forked from fi/nix-infra
49 lines
1.3 KiB
Nix
49 lines
1.3 KiB
Nix
{ config, ... }:
|
|
{
|
|
services.grafana = {
|
|
enable = true;
|
|
settings = {
|
|
server = {
|
|
domain = "grafana.grzb.de";
|
|
root_url = "https://${config.services.grafana.settings.server.domain}";
|
|
};
|
|
security = {
|
|
cookie_secure = true;
|
|
cookie_samesite = "strict";
|
|
admin_user = "yuri";
|
|
admin_password = "$__file{/run/secrets/metrics-grafana-admin-password}";
|
|
admin_email = "yuri@nekover.se";
|
|
};
|
|
smtp = {
|
|
enabled = true;
|
|
host = "mail.grzb.de:465";
|
|
user = "grafana";
|
|
password = "$__file{/run/secrets/metrics-grafana-smtp-password}";
|
|
from_address = "grafana@robot.grzb.de";
|
|
from_name = "Grafana";
|
|
startTLS_policy = "NoStartTLS";
|
|
};
|
|
};
|
|
provision.datasources.settings.datasources = [
|
|
{
|
|
name = "Prometheus";
|
|
type = "prometheus";
|
|
url = "http://localhost:${builtins.toString config.services.prometheus.port}";
|
|
isDefault = true;
|
|
}
|
|
];
|
|
};
|
|
|
|
sops.secrets."metrics-grafana-admin-password" = {
|
|
mode = "0440";
|
|
owner = "grafana";
|
|
group = "grafana";
|
|
restartUnits = [ "grafana.service" ];
|
|
};
|
|
sops.secrets."metrics-grafana-smtp-password" = {
|
|
mode = "0440";
|
|
owner = "grafana";
|
|
group = "grafana";
|
|
restartUnits = [ "grafana.service" ];
|
|
};
|
|
}
|