mirror of
https://github.com/CHN-beta/nixos.git
synced 2026-01-12 04:19:22 +08:00
services.grafana: init
This commit is contained in:
@@ -274,7 +274,7 @@
|
||||
[ "nix-store" "xn--qbtm095lrg0bfka60z" ]))
|
||||
// (builtins.listToAttrs (builtins.map
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "internal.vps7.chn.moe"; })
|
||||
[ "xn--s8w913fdga" "misskey" "synapse" "send" "kkmeeting" "api" "gitlab" ]));
|
||||
[ "xn--s8w913fdga" "misskey" "synapse" "send" "kkmeeting" "api" "gitlab" "grafana" ]));
|
||||
applications =
|
||||
{
|
||||
element.instances."element.chn.moe" = {};
|
||||
@@ -351,6 +351,7 @@
|
||||
httpapi.enable = true;
|
||||
mastodon.enable = true;
|
||||
gitlab.enable = true;
|
||||
grafana.enable = true;
|
||||
};
|
||||
};})
|
||||
];
|
||||
|
||||
@@ -36,6 +36,7 @@ inputs:
|
||||
./mirism.nix
|
||||
./mastodon.nix
|
||||
./gitlab.nix
|
||||
./grafana.nix
|
||||
];
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
|
||||
@@ -10,7 +10,6 @@ inputs:
|
||||
let
|
||||
inherit (inputs.config.nixos.services) gitlab;
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (builtins) map listToAttrs toString replaceStrings filter;
|
||||
in mkIf gitlab.enable
|
||||
{
|
||||
services.gitlab =
|
||||
|
||||
67
modules/services/grafana.nix
Normal file
67
modules/services/grafana.nix
Normal file
@@ -0,0 +1,67 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.grafana = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
hostname = mkOption { type = types.str; default = "grafana.chn.moe"; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) grafana;
|
||||
inherit (inputs.lib) mkIf;
|
||||
in mkIf grafana.enable
|
||||
{
|
||||
services.grafana =
|
||||
{
|
||||
enable = true;
|
||||
declarativePlugins = with inputs.pkgs.grafanaPlugins; [];
|
||||
settings =
|
||||
{
|
||||
users = { verify_email_enabled = true; default_language = "zh-CN"; allow_sign_up = true; };
|
||||
smtp =
|
||||
{
|
||||
enabled = true;
|
||||
host = "mail.chn.moe";
|
||||
user = "bot@chn.moe";
|
||||
password = "$__file{${inputs.config.sops.secrets."grafana/mail".path}}";
|
||||
from_address = "bot@chn.moe";
|
||||
ehlo_identity = grafana.hostname;
|
||||
startTLS_policy = "MandatoryStartTLS";
|
||||
};
|
||||
server = { root_url = "https://${grafana.hostname}"; http_port = 3001; enable_gzip = true; };
|
||||
security =
|
||||
{
|
||||
secret_key = "$__file{${inputs.config.sops.secrets."grafana/secret".path}}";
|
||||
admin_user = "chn";
|
||||
admin_password = "$__file{${inputs.config.sops.secrets."grafana/chn".path}}";
|
||||
admin_email = "chn@chn.moe";
|
||||
};
|
||||
database =
|
||||
{
|
||||
type = "postgres";
|
||||
host = "127.0.0.1:5432";
|
||||
user = "grafana";
|
||||
password = "$__file{${inputs.config.sops.secrets."grafana/db".path}}";
|
||||
};
|
||||
};
|
||||
};
|
||||
nixos.services =
|
||||
{
|
||||
nginx =
|
||||
{
|
||||
enable = true;
|
||||
https."${grafana.hostname}".location."/".proxy =
|
||||
{ upstream = "http://127.0.0.1:3001"; websocket = true; };
|
||||
};
|
||||
postgresql.instances.grafana = {};
|
||||
};
|
||||
sops.secrets = let owner = inputs.config.systemd.services.grafana.serviceConfig.User; in
|
||||
{
|
||||
"grafana/mail" = { owner = owner; key = "mail/bot"; };
|
||||
"grafana/secret".owner = owner;
|
||||
"grafana/chn".owner = owner;
|
||||
"grafana/db" = { owner = owner; key = "postgresql/grafana"; };
|
||||
"mail/bot" = {};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -22,6 +22,7 @@ postgresql:
|
||||
nextcloud: ENC[AES256_GCM,data:5UpYSMsZgUgEJHg0ou9Z1RTE+YFFUKuXwPtc6L5XxD4GNo8Gd3CvcQSNGAol+5DtyPKF3q1+ZgtScWGrqU1RyA==,iv:Zfm+Oa4eON8WiJzYUkMFawafDwo9pOnOpWkwHYLIKkk=,tag:4ECMla1dFfCrn7lILwWFNA==,type:str]
|
||||
mastodon: ENC[AES256_GCM,data:IQxoNjZILazu5cxkEzFAqqmGSsOffMQHoRB7AC2NqI/+CJSVsfdwiSVfxN+Jc9dmrqCjscUSxaWCMHnrZj/JyQ==,iv:d6tyj/w0uH2E3qHjEcopVhnmE/Pq0qN9PHthSArryyw=,tag:kfJsxqkErFcG11B0CmiIKw==,type:str]
|
||||
gitlab: ENC[AES256_GCM,data:YC1Ubpc9zWK8rb5FvZAEYjNWqVF8tZL6Nxqa18Wyq7KAh2Rv2tjl0iVlVzhtaBf28gF++nJVu9LcATaOuHH9sw==,iv:j+t4PwizJNkWZkhzdqU01/P5MeS2nSk6XNlvxJ17hC0=,tag:0gtBn9has+xrtJCn6MAyyA==,type:str]
|
||||
grafana: ENC[AES256_GCM,data:ZLtDIZ3oKasE4r1WNllNe/rkXxqRS+QAJI7EGPKhiFF1BtAxD46UpGQnUag3yg0gP/8+3COQs6camVSxcKFL1A==,iv:wMj3keVjNpVwNMwlt4E3ds1EYjLNIZ/S3RydhOlmYWU=,tag:ZRn7NWaUPbf2rHYLoLYw+w==,type:str]
|
||||
meilisearch:
|
||||
misskey-misskey: ENC[AES256_GCM,data:4s+qqd6mmstioC0XmG/vA6ED9mzu1vRJVPFFalRiqnnsFy0dYEU87H+y12eOp/KDSLdTNvpp6Z6jCNvxnpDXzQ==,iv:x6L9OPu/dwVsD9pYb4dqavw9NesMbo7LB+rwz6veAR4=,tag:/BBqV2sHIgPas7XsZydh2g==,type:str]
|
||||
rsshub:
|
||||
@@ -86,6 +87,9 @@ gitlab:
|
||||
otp: ENC[AES256_GCM,data:Hgq5Tyq+BUTsexVsjFWf07fY0znPL50+qIm+fhuVljlauXBZouQjJKMhqTs9zhLECOktYUtp0wrNa++nO1Ys9A==,iv:Am51j8QjDtldtsZL8uCu0I3pr/SQ6R8KUQinznZjClg=,tag:hbtrlG0MGNL3VcbQUG/irQ==,type:str]
|
||||
dbFile: ENC[AES256_GCM,data:AKxE/Z4jooDlkIl3WpQZIlN+MLxlZ7SEWVF12/8f9aq7LtVl5B0RDA6bZbeM0PU8h4eGcSX9feSpLIVpvBAQxQ==,iv:li6hBLw9filwVVXa01oICtvY9UJsMgB+3XYOgZyCTnY=,tag:wC18TzVMM+dcpIi8wwCcIw==,type:str]
|
||||
root: ENC[AES256_GCM,data:nPO4MT7BWuCHnWkbHPRYygMpieGsni4+BQs6HVwxBqH5KuD0O7I3PQlcgntxb4kWbqvyWstYW+k9LdscSEzgXg==,iv:fgfW8BljGlOIQzGK+UiEFcT6Hp5ieA8C86kwT8xRlO4=,tag:eSWPda0NYBe47uVYCOUiLg==,type:str]
|
||||
grafana:
|
||||
secret: ENC[AES256_GCM,data:QYhopqGcHGr+24qYlfaTdMtnyzmIZYG4PcvS9KYqC24W3M+HmloCkPHh7Y3ZTVg8MnrDGOcbA9YPLdY7eh/u4g==,iv:dh7egVIem2bgDbmWJ1sqH9fLdIYbAIQjnjNvyuEjVq0=,tag:DbIRVHbCcpKGcNc6sDTasA==,type:str]
|
||||
chn: ENC[AES256_GCM,data:0bbjggWS1MdcUIQiQyPlBTULm+faKDpJbmZmV6vSw8k=,iv:am65WQzUE+AvQrQV+NSF5u6RCWn7EetyPsdy4Cuvyyw=,tag:lxNUM1cIYVSXVgwEnS1Hdw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@@ -110,8 +114,8 @@ sops:
|
||||
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
|
||||
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-11-20T11:26:38Z"
|
||||
mac: ENC[AES256_GCM,data:FkWXLiv/ewnZuJvGc9DMm6uY3EMQHX6pSJcEwncOCN7PpwSRbEH7+rVlus6ByHfGyV6g+KvtXMX1CSspfcT0pAwQ0aNrc2BekwhmnZM2PfcXSfvmVA+JKWc8dwbo6M6g05qyC0I8MoCqrBQbQmMqZstLfUReASxDrqNQ/e1DWfg=,iv:7E28UMWlCfXeSjQn9YvUTqzqma6t+z7RpdWgjYr+uro=,tag:3HOiPd2tyztlwHpOyXM08Q==,type:str]
|
||||
lastmodified: "2023-11-20T15:47:13Z"
|
||||
mac: ENC[AES256_GCM,data:n8vx3iRkmku3bOkkglONc8VHQTXSbO0jVrjrKEXwjvNnfk7mwBXK2YNu622V2Ap2BhmHvQjxD9Du/r2UE2+d5saCjtkhlt/HLQZlbjtiguL9xQj1qSG2MiU4kIC6rsKpNc9Ae93fOQ/LGjdIhZT6V5LNERyX84nbeXzCTBwRNbU=,iv:TAiBT2JKtFVwl8XrQ7Bl2Go9T6JC/tCQP747lAPtq+M=,tag:eIueYKVPBsX6iiT2pxv2+g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
||||
Reference in New Issue
Block a user