{ config, lib, pkgs, ... }: let cfg = config.my.services.monitoring.grafana; secrets = config.age.secrets; in { options.my.services.monitoring.grafana = with lib; { enable = mkEnableOption "grafana observability stack"; vhostName = mkOption { type = types.str; example = "dash.fcuny.net"; description = "Name for the virtual host"; }; }; config = lib.mkIf cfg.enable { services.grafana = { enable = true; settings = { security.adminUser = "fcuny"; analytics.reporting_enabled = false; server.http_port = 4000; server.http_addr = "127.0.0.1"; }; provision = { enable = true; datasources.settings.datasources = [ { name = "prometheus"; type = "prometheus"; isDefault = true; url = "http://localhost:9090"; } { name = "loki"; url = "http://192.168.6.40:3100"; type = "loki"; } ]; dashboards.settings.providers = [{ disableDeletion = true; options.path = ./dashboards; }]; }; }; services.nginx.virtualHosts."${cfg.vhostName}" = { forceSSL = true; useACMEHost = cfg.vhostName; listen = [ { addr = "100.85.232.66"; port = 443; ssl = true; } { addr = "100.85.232.66"; port = 80; ssl = false; } ]; locations."/" = { proxyPass = "http://${config.services.grafana.settings.server.http_addr}:${ toString config.services.grafana.settings.server.http_port }"; proxyWebsockets = true; }; }; security.acme.certs."${cfg.vhostName}" = { dnsProvider = "gcloud"; credentialsFile = secrets."acme/credentials".path; }; my.services.backup = { paths = [ "/var/lib/grafana" ]; exclude = [ "/var/lib/grafana/data/log/" "/var/lib/grafana/log/" ]; }; }; }