pyrox.dev / nix
My Nix Configuration
fork atom
nix / hosts / marvin / services / grafana.nix
at 60fa108f8332b1edac1d3ac955f078b084987da3 2.0 kB view raw
1{ 2 config, 3 self', 4 self, 5 ... 6}: 7let 8 d = self.lib.data.services.grafana; 9 a = self.lib.data.services.authentik; 10in 11{ 12 services.grafana = { 13 enable = true; 14 settings = { 15 analytics.reporting_enable = false; 16 "auth.generic_oauth" = { 17 name = "central"; 18 icon = "signin"; 19 enabled = "true"; 20 client_id = "89f4607cf446a777a6b25ebde8731cdcb80b04c1"; 21 client_secret = "89eccaa8a31104c218df5cfe37c87f0ea0bbddcd1571bddb7f7fbf5a09045efd59c61f1caaa79483ad59aac2c19488b254acdaced47e66a6505865a14a63ac4a"; 22 auth_url = "https://${a.extUrl}/application/o/authorize/"; 23 token_url = "https://${a.extUrl}/application/o/token/"; 24 api_url = "https://${a.extUrl}/application/o/userinfo/"; 25 scopes = "openid profile email"; 26 }; 27 "auth" = { 28 signout_redirect_url = "https://${a.extUrl}/if/session-end/stathog/"; 29 disableLoginForm = true; 30 }; 31 security = { 32 admin_user = "pyrox"; 33 admin_password = "$__file{${config.age.secrets.grafana-admin.path}}"; 34 }; 35 server = { 36 root_url = "https://${d.extUrl}"; 37 domain = d.extUrl; 38 http_port = d.port; 39 http_addr = "0.0.0.0"; 40 }; 41 smtp = { 42 enabled = true; 43 user = "grafana@thehedgehog.me"; 44 from_address = "grafana@thehedgehog.me"; 45 host = "smtp.migadu.com:465"; 46 password = "$__file{${config.age.secrets.grafana-smtp-password.path}}"; 47 }; 48 }; 49 }; 50 age.secrets = { 51 grafana-admin = { 52 file = ./secrets/grafana-admin-password.age; 53 owner = "grafana"; 54 group = "grafana"; 55 }; 56 grafana-smtp-password = { 57 file = ./secrets/grafana-smtp-password.age; 58 owner = "grafana"; 59 group = "grafana"; 60 }; 61 }; 62 services.anubis.instances.grafana = { 63 settings = { 64 BIND = ":${toString d.anubis}"; 65 POLICY_FNAME = "${self'.packages.anubis-files}/policies/default.yaml"; 66 TARGET = "http://localhost:${toString d.port}"; 67 }; 68 }; 69}