mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-24 16:18:44 +08:00
68 lines
2.2 KiB
Nix
68 lines
2.2 KiB
Nix
inputs:
|
|
{
|
|
options.nixos.services.grafana = let inherit (inputs.lib) mkOption types; in
|
|
{
|
|
enable = mkOption { type = types.bool; default = false; };
|
|
hostname = mkOption { type = types.str; default = "grafana.chn.moe"; };
|
|
};
|
|
config =
|
|
let
|
|
inherit (inputs.config.nixos.services) grafana;
|
|
inherit (inputs.lib) mkIf;
|
|
in mkIf grafana.enable
|
|
{
|
|
services.grafana =
|
|
{
|
|
enable = true;
|
|
declarativePlugins = with inputs.pkgs.grafanaPlugins; [];
|
|
settings =
|
|
{
|
|
users = { verify_email_enabled = true; default_language = "zh-CN"; allow_sign_up = true; };
|
|
smtp =
|
|
{
|
|
enabled = true;
|
|
host = "mail.chn.moe";
|
|
user = "bot@chn.moe";
|
|
password = "$__file{${inputs.config.sops.secrets."grafana/mail".path}}";
|
|
from_address = "bot@chn.moe";
|
|
ehlo_identity = grafana.hostname;
|
|
startTLS_policy = "MandatoryStartTLS";
|
|
};
|
|
server = { root_url = "https://${grafana.hostname}"; http_port = 3001; enable_gzip = true; };
|
|
security =
|
|
{
|
|
secret_key = "$__file{${inputs.config.sops.secrets."grafana/secret".path}}";
|
|
admin_user = "chn";
|
|
admin_password = "$__file{${inputs.config.sops.secrets."grafana/chn".path}}";
|
|
admin_email = "chn@chn.moe";
|
|
};
|
|
database =
|
|
{
|
|
type = "postgres";
|
|
host = "127.0.0.1:5432";
|
|
user = "grafana";
|
|
password = "$__file{${inputs.config.sops.secrets."grafana/db".path}}";
|
|
};
|
|
};
|
|
};
|
|
nixos.services =
|
|
{
|
|
nginx =
|
|
{
|
|
enable = true;
|
|
https."${grafana.hostname}".location."/".proxy =
|
|
{ upstream = "http://127.0.0.1:3001"; websocket = true; };
|
|
};
|
|
postgresql.instances.grafana = {};
|
|
};
|
|
sops.secrets = let owner = inputs.config.systemd.services.grafana.serviceConfig.User; in
|
|
{
|
|
"grafana/mail" = { owner = owner; key = "mail/bot"; };
|
|
"grafana/secret".owner = owner;
|
|
"grafana/chn".owner = owner;
|
|
"grafana/db" = { owner = owner; key = "postgresql/grafana"; };
|
|
"mail/bot" = {};
|
|
};
|
|
};
|
|
}
|