selfhostblocks/modules/monitoring.nix

{ config, pkgs, lib, ... }:

let
  cfg = config.shb.monitoring;
in
{
  options.shb.monitoring = {
    enable = lib.mkEnableOption "selfhostblocks.monitoring";

    # sopsFile = lib.mkOption {
    #   type = lib.types.path;
    #   description = "Sops file location";
    #   example = "secrets/monitoring.yaml";
    # };
  };

  config = lib.mkIf cfg.enable {
    services.postgresql = {
      enable = true;
      ensureDatabases = [ "grafana" ];
      ensureUsers = [
        {
          name = "grafana";
          ensurePermissions = {
            "DATABASE grafana" = "ALL PRIVILEGES";
          };
          ensureClauses = {
            "login" = true;
          };
        }
      ];
    };

    services.grafana = {
      enable = true;

      database = {
        host = "/run/postgresql";
        user = "grafana";
        name = "grafana";
        type = "postgres";
        # Uses peer auth for local users, so we don't need a password.
        # Here's the syntax anyway for future refence:
        # password = "$__file{/run/secrets/homeassistant/dbpass}";
      };

      settings = {
        server = {
          http_addr = "127.0.0.1";
          http_port = 3000;
        };
      };
    };

    shb.reverseproxy.sites.grafana = {
      frontend = {
        acl = {
          acl_grafana = "hdr_beg(host) grafana.";
        };
        use_backend = "if acl_grafana";
      };
      backend = {
        servers = [
          {
            name = "grafana1";
            address = "127.0.0.1:3000";
            forwardfor = true;
            balance = "roundrobin";
            check = {
              inter = "5s";
              downinter = "15s";
              fall = "3";
              rise = "3";
            };
            httpcheck = "GET /";
          }
        ];
      };
    };

    # sops.secrets."grafana" = {
    #   inherit (cfg) sopsFile;
    #   mode = "0440";
    #   owner = "grafana";
    #   group = "grafana";
    #   # path = "${config.services.home-assistant.configDir}/secrets.yaml";
    #   restartUnits = [ "grafana.service" ];
    # };
  };
}
add monitoring 2023-07-01 19:12:36 +02:00			`{ config, pkgs, lib, ... }:`

			`let`
			`cfg = config.shb.monitoring;`
			`in`
			`{`
			`options.shb.monitoring = {`
			`enable = lib.mkEnableOption "selfhostblocks.monitoring";`

			`# sopsFile = lib.mkOption {`
			`# type = lib.types.path;`
			`# description = "Sops file location";`
			`# example = "secrets/monitoring.yaml";`
			`# };`
			`};`

			`config = lib.mkIf cfg.enable {`
			`services.postgresql = {`
			`enable = true;`
			`ensureDatabases = [ "grafana" ];`
			`ensureUsers = [`
			`{`
			`name = "grafana";`
			`ensurePermissions = {`
			`"DATABASE grafana" = "ALL PRIVILEGES";`
			`};`
			`ensureClauses = {`
			`"login" = true;`
			`};`
			`}`
			`];`
			`};`

			`services.grafana = {`
			`enable = true;`

			`database = {`
			`host = "/run/postgresql";`
			`user = "grafana";`
			`name = "grafana";`
			`type = "postgres";`
			`# Uses peer auth for local users, so we don't need a password.`
			`# Here's the syntax anyway for future refence:`
			`# password = "$__file{/run/secrets/homeassistant/dbpass}";`
			`};`

			`settings = {`
			`server = {`
			`http_addr = "127.0.0.1";`
			`http_port = 3000;`
			`};`
			`};`
			`};`

			`shb.reverseproxy.sites.grafana = {`
			`frontend = {`
			`acl = {`
			`acl_grafana = "hdr_beg(host) grafana.";`
			`};`
			`use_backend = "if acl_grafana";`
			`};`
			`backend = {`
			`servers = [`
			`{`
			`name = "grafana1";`
			`address = "127.0.0.1:3000";`
			`forwardfor = true;`
			`balance = "roundrobin";`
			`check = {`
			`inter = "5s";`
			`downinter = "15s";`
			`fall = "3";`
			`rise = "3";`
			`};`
			`httpcheck = "GET /";`
			`}`
			`];`
			`};`
			`};`

			`# sops.secrets."grafana" = {`
			`# inherit (cfg) sopsFile;`
			`# mode = "0440";`
			`# owner = "grafana";`
			`# group = "grafana";`
			`# # path = "${config.services.home-assistant.configDir}/secrets.yaml";`
			`# restartUnits = [ "grafana.service" ];`
			`# };`
			`};`
			`}`