Commit 06b89cd

HPCesia <me@hpcesia.com>
2025-10-05 14:42:58
refactor: migrate grafana
1 parent c7f2702
Changed files (9)
hosts/chaser-pardofelis/grafana/default.nix
@@ -1,59 +0,0 @@
-{
-  myvars,
-  config,
-  ...
-}: {
-  services.grafana = {
-    enable = true;
-    # See https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#configuration-options
-    settings = {
-      server = {
-        http_addr = "127.0.0.1";
-        http_port = 3982;
-        protocol = "http";
-        domain = "grafana.hpcesia.com";
-        serve_from_sub_path = false;
-        root_url = "%(protocol)s://%(domain)s:%(http_port)s/";
-        read_timeout = "180s";
-        enable_gzip = true;
-      };
-      security = {
-        admin_user = myvars.username;
-        admin_email = myvars.useremail;
-        admin_password = "$__file{${config.sops.secrets."grafana-admin-password".path}}";
-      };
-      users = {
-        allow_sign_up = false;
-        default_theme = "dark";
-        default_language = "detect";
-      };
-    };
-
-    provision = {
-      datasources.settings.datasources = [
-        {
-          name = "prometheus-pardofelis";
-          type = "prometheus";
-          access = "proxy";
-          url = "http://${config.services.victoriametrics.listenAddress}";
-          jsonData = {
-            httpMethod = "POST";
-            manageAlerts = true;
-            prometheusType = "Prometheus";
-            prometheusVersion = "2.49.0";
-            cacheLevel = "High";
-            disableRecordingRules = false;
-            incrementalQueryOverlapWindow = "10m";
-          };
-        }
-      ];
-      dashboards.settings.providers = [
-        {
-          name = "Default";
-          type = "file";
-          options.path = ./dashboards;
-        }
-      ];
-    };
-  };
-}
hosts/chaser-pardofelis/caddy.nix
@@ -15,7 +15,6 @@ in {
     virtualHosts = let
       localAddress = {
         atuin = "http://localhost:${builtins.toString config.services.atuin.port}";
-        grafana = "http://localhost:${builtins.toString config.services.grafana.settings.server.http_port}";
         homepage = "http://localhost:${builtins.toString config.services.homepage-dashboard.listenPort}";
         prometheus = "http://${config.services.victoriametrics.listenAddress}";
       };
@@ -24,10 +23,6 @@ in {
         encode zstd gzip
         reverse_proxy ${localAddress.atuin}
       '';
-      "grafana.hpcesia.com".extraConfig = ''
-        encode zstd gzip
-        reverse_proxy ${localAddress.grafana}
-      '';
       "home.hpcesia.com".extraConfig = ''
         encode zstd gzip
         forward_auth ${localAddress.authelia} {
modules/hosts/chaser-pardofelis/default.nix
@@ -27,6 +27,7 @@
           "forgejo"
           "forgejo-runner"
           "freshrss"
+          "grafana"
           "goatcounter"
           "gokapi"
           "gotosocial"
hosts/chaser-pardofelis/grafana/dashboards/servers/node-exporter-full-1860_rev41.json → modules/services/grafana/dashboards/servers/node-exporter-full-1860_rev41.json
File renamed without changes
hosts/chaser-pardofelis/grafana/dashboards/services/gotosocial-23416_rev2.json → modules/services/grafana/dashboards/services/gotosocial-23416_rev2.json
File renamed without changes
hosts/chaser-pardofelis/grafana/dashboards/README.md → modules/services/grafana/dashboards/README.md
File renamed without changes
modules/services/grafana/admin-password.age
Binary file
modules/services/grafana/default.nix
@@ -0,0 +1,78 @@
+{lib, ...}: {
+  flake.modules.nixos."services/grafana" = {config, ...}: {
+    services.grafana = {
+      enable = true;
+      # See https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#configuration-options
+      settings = {
+        server = {
+          http_addr = "127.0.0.1";
+          http_port = 3982;
+          protocol = "http";
+          domain = "grafana.hpcesia.com";
+          serve_from_sub_path = false;
+          root_url = "%(protocol)s://%(domain)s:%(http_port)s/";
+          read_timeout = "180s";
+          enable_gzip = true;
+        };
+        security = {
+          admin_user = "hpcesia";
+          admin_email = "me@hpcesia.com";
+          admin_password = "$__file{${config.vaultix.secrets."grafana-admin-password".path}}";
+        };
+        users = {
+          allow_sign_up = false;
+          default_theme = "dark";
+          default_language = "detect";
+        };
+      };
+
+      provision = {
+        datasources.settings.datasources = [
+          {
+            name = "prometheus-pardofelis";
+            type = "prometheus";
+            access = "proxy";
+            url = "http://${config.services.victoriametrics.listenAddress}";
+            jsonData = {
+              httpMethod = "POST";
+              manageAlerts = true;
+              prometheusType = "Prometheus";
+              prometheusVersion = "2.49.0";
+              cacheLevel = "High";
+              disableRecordingRules = false;
+              incrementalQueryOverlapWindow = "10m";
+            };
+          }
+        ];
+        dashboards.settings.providers = [
+          {
+            name = "Default";
+            type = "file";
+            options.path = ./dashboards;
+          }
+        ];
+      };
+    };
+
+    services.caddy.virtualHosts."grafana.hpcesia.com".extraConfig =
+      lib.mkIf config.services.caddy.enable
+      (let
+        localAddress = "http://localhost:${builtins.toString config.services.grafana.settings.server.http_port}";
+      in ''
+        encode zstd gzip
+        reverse_proxy ${localAddress}
+      '');
+
+    services.restic.backups."${config.networking.hostName}-backup".paths =
+      lib.mkIf
+      (builtins.hasAttr "${config.networking.hostName}-backup" config.services.restic.backups)
+      [config.services.grafana.dataDir];
+
+    vaultix.secrets.grafana-admin-password = {
+      file = ./admin-password.age;
+      owner = "root";
+      group = "grafana";
+      mode = "0440";
+    };
+  };
+}
secrets/cache/pardofelis/3c23c2c5dcb356f09b5ba29eec1c68d191445bae4827e7221472d5112ad4604f
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw 7PD60EKkDScNv1SgTlhdibTuafrAfbRAOk6XjNQA6Ww
+IWVLyqUuZZou5qj+n6gu+e1t2Rf6/VK25mjfOCKRI6g
+-> qa-x=\-grease ZITQx`aJ 9ZkH: wWH`E}0 igk~Y-
+3sBsl7yzdw
+--- UCYZW6rxAP6CMHPZjn0UL6wYyey5alA21xbVPVu8WRs
+?4m����ל�U�,�<//�͝�-���L��:�]��ޮoD_J���
+�Z�=������؉
\ No newline at end of file