Commit 73eec45
Changed files (4)
hosts
chaser-pardofelis
grafana
secrets
hosts
pardofelis
hosts/chaser-pardofelis/grafana/default.nix
@@ -0,0 +1,32 @@
+{
+ myvars,
+ config,
+ ...
+}: {
+ services.grafana = {
+ enable = true;
+ # See https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#configuration-options
+ settings = {
+ server = {
+ http_addr = "127.0.0.1";
+ http_port = 3982;
+ protocol = "http";
+ domain = "grafana.hpcesia.com";
+ serve_from_sub_path = false;
+ root_url = "%(protocol)s://%(domain)s:%(http_port)s/";
+ read_timeout = "180s";
+ enable_gzip = true;
+ };
+ security = {
+ admin_user = myvars.username;
+ admin_email = myvars.useremail;
+ admin_password = "$__file{${config.sops.secrets."grafana-admin-password".path}}";
+ };
+ users = {
+ allow_sign_up = false;
+ default_theme = "dark";
+ default_language = "detect";
+ };
+ };
+ };
+}
hosts/chaser-pardofelis/caddy.nix
@@ -1,4 +1,8 @@
-{myvars, ...}: {
+{
+ myvars,
+ config,
+ ...
+}: {
services.caddy = {
enable = true;
# Reload Caddy instead of restarting it when configuration file changes.
@@ -11,6 +15,10 @@
'';
virtualHosts = {
+ "grafana.hpcesia.com".extraConfig = ''
+ encode zstd gzip
+ reverse_proxy http://localhost:${builtins.toString config.services.grafana.settings.server.http_port}
+ '';
};
};
secrets/hosts/pardofelis/default.nix
@@ -8,29 +8,46 @@
sopsFile = ./secrets.yaml;
};
in
- lib.mkMerge [
- {
- sops.secrets = builtins.listToAttrs (builtins.map (x: {
- name = "pardofelis-${x}";
- value =
- {
- key = x;
- }
- // secretFileConf;
- }) ["ipv4" "ipv6" "gateway" "gateway6"]);
- }
- {
- sops.secrets."freshrss-admin-password" =
+ lib.mkMerge (
+ [
+ {
+ sops.secrets = builtins.listToAttrs (builtins.map (x: {
+ name = "pardofelis-${x}";
+ value =
+ {
+ key = x;
+ }
+ // secretFileConf;
+ }) ["ipv4" "ipv6" "gateway" "gateway6"]);
+ }
+ ]
+ ++ lib.map (nvp: {
+ sops.secrets.${nvp.name} =
lib.mkIf
(config.modules.currentHost == "pardofelis")
- (
+ nvp.value;
+ }) [
+ {
+ name = "freshrss-admin-password";
+ value =
{
key = "services/freshrss/defaultUserPassword";
owner = "root";
group = "freshrss";
mode = "0440";
}
- // secretFileConf
- );
- }
- ]
+ // secretFileConf;
+ }
+ {
+ name = "grafana-admin-password";
+ value =
+ {
+ key = "services/grafana/adminPassword";
+ owner = "root";
+ group = "grafana";
+ mode = "0440";
+ }
+ // secretFileConf;
+ }
+ ]
+ )
secrets/hosts/pardofelis/secrets.yaml
@@ -5,6 +5,8 @@ gateway6: ENC[AES256_GCM,data:0kNmpzpfa1Px+b8thcPU524SZWM=,iv:Rw9+fe1DvG/eE369zE
services:
freshrss:
defaultUserPassword: ENC[AES256_GCM,data:go37FcBdkPaI3o9ufWWSe4csncSBXl7Sna1lOU9xCxc=,iv:uslyMRqDLmJp9al4kz+F/f8tcyAzpBtnRHRNaz5E+1U=,tag:cs/laSyPWy0GHN3bMO8FRQ==,type:str]
+ grafana:
+ adminPassword: ENC[AES256_GCM,data:GSD4lXMBxnzbmWluPp0J4Y7EDOnutCZq,iv:MqyKSHZk2RkPEo07SQxYYYZir+DPwWSjwwWVfeP8kqQ=,tag:VVJFT5HQquF6fOp7aOINSA==,type:str]
sops:
age:
- recipient: age1sur93fevme8az4v6txee9uw7gk8xcpz2u0mfzvayavrcx9zkefxsmcpnln
@@ -25,8 +27,8 @@ sops:
MmVobitCNUxvUGJmRUtWWEhZekdHaEEKcx1nN+bR2wsexYV/B5PC+Pu9Yi9w+KE8
Kcy2S1Cyu7MEkE8it447yqixIA5l5mbFGRjfTvI8KZXZUGgLecAktQ==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-07-16T10:53:59Z"
- mac: ENC[AES256_GCM,data:EukKdKAbCFYIdQmu57HSwq+hCm4gngThlDZrtiy3t/c/SlmkIPbvMsigTvdHcobV2oWWy55P8Nk9XfrLTBu5RzEIbGc83iyeD/R05DqijkTz7mg3eOcTIrPAlSDsNCxzWP9535A8GZVWmp+QurLBR4Eh57O3VXVJOExs4ennT88=,iv:tKRJjbDsNyTzVrUBIXlhL2z3iJa8p9fv9zXC9ygX0Pc=,tag:v3dYEsRrnkmL59zXcbs5Rw==,type:str]
+ lastmodified: "2025-07-16T13:27:20Z"
+ mac: ENC[AES256_GCM,data:0qpubROBFmFikgQLuBhOJXqfcwGJVHawpRcitXjrzpKCSGYktzH5k6dVDeuoV1gJy+aPNUr029kDaVg3r+yPSc3ouxjc8NbI8nkiZzrUWJdiRkfiDWbdePGrqCKlXdGLfVw5XXP5zIAhXKCQCsy1w0TwHXG3k8TZCp8pvoc9KTo=,iv:MT3BIx2YPX1wpWXz0xoDEUUyX2WBN8BEGm352ma65Ag=,tag:RxA+KKsOfXWPMVRgbN7MJw==,type:str]
pgp:
- created_at: "2025-07-15T13:47:27Z"
enc: |-