diff --git a/modules/services/grafana/default.nix b/modules/services/grafana/default.nix new file mode 100644 index 0000000..488d0fa --- /dev/null +++ b/modules/services/grafana/default.nix @@ -0,0 +1,52 @@ +{ + options, + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.aa.services.grafana; + server_settings = config.services.grafana.settings.server; +in { + options.aa.services.grafana = with types; { + enable = mkEnableOption "grafana"; + acmeCertName = mkOption { + type = str; + default = ""; + description = '' + If set to a non-empty string, forces SSL with the supplied acme + certificate. + ''; + }; + }; + config = mkIf cfg.enable { + services.grafana = { + enable = true; + settings.server = { + domain = "grafana.kilonull.com"; + http_port = 2342; + http_addr = "0.0.0.0"; + }; + }; + + services.nginx = { + enable = true; + virtualHosts ."${server_settings.domain}" = + { + locations."/" = { + proxyPass = "http://${server_settings.http_addr}:${toString server_settings.http_port}"; + proxyWebsockets = true; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; + }; + }; + + networking.firewall = { + allowedTCPPorts = [80 443]; + }; + }; +} diff --git a/systems/x86_64-linux/node/default.nix b/systems/x86_64-linux/node/default.nix index 9a8a9a0..84670d0 100644 --- a/systems/x86_64-linux/node/default.nix +++ b/systems/x86_64-linux/node/default.nix @@ -14,6 +14,8 @@ nix.enable = true; nix.useSelfhostedCache = true; + apps.tmux.enable = true; + services.tailscale = { enable = true; configureClientRouting = true; @@ -28,6 +30,10 @@ enable = true; acmeCertName = "kilonull.com"; }; + services.grafana = { + enable = true; + acmeCertName = "kilonull.com"; + }; services.syncoid = { # sudo -u backups zfs create -o mountpoint=/tank/backups/gospel tank/backups/gospel enable = true;