[host/faunus-ater] Provision grafana dashboards

2022-06-14 15:09:33 +02:00 · 2022-06-14 15:09:33 +02:00 · 8a801533b4
parent 49a4fc33a9
commit 8a801533b4
7 changed files with 17157 additions and 37 deletions
--- a/hosts/cornu-aspersum.nix
+++ b/hosts/cornu-aspersum.nix
@ -29,8 +29,23 @@
    envFile = config.sops.secrets.gladosEnv.path;
  };

-  # Run grafana, mainly for ccqcraft.de
-  services.grafanaWithNginx.enable = true;
+  # === Run grafana, mainly for ccqcraft.de ===
+  services.grafana = {
+    enable = true;
+    domain = "data.ccqcraft.de";
+    port = 2342;
+    addr = "127.0.0.1";
+    auth.anonymous.enable = false;
+  };
+  services.nginx.virtualHosts.${config.services.grafana.domain} = {
+    enableACME = true;
+    forceSSL = true;
+    serverAliases = ["data.tammena.rocks"];
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
+      proxyWebsockets = true;
+    };
+  };

  # Run radicale with infcloud interface for me and Marie
  services.radicaleWithInfcloud.enable = true;
--- a/hosts/faunus-ater.nix
+++ b/hosts/faunus-ater.nix
@ -23,6 +23,8 @@
  };

  vpnInterface = config.services.tailscale.interfaceName;
+  vpnIPv4 = "100.108.135.4";
+  vpnIPv6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704";
 in {
  networking.hostName = "faunus-ater";
  networking.hostId = "a4d7bec4";
@ -153,7 +155,7 @@ in {
      hostName = "murex-pecten";
      maxJobs = 4;
      speedFactor = 4;
-      sshKey = "/run/secrets/hydra-overseer-key";
+      sshKey = sopsPath "hydra-overseer-key";
      sshUser = "hydra-minion";
      supportedFeatures = ["kvm" "big-parallel"];
      systems = ["x86_64-linux" "i686-linux"];
@ -227,29 +229,12 @@ in {
  };

  # === Grafana ===
-  services.grafana = {
+  services.grafanaHome = {
    enable = true;
-    domain = "stats.home";
-    addr = "[::1]";
-    auth.anonymous.enable = true;
-    security.adminPasswordFile = sopsPath "grafana-admin-password";
-    provision = {
-      enable = true;
-      datasources = [
-        {
-          name = "local-prometheus";
-          type = "prometheus";
-          url = "http://localhost:${builtins.toString config.services.prometheus.port}";
-        }
-      ];
-      dashboards = [];
-    };
-  };
-  services.nginx.virtualHosts.${config.services.grafana.domain} = mkVirtHost {
-    locations."/" = {
-      proxyPass = "http://[::1]:${toString config.services.grafana.port}";
-      proxyWebsockets = true;
-    };
+    nginx.listenAddresses = [vpnIPv4 "[${vpnIPv6}]"];
+    nginx.sslCertificate = sopsPath "nginx-cert-crt";
+    nginx.sslCertificateKey = sopsPath "nginx-cert-key";
+    grafana.adminPasswordFile = sopsPath "grafana-admin-password";
  };

  # === Prometheus ===
--- a/modules/grafana.nix
+++ b/modules/grafana.nix
@ -4,28 +4,76 @@
  config,
  ...
 }: let
-  cfg = config.services.grafanaWithNginx;
+  cfg = config.services.grafanaHome;
+
+  grafanaDashboards = pkgs.stdenv.mkDerivation {
+    name = "grafana-dashboards";
+    src = ../raw;
+    installPhase = ''
+      mkdir $out
+      cp grafana-dashboard-fritzbox.json \
+         grafana-dashboard-node.json \
+         grafana-dashboard-home.json \
+         $out/
+    '';
+  };
 in {
-  options.services."grafanaWithNginx" = with lib; {
-    enable =
-      mkEnableOption "Configured grafana instance with nginx reverse proxy";
+  options.services."grafanaHome" = with lib; {
+    enable = mkEnableOption "Configured grafana + nginx + provisioning";
+    nginx = {
+      listenAddresses = mkOption {
+        type = with types; listOf str;
+      };
+      sslCertificateKey = mkOption {
+        type = types.str;
+      };
+      sslCertificate = mkOption {
+        type = types.str;
+      };
+    };
+    grafana.adminPasswordFile = mkOption {
+      type = types.str;
+    };
  };

  config = lib.mkIf cfg.enable {
+    # === Grafana ===
    services.grafana = {
+      security.adminPasswordFile = cfg.grafana.adminPasswordFile;
      enable = true;
-      domain = "data.ccqcraft.de";
-      port = 2342;
-      addr = "127.0.0.1";
-      auth.anonymous.enable = false;
+      domain = "stats.home";
+      addr = "[::1]";
+      auth.anonymous.enable = true;
+      extraOptions = {
+        DASHBOARDS_DEFAULT_HOME_DASHBOARD_PATH = "${grafanaDashboards}/grafana-dashboard-home.json";
+      };
+      provision = {
+        enable = true;
+        datasources = [
+          {
+            name = "local-prometheus";
+            type = "prometheus";
+            editable = false;
+            url = "http://localhost:${builtins.toString config.services.prometheus.port}";
+            isDefault = true;
+          }
+        ];
+        dashboards = [
+          {
+            name = "Dashboards";
+            options.path = grafanaDashboards;
+          }
+        ];
+      };
    };

+    # === Nginx ===
    services.nginx.virtualHosts.${config.services.grafana.domain} = {
-      enableACME = true;
-      forceSSL = true;
-      serverAliases = ["data.tammena.rocks"];
+      inherit (cfg.nginx) listenAddresses sslCertificate sslCertificateKey;
+      addSSL = true;
+      sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../secrets/ca.crt);
      locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
+        proxyPass = "http://[::1]:${toString config.services.grafana.port}";
        proxyWebsockets = true;
      };
    };
--- a/raw/README.md
+++ b/raw/README.md
@ -0,0 +1,5 @@
+# Node Exporter
+Please checkout the original repository!
+
+Source: https://github.com/rfrail3/grafana-dashboards/tree/master/prometheus
+License: Apache
--- a/raw/grafana-dashboard-fritzbox.json
+++ b/raw/grafana-dashboard-fritzbox.json
--- a/raw/grafana-dashboard-home.json
+++ b/raw/grafana-dashboard-home.json
@ -0,0 +1,94 @@
+{
+  "annotations": {
+    "list": [
+      {
+        "builtIn": 1,
+        "datasource": "-- Grafana --",
+        "enable": true,
+        "hide": true,
+        "iconColor": "rgba(0, 211, 255, 1)",
+        "name": "Annotations & Alerts",
+        "target": {
+          "limit": 100,
+          "matchAny": false,
+          "tags": [],
+          "type": "dashboard"
+        },
+        "type": "dashboard"
+      }
+    ]
+  },
+  "editable": false,
+  "fiscalYearStartMonth": 0,
+  "graphTooltip": 0,
+  "id": 4,
+  "links": [],
+  "liveNow": false,
+  "panels": [
+    {
+      "gridPos": {
+        "h": 15,
+        "w": 24,
+        "x": 0,
+        "y": 0
+      },
+      "id": 3,
+      "links": [],
+      "options": {
+        "maxItems": 30,
+        "query": "",
+        "showHeadings": false,
+        "showRecentlyViewed": false,
+        "showSearch": true,
+        "showStarred": false,
+        "tags": []
+      },
+      "pluginVersion": "8.4.5",
+      "tags": [],
+      "title": "Dashboards",
+      "type": "dashlist"
+    }
+  ],
+  "schemaVersion": 35,
+  "style": "dark",
+  "tags": [],
+  "templating": {
+    "list": []
+  },
+  "time": {
+    "from": "now-6h",
+    "to": "now"
+  },
+  "timepicker": {
+    "hidden": true,
+    "refresh_intervals": [
+      "5s",
+      "10s",
+      "30s",
+      "1m",
+      "5m",
+      "15m",
+      "30m",
+      "1h",
+      "2h",
+      "1d"
+    ],
+    "time_options": [
+      "5m",
+      "15m",
+      "1h",
+      "6h",
+      "12h",
+      "24h",
+      "2d",
+      "7d",
+      "30d"
+    ],
+    "type": "timepicker"
+  },
+  "timezone": "browser",
+  "title": "Home",
+  "uid": "_QSuXaj7k",
+  "version": 1,
+  "weekStart": ""
+}
--- a/raw/grafana-dashboard-node.json
+++ b/raw/grafana-dashboard-node.json