{ config, lib, pkgs, ... }: let cfg = config.my.services.grafana; secrets = config.age.secrets; in { options.my.services.grafana = with lib; { enable = mkEnableOption "grafana observability stack"; vhostName = mkOption { type = types.str; example = "dash.fcuny.net"; description = "Name for the virtual host"; }; }; config = lib.mkIf cfg.enable { services.grafana = { enable = true; security.adminUser = "fcuny"; analytics.reporting.enable = false; port = 4000; provision = { enable = true; datasources = [{ name = "prometheus"; type = "prometheus"; isDefault = true; url = "http://localhost:9090"; }]; dashboards = [{ disableDeletion = true; options.path = ./dashboards; }]; }; }; services.nginx.virtualHosts."${cfg.vhostName}" = { forceSSL = true; useACMEHost = cfg.vhostName; listen = [ { addr = "100.85.232.66"; port = 443; ssl = true; } { addr = "100.85.232.66"; port = 80; ssl = false; } ]; locations."/" = { proxyPass = "http://${config.services.grafana.addr}:${ toString config.services.grafana.port }"; proxyWebsockets = true; }; }; security.acme.certs."${cfg.vhostName}" = { dnsProvider = "gcloud"; credentialsFile = secrets."acme/credentials".path; }; my.services.backup = { paths = [ "/var/lib/grafana" ]; exclude = [ "/var/lib/grafana/log/" ]; }; }; }