EH22/nox
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add vm for grafana

Browse source
This commit is contained in:
chris 2025-03-04 22:58:03 +01:00
parent 78a1b6daa7
commit 8cb137d1bd
Signed by: c6ristian
SSH key fingerprint: SHA256:B3m+yzpaxGXSEcDBpPHfvza/DNC0wuX+CKMeGq8wgak
3 changed files with 53 additions and 2 deletions

6
secrets/passwords.yaml
View file

@ -12,6 +12,8 @@ vms:
__default__: __default__:
users: users:
noc: ENC[AES256_GCM,data:4XsNofA6Qk8MphMBDSUrAq43RF/d1x7lDg==,iv:ecS8GEZhK5X9GOq2SNDIh7ZWyfHA7kayszqCHyQj+Pc=,tag:fVC2+ztLpewhB9p6EwMtCg==,type:str] noc: ENC[AES256_GCM,data:4XsNofA6Qk8MphMBDSUrAq43RF/d1x7lDg==,iv:ecS8GEZhK5X9GOq2SNDIh7ZWyfHA7kayszqCHyQj+Pc=,tag:fVC2+ztLpewhB9p6EwMtCg==,type:str]
grafana:
admin_password: ENC[AES256_GCM,data:xwjYXJkK+2PZ8uu8vnX4Gy5CRWXJuBfG+NBX+qIVruo=,iv:WWMjUmDZzjjvTjT5A1nEdpxgpWGWCc3D8k/kjrNxYtc=,tag:nbI+aCwN+n/iACjwvk0ljw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -36,8 +38,8 @@ sops:
YW1BSERaOURtVGpMSnRiTkJyaDR3OTQK3pXGQU1SoUKdmLKUe88e8/BjqPjmdhke YW1BSERaOURtVGpMSnRiTkJyaDR3OTQK3pXGQU1SoUKdmLKUe88e8/BjqPjmdhke
bP7DHbpvk4xG2Z3fnacihDCwiBASn2Wu350hl1WoM5pzMiqmS84X9Q== bP7DHbpvk4xG2Z3fnacihDCwiBASn2Wu350hl1WoM5pzMiqmS84X9Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-21T18:34:34Z" lastmodified: "2025-03-04T21:26:03Z"
mac: ENC[AES256_GCM,data:yeMXclT2ZdxHy2CqWQkXVay4EHHq2o8dXF2yXa7q1FKyteRzf0Gve/IQVxH3VXYsGQf3lSdL5EAe3BXmNesWnA5QfTELt2hzgd5nQ6+NTzLDXmi/AW3L4BhzpOoK7UIJ+mG42N4mkYlBe1dUyDBikxevWB3AAzGl7mAF/2io4TQ=,iv:d4g5dWUhFBauR8+4aPGU1hYkhyGsmdGBjgwBMs0HbtA=,tag:oOYKKCwOw/gjqeB/SCdkuQ==,type:str] mac: ENC[AES256_GCM,data:QS1Aq8aUqfOmBwOAbZDlG3Y5CLKWk9u5YQkqzp1i8RvbeXMOOgPj+73kshI8m5QOtMiOGNlnkR0gMD3XIuK/57yte1ir0oWtlrT88yyPLLqwDA16XjPQ61iCHoZQUg8au/+bzYe1uswiKme80FYTIFQfxqtByxFg66244wLiAPE=,iv:e86pdwGXrEMiFj0Rzrz//UKBTCyN63EA1KGJS1x+YQo=,tag:zuIVf2kMQEZReGL72dOj5A==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.4

1
systems/default.nix
View file

@ -47,6 +47,7 @@ in
# staging temp infra # staging temp infra
"sketchy-router.noc.eh22.intern" = mkSystem "x86_64-linux" "sketchy-router.noc.eh22.intern"; "sketchy-router.noc.eh22.intern" = mkSystem "x86_64-linux" "sketchy-router.noc.eh22.intern";
"grafana.noc.eh22.intern" = mkSystem "x86_64-linux" "grafana.noc.eh22.intern";
# misc hosts # misc hosts
"test.eh22.intern" = mkSystem "x86_64-linux" "test.eh22.intern"; "test.eh22.intern" = mkSystem "x86_64-linux" "test.eh22.intern";
"installer" = mkSystem "x86_64-linux" "installer"; "installer" = mkSystem "x86_64-linux" "installer";

48
systems/grafana.noc.eh22.intern.nix Normal file
View file

@ -0,0 +1,48 @@
{
pkgs,
...
}:
{
imports = [];
systemd.network = {
enable = true;
networks = {
"10-mgmtNet" = {
matchConfig.MACAddress = "BC:24:11:FC:C2:26";
address = [ "10.20.25.4/24" ];
gateway = [ "10.20.25.2" ];
};
};
};
services.grafana = {
enable = true;
security.admin_password = "$__file{${sops.secrets.vms.grafana.admin_password.path}}";
settings.server = {
domain = "grafana.noc.eh22.intern";
root_url = "http://grafana.noc.eh22.intern/";
};
};
services.nginx.virtualHosts.${config.services.grafana.domain} = {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
proxyWebsockets = true;
};
};
sops = {
defaultSopsFile = ../secrets/passwords.yaml;
"vms"."grafana"."admin_password" = {
mode = "0440";
owner = "grafana";
group = "grafana";
restartUnits = [ "grafana.service" ];
};
};
# DO NOT CHANGE
# this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible
home-manager.users.noc.home.stateVersion = "24.11";
system.stateVersion = "24.11";
}