Files
homelab/config/monitoring-grafana.nix
T
2026-06-01 14:14:31 +02:00

96 lines
2.8 KiB
Nix

{
config,
tools,
pkgs,
...
}:
let
container = "monitoring";
hostname = tools.build_hostname container;
in
{
services.grafana = {
enable = true;
openFirewall = true;
## NOTE: Installs the plugins but it doesn't work ... however then removing declarative plugins make them work...
# declarativePlugins = [
# pkgs.grafanaPlugins.grafana-mqtt-datasource
# pkgs.grafanaPlugins.grafana-lokiexplore-app
# pkgs.grafanaPlugins.grafana-metricsdrilldown-app
# ];
provision = {
enable = true;
alerting = { };
dashboards = { };
datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
url = "http://${tools.metrics_addr}";
jsonData = {
prometheusType = "Prometheus";
timeInterval = "30s";
};
}
{
name = "Loki";
type = "loki";
url = "http://localhost:3100/";
}
];
};
settings = {
analytics = {
feedback_links_enabled = false;
reporting_enabled = false;
check_for_plugin_updates = true;
check_for_updates = false;
};
database = {
host = tools.build_ip "db";
name = container;
password = config.my-lxc.monitoring.db.password;
# ssl_mode = "require" ?
type = "postgres";
user = container;
};
security = {
# CSP?
admin_email = config.globals.master.email;
admin_user = config.globals.master.login;
cookie_secure = true;
data_source_proxy_whitelist = [
(tools.build_ip "auth")
];
secret_key = "pouet";
};
server = {
enable_gzip = true;
root_url = "https://${hostname}/";
http_addr = tools.build_ip container;
http_port = 3000;
protocol = "http";
};
auth = {
signout_redirect_url = "https://auth.plg.m0rel.eu/application/o/grafana/end-session/";
};
"auth.generic_oauth" = {
enabled = true;
allow_sign_up = true;
auto_login = true;
name = "authentik";
client_id = "wK5v2ELbuMtaCk0G5X1mSiBXTzMdkEmKmWH410vY";
client_secret = "5cKyZDoQPpZcGJdUCkF8kxtAxpJ2fEDX5mOoRGxACCddhuptM6RnDU9EqRxtaMwEKFaBMuIwQwfVfhGCjSj5SVFIOUAFLugPjzyLrwUF52WVzouz3BY8xFyOMXzF6YV";
scopes = "openid profile email entitlements";
auth_url = "https://auth.plg.m0rel.eu/application/o/authorize/";
token_url = "https://auth.plg.m0rel.eu/application/o/token/";
api_url = "https://auth.plg.m0rel.eu/application/o/userinfo/";
role_attribute_path = "contains(entitlements[*], 'Grafana Admins') && 'Admin' || contains(entitlements[*], 'Grafana Editors') && 'Editor' || 'Viewer'";
tls_skip_verify_insecure = true;
use_pkce = true;
};
};
};
}