add vm for grafana

2025-03-04 22:58:03 +01:00 · 2025-03-04 22:58:03 +01:00 · 8cb137d1bd
commit 8cb137d1bd
parent 78a1b6daa7
3 changed files with 53 additions and 2 deletions
--- a/systems/default.nix
+++ b/systems/default.nix
@ -47,6 +47,7 @@ in
  # staging temp infra
  "sketchy-router.noc.eh22.intern" = mkSystem "x86_64-linux" "sketchy-router.noc.eh22.intern";

+  "grafana.noc.eh22.intern" = mkSystem "x86_64-linux" "grafana.noc.eh22.intern";
  # misc hosts
  "test.eh22.intern" = mkSystem "x86_64-linux" "test.eh22.intern";
  "installer" = mkSystem "x86_64-linux" "installer";
--- a/systems/grafana.noc.eh22.intern.nix
+++ b/systems/grafana.noc.eh22.intern.nix
@ -0,0 +1,48 @@
+{
+  pkgs,
+  ...
+}:
+{
+  imports = [];
+
+  systemd.network = {
+    enable = true;
+    networks = {
+      "10-mgmtNet" = {
+        matchConfig.MACAddress = "BC:24:11:FC:C2:26";
+        address = [ "10.20.25.4/24" ];
+        gateway = [ "10.20.25.2" ];
+      };
+    };
+  };
+
+  services.grafana = {
+    enable = true;
+    security.admin_password = "$__file{${sops.secrets.vms.grafana.admin_password.path}}";
+    settings.server = {
+      domain = "grafana.noc.eh22.intern";
+      root_url = "http://grafana.noc.eh22.intern/";
+    };
+  };
+
+  services.nginx.virtualHosts.${config.services.grafana.domain} = {
+    locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
+        proxyWebsockets = true;
+    };
+  };
+
+  sops = {
+    defaultSopsFile = ../secrets/passwords.yaml;
+    "vms"."grafana"."admin_password" = {
+      mode = "0440";
+      owner = "grafana";
+      group = "grafana";
+      restartUnits = [ "grafana.service" ];
+    };
+  };
+  # DO NOT CHANGE
+  # this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible
+  home-manager.users.noc.home.stateVersion = "24.11";
+  system.stateVersion = "24.11"; 
+}