hosts/weird-row-server/grafana.nix at main · wiro.world/dotfiles

wiro.world / dotfiles
yep, more dotfiles
dotfiles / hosts / weird-row-server / grafana.nix
at main 2.3 kB view raw
 1{ config
 2, ...
 3}:
 4
 5let
 6  grafana-port = 3002;
 7  grafana-hostname = "console.net.wiro.world";
 8
 9  prometheus-port = 9001;
10  prometheus-node-exporter-port = 9002;
11  caddy-metrics-port = 2019;
12  authelia-metrics-port = 9004;
13  headscale-metrics-port = 9003;
14in
15{
16  config = {
17    age.secrets.grafana-oidc-secret = { file = secrets/grafana-oidc-secret.age; owner = "grafana"; };
18    services.grafana = {
19      enable = true;
20
21      settings = {
22        server = {
23          http_port = grafana-port;
24          domain = grafana-hostname;
25          root_url = "https://${grafana-hostname}";
26        };
27
28        "auth.generic_oauth" = {
29          enable = true;
30          name = "Authelia";
31          icon = "signin";
32
33          client_id = "grafana";
34          client_secret_path = config.age.secrets.grafana-oidc-secret.path;
35          auto_login = true;
36
37          scopes = [ "openid" "profile" "email" "groups" ];
38          auth_url = "https://auth.wiro.world/api/oidc/authorization";
39          token_url = "https://auth.wiro.world/api/oidc/token";
40          api_url = "https://auth.wiro.world/api/oidc/userinfo";
41          use_pkce = true;
42        };
43      };
44    };
45
46    services.prometheus = {
47      enable = true;
48      port = prometheus-port;
49
50      exporters.node = {
51        enable = true;
52        port = prometheus-node-exporter-port;
53      };
54
55      scrapeConfigs = [
56        {
57          job_name = "caddy";
58          static_configs = [{ targets = [ "localhost:${toString caddy-metrics-port}" ]; }];
59        }
60        {
61          job_name = "node-exporter";
62          static_configs = [{ targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }];
63        }
64        {
65          job_name = "headscale";
66          static_configs = [{ targets = [ "localhost:${toString headscale-metrics-port}" ]; }];
67        }
68        {
69          job_name = "authelia";
70          static_configs = [{ targets = [ "localhost:${toString authelia-metrics-port}" ]; }];
71        }
72      ];
73    };
74
75    services.caddy = {
76      globalConfig = ''
77        metrics { per_host }
78      '';
79      virtualHosts."http://${grafana-hostname}".extraConfig = ''
80        bind tailscale/console
81        reverse_proxy http://localhost:${toString grafana-port}
82      '';
83    };
84  };
85}