Commit 73eec45

HPCesia <me@hpcesia.com>
2025-07-16 13:37:00
feat(service): add grafana on pardo
1 parent 913b3c6
Changed files (4)
hosts
chaser-pardofelis
secrets
hosts/chaser-pardofelis/grafana/default.nix
@@ -0,0 +1,32 @@
+{
+  myvars,
+  config,
+  ...
+}: {
+  services.grafana = {
+    enable = true;
+    # See https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#configuration-options
+    settings = {
+      server = {
+        http_addr = "127.0.0.1";
+        http_port = 3982;
+        protocol = "http";
+        domain = "grafana.hpcesia.com";
+        serve_from_sub_path = false;
+        root_url = "%(protocol)s://%(domain)s:%(http_port)s/";
+        read_timeout = "180s";
+        enable_gzip = true;
+      };
+      security = {
+        admin_user = myvars.username;
+        admin_email = myvars.useremail;
+        admin_password = "$__file{${config.sops.secrets."grafana-admin-password".path}}";
+      };
+      users = {
+        allow_sign_up = false;
+        default_theme = "dark";
+        default_language = "detect";
+      };
+    };
+  };
+}
hosts/chaser-pardofelis/caddy.nix
@@ -1,4 +1,8 @@
-{myvars, ...}: {
+{
+  myvars,
+  config,
+  ...
+}: {
   services.caddy = {
     enable = true;
     # Reload Caddy instead of restarting it when configuration file changes.
@@ -11,6 +15,10 @@
     '';
 
     virtualHosts = {
+      "grafana.hpcesia.com".extraConfig = ''
+        encode zstd gzip
+        reverse_proxy http://localhost:${builtins.toString config.services.grafana.settings.server.http_port}
+      '';
     };
   };
 
secrets/hosts/pardofelis/default.nix
@@ -8,29 +8,46 @@
     sopsFile = ./secrets.yaml;
   };
 in
-  lib.mkMerge [
-    {
-      sops.secrets = builtins.listToAttrs (builtins.map (x: {
-        name = "pardofelis-${x}";
-        value =
-          {
-            key = x;
-          }
-          // secretFileConf;
-      }) ["ipv4" "ipv6" "gateway" "gateway6"]);
-    }
-    {
-      sops.secrets."freshrss-admin-password" =
+  lib.mkMerge (
+    [
+      {
+        sops.secrets = builtins.listToAttrs (builtins.map (x: {
+          name = "pardofelis-${x}";
+          value =
+            {
+              key = x;
+            }
+            // secretFileConf;
+        }) ["ipv4" "ipv6" "gateway" "gateway6"]);
+      }
+    ]
+    ++ lib.map (nvp: {
+      sops.secrets.${nvp.name} =
         lib.mkIf
         (config.modules.currentHost == "pardofelis")
-        (
+        nvp.value;
+    }) [
+      {
+        name = "freshrss-admin-password";
+        value =
           {
             key = "services/freshrss/defaultUserPassword";
             owner = "root";
             group = "freshrss";
             mode = "0440";
           }
-          // secretFileConf
-        );
-    }
-  ]
+          // secretFileConf;
+      }
+      {
+        name = "grafana-admin-password";
+        value =
+          {
+            key = "services/grafana/adminPassword";
+            owner = "root";
+            group = "grafana";
+            mode = "0440";
+          }
+          // secretFileConf;
+      }
+    ]
+  )
secrets/hosts/pardofelis/secrets.yaml
@@ -5,6 +5,8 @@ gateway6: ENC[AES256_GCM,data:0kNmpzpfa1Px+b8thcPU524SZWM=,iv:Rw9+fe1DvG/eE369zE
 services:
     freshrss:
         defaultUserPassword: ENC[AES256_GCM,data:go37FcBdkPaI3o9ufWWSe4csncSBXl7Sna1lOU9xCxc=,iv:uslyMRqDLmJp9al4kz+F/f8tcyAzpBtnRHRNaz5E+1U=,tag:cs/laSyPWy0GHN3bMO8FRQ==,type:str]
+    grafana:
+        adminPassword: ENC[AES256_GCM,data:GSD4lXMBxnzbmWluPp0J4Y7EDOnutCZq,iv:MqyKSHZk2RkPEo07SQxYYYZir+DPwWSjwwWVfeP8kqQ=,tag:VVJFT5HQquF6fOp7aOINSA==,type:str]
 sops:
     age:
         - recipient: age1sur93fevme8az4v6txee9uw7gk8xcpz2u0mfzvayavrcx9zkefxsmcpnln
@@ -25,8 +27,8 @@ sops:
             MmVobitCNUxvUGJmRUtWWEhZekdHaEEKcx1nN+bR2wsexYV/B5PC+Pu9Yi9w+KE8
             Kcy2S1Cyu7MEkE8it447yqixIA5l5mbFGRjfTvI8KZXZUGgLecAktQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-16T10:53:59Z"
-    mac: ENC[AES256_GCM,data:EukKdKAbCFYIdQmu57HSwq+hCm4gngThlDZrtiy3t/c/SlmkIPbvMsigTvdHcobV2oWWy55P8Nk9XfrLTBu5RzEIbGc83iyeD/R05DqijkTz7mg3eOcTIrPAlSDsNCxzWP9535A8GZVWmp+QurLBR4Eh57O3VXVJOExs4ennT88=,iv:tKRJjbDsNyTzVrUBIXlhL2z3iJa8p9fv9zXC9ygX0Pc=,tag:v3dYEsRrnkmL59zXcbs5Rw==,type:str]
+    lastmodified: "2025-07-16T13:27:20Z"
+    mac: ENC[AES256_GCM,data:0qpubROBFmFikgQLuBhOJXqfcwGJVHawpRcitXjrzpKCSGYktzH5k6dVDeuoV1gJy+aPNUr029kDaVg3r+yPSc3ouxjc8NbI8nkiZzrUWJdiRkfiDWbdePGrqCKlXdGLfVw5XXP5zIAhXKCQCsy1w0TwHXG3k8TZCp8pvoc9KTo=,iv:MT3BIx2YPX1wpWXz0xoDEUUyX2WBN8BEGm352ma65Ag=,tag:RxA+KKsOfXWPMVRgbN7MJw==,type:str]
     pgp:
         - created_at: "2025-07-15T13:47:27Z"
           enc: |-