJoin {
|
|
name = "dashboards";
|
|
paths = map mkDashboard dashboards;
|
|
};
|
|
mkDashboard = {
|
|
name,
|
|
url,
|
|
sha256,
|
|
patch ? lib.id,
|
|
}:
|
|
pkgs.writeTextFile {
|
|
inherit name;
|
|
text = patch (builtins.readFile (builtins.fetchurl {inherit url sha256;}));
|
|
destination = "/dash/${name}.json";
|
|
};
|
|
in {
|
|
sops.secrets."grafana/oidc_client_secret" = {
|
|
owner = "grafana";
|
|
};
|
|
services.grafana = {
|
|
enable = true;
|
|
settings = {
|
|
server = {
|
|
root_url = "https://${cfg.settings.server.domain}";
|
|
domain = "monitor.${config.networking.domain}";
|
|
};
|
|
"auth.generic_oauth" = {
|
|
enabled = true;
|
|
name = "authentik";
|
|
client_id = "TNMLGFxpovO0jPptxD0nYmjnuytXd1MphjFS20uE";
|
|
client_secret = "$__file{${secrets."grafana/oidc_client_secret".path}}";
|
|
scopes = toString ["openid" "profile" "email"];
|
|
auth_url = "https://auth.tristans.cloud/application/o/authorize/";
|
|
token_url = "https://auth.tristans.cloud/application/o/token/";
|
|
api_url = "https://auth.tristans.cloud/application/o/userinfo/";
|
|
redirect_url = "https://auth.tristans.cloud/application/o/grafana/end-session/";
|
|
role_attribute_path = "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'";
|
|
};
|
|
};
|
|
provision.dashboards.settings.providers = [
|
|
{
|
|
name = "Node Exporter";
|
|
type = "file";
|
|
options.path = mkDashboards [
|
|
{
|
|
name = "node-exporter";
|
|
url = "https://grafana.com/api/dashboards/1860/revisions/37/download";
|
|
sha256 = "sha256:0qza4j8lywrj08bqbww52dgh2p2b9rkhq5p313g72i57lrlkacfl";
|
|
# https://github.com/rfmoz/grafana-dashboards/issues/169
|
|
patch = builtins.replaceStrings ["$__rate_interval"] ["$__range"];
|
|
}
|
|
{
|
|
name = "synapse";
|
|
url = "https://raw.githubusercontent.com/element-hq/synapse/refs/heads/master/contrib/grafana/synapse.json";
|
|
sha256 = "sha256:0yzj1i4zbjy9cms75ip6ad8qyjgv9kka42gxsbzyzr2syznsmqw0";
|
|
}
|
|
];
|
|
}
|
|
];
|
|
};
|
|
services.nginx.virtualHosts = {
|
|
${cfg.settings.server.domain} = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyWebsockets = true;
|
|
proxyPass = "http://localhost:${toString cfg.settings.server.http_port}";
|
|
};
|
|
};
|
|
};
|
|
}
|