Toast/nix-stuff
1
0
Fork 0
Code Issues Pull requests Projects 1 Wiki Activity
nix-stuff/roles/server/grafana.nix

58 lines
1.3 KiB
Nix
Raw Blame History

{config, ...}: let
domain = "monitoring.everest.tailscale";
in {
users.users.caddy.extraGroups = ["grafana"];
sops.secrets = let
owner = "grafana";
group = "grafana";
in {
"grafanaAdmin/username" = {
inherit owner group;
};
"grafanaAdmin/password" = {
inherit owner group;
};
};
services = {
grafana = {
enable = true;
provision = {
enable = true;
datasources.settings = {
apiVersion = 1;
};
};
settings = {
analytics.reporting_enabled = false;
security = {
admin_user = "$__file{${config.sops.secrets."grafanaAdmin/username".path}}";
admin_password = "$__file{${config.sops.secrets."grafanaAdmin/password".path}}";
cookie_secure = true;
strict_transport_security = true;
content_security_policy = true;
};
server = {
protocol = "socket";
root_url = "https://${domain}";
};
};
};
headscale.settings.dns.extra_records = [
{
name = domain;
type = "A";
value = "100.100.0.1";
}
];
caddy.virtualHosts.grafana = {
hostName = domain;
extraConfig = ''
import tailscale
reverse_proxy unix/${config.services.grafana.settings.server.socket}
'';
};
};
}
Reference in a new issue View git blame Copy permalink