add monitoring

2023-07-01 10:12:36 -07:00 · 2023-07-01 10:12:36 -07:00 · 97e02fc87c
commit 97e02fc87c
parent a9a5bc6b09
2 changed files with 92 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -10,9 +10,10 @@
    nixosModules.default = { config, ... }: {
      imports = [
        modules/backup.nix
-        modules/jellyfin.nix
        modules/haproxy.nix
        modules/home-assistant.nix
+        modules/jellyfin.nix
+        modules/monitoring.nix
        modules/nextcloud-server.nix
      ];
    };
--- a/modules/monitoring.nix
+++ b/modules/monitoring.nix
@ -0,0 +1,90 @@
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.shb.monitoring;
+in
+{
+  options.shb.monitoring = {
+    enable = lib.mkEnableOption "selfhostblocks.monitoring";
+
+    # sopsFile = lib.mkOption {
+    #   type = lib.types.path;
+    #   description = "Sops file location";
+    #   example = "secrets/monitoring.yaml";
+    # };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.postgresql = {
+      enable = true;
+      ensureDatabases = [ "grafana" ];
+      ensureUsers = [
+        {
+          name = "grafana";
+          ensurePermissions = {
+            "DATABASE grafana" = "ALL PRIVILEGES";
+          };
+          ensureClauses = {
+            "login" = true;
+          };
+        }
+      ];
+    };
+
+    services.grafana = {
+      enable = true;
+
+      database = {
+        host = "/run/postgresql";
+        user = "grafana";
+        name = "grafana";
+        type = "postgres";
+        # Uses peer auth for local users, so we don't need a password.
+        # Here's the syntax anyway for future refence:
+        # password = "$__file{/run/secrets/homeassistant/dbpass}";
+      };
+
+      settings = {
+        server = {
+          http_addr = "127.0.0.1";
+          http_port = 3000;
+        };
+      };
+    };
+
+    shb.reverseproxy.sites.grafana = {
+      frontend = {
+        acl = {
+          acl_grafana = "hdr_beg(host) grafana.";
+        };
+        use_backend = "if acl_grafana";
+      };
+      backend = {
+        servers = [
+          {
+            name = "grafana1";
+            address = "127.0.0.1:3000";
+            forwardfor = true;
+            balance = "roundrobin";
+            check = {
+              inter = "5s";
+              downinter = "15s";
+              fall = "3";
+              rise = "3";
+            };
+            httpcheck = "GET /";
+          }
+        ];
+      };
+    };
+
+    # sops.secrets."grafana" = {
+    #   inherit (cfg) sopsFile;
+    #   mode = "0440";
+    #   owner = "grafana";
+    #   group = "grafana";
+    #   # path = "${config.services.home-assistant.configDir}/secrets.yaml";
+    #   restartUnits = [ "grafana.service" ];
+    # };
+  };
+}