add grafana

2023-02-26 18:32:29 +00:00 · 2023-02-26 18:32:29 +00:00 · fcc119822d
parent ca4b4f642b
commit fcc119822d
2 changed files with 46 additions and 0 deletions
--- a/nixos/boxes/bolty/default.nix
+++ b/nixos/boxes/bolty/default.nix
@ -2,6 +2,7 @@
  imports = [
    ../cli.nix
    ./bolty-boot.nix
+    ./grafana.nix
    ./home-assistant.nix
    ./influxdb.nix
    ./matrix-server.nix
--- a/nixos/boxes/bolty/grafana.nix
+++ b/nixos/boxes/bolty/grafana.nix
@ -0,0 +1,45 @@
+{ config, pkgs, inputs, lib, ... }:
+let
+  fqdn = "bolty.raptor-carp.ts.net";
+  port = 30001;
+  path = "/data/grafana";
+  certPath = "${path}/cert.pem";
+  keyPath = "${path}/key.pem";
+in {
+  networking.firewall.allowedTCPPorts = [ port ];
+
+  systemd.services.grafana-prep = {
+    script = ''
+      mkdir -p ${path}
+      cp -rv /var/lib/tailscale-certs/cert.pem ${certPath}
+      cp -rv /var/lib/tailscale-certs/key.pem ${keyPath}
+      chown -Rv grafana:grafana ${path}
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      ReloadPropagatedFrom = "tailscale-cert.service";
+    };
+    before = [ "grafana.service" ];
+    wantedBy = [ "multi-user.target" ];
+    after = [
+      "network.target"
+      "network-online.target"
+      "tailscaled.service"
+      "tailscale-cert.service"
+    ];
+    wants = [ "tailscale-cert.service" ];
+  };
+
+  services.grafana = {
+    enable = true;
+    dataDir = path;
+    settings.server = {
+      protocol = "https";
+      domain = fqdn;
+      http_port = port;
+      http_addr = fqdn;
+      cert_file = certPath;
+      cert_key = keyPath;
+    };
+  };
+}