grafana: get grafana running

2025-03-08 00:41:23 +01:00 · 2025-03-08 00:41:23 +01:00 · eafb8ad1b7
commit eafb8ad1b7
parent 47d2d6db2e
3 changed files with 65 additions and 32 deletions
--- a/systems/grafana.noc.eh22.intern.nix
+++ b/systems/grafana.noc.eh22.intern.nix
@ -1,8 +1,6 @@
 {
  pkgs,
  config,
-  modulesPath,
-  lib,
  ...
 }:
 {
@ -10,7 +8,7 @@

  sops = {
    defaultSopsFile = ../secrets/passwords.yaml;
-    secrets."vms/grafana/admin_password" = {
+    secrets."services/grafana/admin_password" = {
      mode = "0440";
      owner = "grafana";
      group = "grafana";
@ -33,24 +31,48 @@

  networking.firewall.allowedTCPPorts = [ 80 ];

-  services.grafana = {
-    enable = true;
-    settings = {
-      security.admin_password = "$__file{${config.sops.secrets."vms/grafana/admin_password".path}}";
-      server = {
-        domain = "grafana.noc.eh22.intern";
-        root_url = "http://grafana.noc.eh22.intern/";
+  services = {
+    grafana = {
+      enable = true;
+      settings = {
+        security.admin_password = "$__file{${config.sops.secrets."services/grafana/admin_password".path}}";
+
+        server = {
+          domain = "grafana.noc.eh22.intern";
+          root_url = "http://grafana.noc.eh22.intern/";
+          http_addr = "127.0.0.1";
+          http_port = 2342;
+        };
+
+        database = {
+          type = "postgres";
+          user = "grafana";
+          host = "/run/postgresql";
+        };
+      };
+    };
+
+    postgresql = {
+      enable = true;
+      ensureDatabases = [ "grafana" ];
+      ensureUsers = [
+        {
+          name = "grafana";
+          ensureDBOwnership = true;
+        }
+      ];
+    };
+
+    nginx = {
+      enable = true;
+      virtualHosts.${config.services.grafana.settings.server.domain} = {
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
+          proxyWebsockets = true;
+        };
      };
    };
  };
-
-  services.nginx.virtualHosts.${config.services.grafana.domain} = {
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
-      proxyWebsockets = true;
-    };
-  };
-
  # DO NOT CHANGE
  # this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible
  home-manager.users.noc.home.stateVersion = "24.11";