diff options
| author | sinanmohd <sinan@sinanmohd.com> | 2025-03-09 23:06:42 +0530 |
|---|---|---|
| committer | sinanmohd <sinan@sinanmohd.com> | 2025-03-09 23:06:44 +0530 |
| commit | 16269416193b9e41417a27ecb9ef057e22691a5a (patch) | |
| tree | 11502178c81c9eac687170780c9e216c37bc5717 | |
| parent | f566c923d860fb3612c99bf1915c9868e67e2109 (diff) | |
kay/observability: init
| -rw-r--r-- | os/kay/configuration.nix | 1 | ||||
| -rw-r--r-- | os/kay/modules/dns/sinanmohd.com.zone | 3 | ||||
| -rw-r--r-- | os/kay/modules/observability/default.nix | 4 | ||||
| -rw-r--r-- | os/kay/modules/observability/grafana.nix | 48 | ||||
| -rw-r--r-- | os/kay/modules/www.nix | 14 | ||||
| -rw-r--r-- | os/kay/secrets.yaml | 7 |
6 files changed, 73 insertions, 4 deletions
diff --git a/os/kay/configuration.nix b/os/kay/configuration.nix index 5331d36..746676b 100644 --- a/os/kay/configuration.nix +++ b/os/kay/configuration.nix @@ -18,6 +18,7 @@ ./modules/github-runner.nix ./modules/nix-cache.nix ./modules/immich.nix + ./modules/observability ]; boot = { diff --git a/os/kay/modules/dns/sinanmohd.com.zone b/os/kay/modules/dns/sinanmohd.com.zone index 1b16ac5..5c1dddf 100644 --- a/os/kay/modules/dns/sinanmohd.com.zone +++ b/os/kay/modules/dns/sinanmohd.com.zone @@ -2,7 +2,7 @@ $ORIGIN sinanmohd.com. $TTL 2d @ IN SOA ns1 hostmaster ( - 2025030616 ; serial + 2025030900 ; serial 2h ; refresh 5m ; retry 1d ; expire @@ -44,6 +44,7 @@ home IN CNAME @ nixbin IN CNAME @ immich IN CNAME @ sliding IN CNAME @ +grafana IN CNAME @ lia IN A 65.0.3.127 diff --git a/os/kay/modules/observability/default.nix b/os/kay/modules/observability/default.nix new file mode 100644 index 0000000..ff848b8 --- /dev/null +++ b/os/kay/modules/observability/default.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + imports = [ ./grafana.nix ]; +} diff --git a/os/kay/modules/observability/grafana.nix b/os/kay/modules/observability/grafana.nix new file mode 100644 index 0000000..705bdcd --- /dev/null +++ b/os/kay/modules/observability/grafana.nix @@ -0,0 +1,48 @@ +{ config, ... }: +let + domain = "grafana." + config.global.userdata.domain; + user = config.global.userdata.name; + email = config.global.userdata.email; +in +{ + sops.secrets."misc/default_password" = { + owner = "grafana"; + group = "grafana"; + }; + + services = { + postgresql = { + ensureDatabases = [ "grafana" ]; + ensureUsers = [ + { + name = "grafana"; + ensureDBOwnership = true; + } + ]; + }; + + grafana = { + enable = true; + + settings = { + database = { + type = "postgres"; + name = "grafana"; + user = "grafana"; + host = "/run/postgresql"; + }; + + server = { + inherit domain; + enforce_domain = true; + }; + + security = { + admin_user = user; + admin_email = email; + admin_password = "$__file{${config.sops.secrets."misc/default_password".path}}"; + }; + }; + }; + }; +} diff --git a/os/kay/modules/www.nix b/os/kay/modules/www.nix index e73b129..b62a017 100644 --- a/os/kay/modules/www.nix +++ b/os/kay/modules/www.nix @@ -82,6 +82,20 @@ in }; }; + "${config.services.grafana.settings.server.domain}" = defaultOpts // { + extraConfig = '' + proxy_buffering off; + proxy_request_buffering off; + client_max_body_size 0; + ''; + + locations."/" = { + proxyWebsockets = true; + proxyPass = + "http://${config.services.grafana.settings.server.http_addr}:${builtins.toString config.services.grafana.settings.server.http_port}"; + }; + }; + "www.${domain}" = defaultOpts // { root = "/var/www/${domain}"; }; diff --git a/os/kay/secrets.yaml b/os/kay/secrets.yaml index 18e1672..9d8b634 100644 --- a/os/kay/secrets.yaml +++ b/os/kay/secrets.yaml @@ -19,6 +19,7 @@ github-runner: age-master-key: ENC[AES256_GCM,data:X9hF4Tlu/iki2VrkquYXyNZ22E+CJBN9oFXgzuZtzEMePnIHDON7XVmKvIm4FcPdRIUo7b085+QTSA5RKcslVMbix4BSyWwNLzA=,iv:r51gdhvXmVLGbZ3w0C+kGfRb3DqZaWH3AN6F8c9g+Po=,tag:EzJv7GHuHZofqpMF0ZlqIA==,type:str] misc: wireguard: ENC[AES256_GCM,data:kbUtxJv3xSmikJWgtu87TSo5N8tUb2BiH3dH3oOV36waYyXI3bp2aBeAl1k=,iv:yB4UIyMDNRS+JmSnt9XuBhNRTLz+k0FqkK4ofjosRto=,tag:BDSD9SfQuQppKT4+6Cu65w==,type:str] + default_password: ENC[AES256_GCM,data:6I3Z4Y1r8eTVvyc=,iv:0yMAY6JfsHEkKsrVAgPxb+3So4A5xvWV4ME1Oi33TvQ=,tag:/7dUtXPrVMNkERdxlk0FOw==,type:str] nixbin.sinanmohd.com: ENC[AES256_GCM,data:WQDzDzOozWa73Bitex6BpE7D7KdVcgIKD1Yx92RbCoNzSa8+b33YtY92Vetu7OlH1Zw4tneKBH/hAjz4ytK1SHoFfKj9wvfdzR5L+8gRKYEwxnvcHyc5gekmAaeQr2bWyUS9PBYRRWTRLiL/5A==,iv:3hlqF2CvpnXS5oDpbW9RIERbDHPLMrgQ+TJ+q9EyrZM=,tag:U4E3b2oBqjMFXEONbz8eKw==,type:str] sops: kms: [] @@ -44,8 +45,8 @@ sops: OXgwSml4bkc1dnloNUFsRGFFcXFHc2cK26l2eiKbZUkogmAXoha6HTUs3YFKixYz bTkpKKyOAIIin3YM975wwvkCuWNG4tbnHBHQFh5JGK2OEyLDXuV7Pg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-01T09:24:06Z" - mac: ENC[AES256_GCM,data:KHkuNuqmA0XrLgwZqqGQLTgswL+0FSrBFu9yQwbYjx7Y50RNVmvk/f0A4t8GpKgBJBwyreCKWh+E2AWNQMmul+9GMrcyRYiIoP3Q8JmbIs2fH6FfIIqLy9ozks9UPOgru/XNiiFd1wi7X8CM6jK7JUsw0lZZFdcTp3C/qOS22BY=,iv:L1iMnqqAP5oLwYMGM3txwybpV+jc7yyhkNdo4hGChP8=,tag:hEK8/o1CBVe25NSht2mWAg==,type:str] + lastmodified: "2025-03-09T17:11:35Z" + mac: ENC[AES256_GCM,data:x44HygQEMeY/Qi0KWGzlVtvZaD3aDfBKgdSKMIOfc5rhsfvzMhezLOGxRjdJ63H1XP/j650hLRKwCgx5ceg0k+1GlbUIxnXCyzCeEFGTVdW3uELNrxZokv1AKPU7iOmR1Mn5/lLEM1Ehxjsjl8PNpOmLpxaRnoUkoq1Sc4NZSck=,iv:3Hpxt4nCvFE5iuMKaGQaE2z0MLNRd1MgKcu1mMpwSlI=,tag:ZLndddPnWdCnWkDSY8+dhA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.3 + version: 3.9.4 |