blob: 705bdcd0db7a766bf8d786017b0bbbbcbc29e407 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
{ config, ... }:
let
domain = "grafana." + config.global.userdata.domain;
user = config.global.userdata.name;
email = config.global.userdata.email;
in
{
sops.secrets."misc/default_password" = {
owner = "grafana";
group = "grafana";
};
services = {
postgresql = {
ensureDatabases = [ "grafana" ];
ensureUsers = [
{
name = "grafana";
ensureDBOwnership = true;
}
];
};
grafana = {
enable = true;
settings = {
database = {
type = "postgres";
name = "grafana";
user = "grafana";
host = "/run/postgresql";
};
server = {
inherit domain;
enforce_domain = true;
};
security = {
admin_user = user;
admin_email = email;
admin_password = "$__file{${config.sops.secrets."misc/default_password".path}}";
};
};
};
};
}
|
