80 lines
1.9 KiB
Nix
80 lines
1.9 KiB
Nix
{
|
|
pkgs,
|
|
config,
|
|
...
|
|
}:
|
|
{
|
|
imports = [ ];
|
|
|
|
sops = {
|
|
defaultSopsFile = ../secrets/passwords.yaml;
|
|
secrets."services/grafana/admin_password" = {
|
|
mode = "0440";
|
|
owner = "grafana";
|
|
group = "grafana";
|
|
restartUnits = [ "grafana.service" ];
|
|
};
|
|
};
|
|
|
|
# configure static IP address
|
|
networking.useDHCP = false;
|
|
systemd.network = {
|
|
enable = true;
|
|
networks = {
|
|
"10-mgmtNet" = {
|
|
matchConfig.MACAddress = "BC:24:11:FC:C2:26";
|
|
address = [ "10.20.25.4/24" ];
|
|
gateway = [ "10.20.25.2" ];
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
|
|
services = {
|
|
grafana = {
|
|
enable = true;
|
|
settings = {
|
|
security.admin_password = "$__file{${config.sops.secrets."services/grafana/admin_password".path}}";
|
|
|
|
server = {
|
|
domain = "grafana.noc.eh22.intern";
|
|
root_url = "http://grafana.noc.eh22.intern/";
|
|
http_addr = "127.0.0.1";
|
|
http_port = 2342;
|
|
};
|
|
|
|
database = {
|
|
type = "postgres";
|
|
user = "grafana";
|
|
host = "/run/postgresql";
|
|
};
|
|
};
|
|
};
|
|
|
|
postgresql = {
|
|
enable = true;
|
|
ensureDatabases = [ "grafana" ];
|
|
ensureUsers = [
|
|
{
|
|
name = "grafana";
|
|
ensureDBOwnership = true;
|
|
}
|
|
];
|
|
};
|
|
|
|
nginx = {
|
|
enable = true;
|
|
virtualHosts.${config.services.grafana.settings.server.domain} = {
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
# DO NOT CHANGE
|
|
# this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible
|
|
home-manager.users.noc.home.stateVersion = "24.11";
|
|
system.stateVersion = "24.11";
|
|
}
|