modules/nixos/monitoring: remove grafana
This commit is contained in:
parent
6bdb32d87d
commit
b7d0c7a4c5
4 changed files with 2 additions and 81 deletions
|
@ -1,3 +1,2 @@
|
||||||
- [monitoring.nix-community.org/alertmanager](https://monitoring.nix-community.org/alertmanager)
|
- [monitoring.nix-community.org/alertmanager](https://monitoring.nix-community.org/alertmanager)
|
||||||
- [monitoring.nix-community.org/grafana](https://monitoring.nix-community.org/grafana)
|
|
||||||
- [monitoring.nix-community.org/prometheus](https://monitoring.nix-community.org/prometheus)
|
- [monitoring.nix-community.org/prometheus](https://monitoring.nix-community.org/prometheus)
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
ssh_host_ed25519_key: ENC[AES256_GCM,data:mp33XErF8FL7/rxKUsXiVijkCcDlSmtopkxTA/tDpcVx1ft6e9/YIoGYvLwxMhwowlEjktuANnZXo0tPHoCaiRdsFL2XMlNhbMHz5PKdIwpQyGysbqJKzVSa81F8RS1IG0sY8YGaCXsOfWPBbNJFTapT+9Xb6niRwiQkwwPAxBN9zdS+nMvllNHEZSv4RQ84uKzvyaLPB9N3GU7GHPq5UzBYNO1eH0eHoDEvv3JI6W/C8dws4liAwCSoCOF0RTdBpVKZvlf2DMYCKEZYWlnyBvq/NVJr2JujNDhtKOozL0tVLCkh8QQrLiWucN1yCMiy+1VS5yqmvqa6Gvc4P9hgmMHRjA37oJtDrik4SWQZq0VfxJ00oC3ByGmH6mR4AZY/BTPMnRAgF/m3rjryEd4hCjlQ1jJhdWmRTchruK7oSz/FrZmtCp/fVsRulcJ2JmU2gEQF0rfP9+eq/LWLD0FPvsp9ytf18wPMAY6fYj7vQGj5dx9ZB6oJ0RxlgAhPFhjAztjmMQD43oSsNnm9FKISS5Vv07tQDQBUHe3d,iv:Z6SfUFsjfRaVc23CNM1NE4/c92MLmbdEXilPJomX9qM=,tag:xknd9rqBVvUg69ICvhXHcA==,type:str]
|
ssh_host_ed25519_key: ENC[AES256_GCM,data:mp33XErF8FL7/rxKUsXiVijkCcDlSmtopkxTA/tDpcVx1ft6e9/YIoGYvLwxMhwowlEjktuANnZXo0tPHoCaiRdsFL2XMlNhbMHz5PKdIwpQyGysbqJKzVSa81F8RS1IG0sY8YGaCXsOfWPBbNJFTapT+9Xb6niRwiQkwwPAxBN9zdS+nMvllNHEZSv4RQ84uKzvyaLPB9N3GU7GHPq5UzBYNO1eH0eHoDEvv3JI6W/C8dws4liAwCSoCOF0RTdBpVKZvlf2DMYCKEZYWlnyBvq/NVJr2JujNDhtKOozL0tVLCkh8QQrLiWucN1yCMiy+1VS5yqmvqa6Gvc4P9hgmMHRjA37oJtDrik4SWQZq0VfxJ00oC3ByGmH6mR4AZY/BTPMnRAgF/m3rjryEd4hCjlQ1jJhdWmRTchruK7oSz/FrZmtCp/fVsRulcJ2JmU2gEQF0rfP9+eq/LWLD0FPvsp9ytf18wPMAY6fYj7vQGj5dx9ZB6oJ0RxlgAhPFhjAztjmMQD43oSsNnm9FKISS5Vv07tQDQBUHe3d,iv:Z6SfUFsjfRaVc23CNM1NE4/c92MLmbdEXilPJomX9qM=,tag:xknd9rqBVvUg69ICvhXHcA==,type:str]
|
||||||
nix-community-matrix-bot-token: ENC[AES256_GCM,data:p9sQnsEIJEGi6AYLxemCN/zkf+lx6dEjrIVfFD28DWtOvCxIy7QKImWIMsbOjWHW/0sjHQYoGwDBrrBzpYed3+AK38J+WEnCi6MSGQ==,iv:BdV3bMjuXFLFTvcXLL/2l08qonIXHFtUvpj2QM0n3Ws=,tag:EhCwGinqZZuLa5CIpCaKeA==,type:str]
|
nix-community-matrix-bot-token: ENC[AES256_GCM,data:p9sQnsEIJEGi6AYLxemCN/zkf+lx6dEjrIVfFD28DWtOvCxIy7QKImWIMsbOjWHW/0sjHQYoGwDBrrBzpYed3+AK38J+WEnCi6MSGQ==,iv:BdV3bMjuXFLFTvcXLL/2l08qonIXHFtUvpj2QM0n3Ws=,tag:EhCwGinqZZuLa5CIpCaKeA==,type:str]
|
||||||
grafana-admin-password: ENC[AES256_GCM,data:imowUQJxi03QyhYBvMx8nWo6VvblOSaQ3YozWyl4w86cEQ==,iv:Pop10QAd9rSwwyXzhvfmIr+bCKOCEaVGTcvg7VH5BTo=,tag:eRJ8N9M/iaIC2rx5MFfsEw==,type:str]
|
|
||||||
grafana-client-secret: ENC[AES256_GCM,data:ET2/XYYDTPuZtmQvvmxqFSVini+z4ap3hQfdkLKOMikFvHNzhEgHzw==,iv:JLM490Da0bDohB4Rm38c1eeKYlM4ODL+Loth9i/RPC8=,tag:3uepHgyot9EgUKPQqYWHBQ==,type:str]
|
|
||||||
nginx-basic-auth-file: ENC[AES256_GCM,data:andS+j0bOp4m7Xty1RuAmyNGz36rUChhl4dtY+mvguHzei2lYDfdZWilx2VUFT5mmsWCeyrT5otVVg==,iv:BuawT6dsaI6s/vXbfG2HijUBzHec2D47w8KRj6Bba2Y=,tag:PjkfdKhjWmP6+NKFGEPijg==,type:str]
|
nginx-basic-auth-file: ENC[AES256_GCM,data:andS+j0bOp4m7Xty1RuAmyNGz36rUChhl4dtY+mvguHzei2lYDfdZWilx2VUFT5mmsWCeyrT5otVVg==,iv:BuawT6dsaI6s/vXbfG2HijUBzHec2D47w8KRj6Bba2Y=,tag:PjkfdKhjWmP6+NKFGEPijg==,type:str]
|
||||||
nginx-basic-auth-password: ENC[AES256_GCM,data:ne6h4KoBo7dNkrKhe4thFkgE/EmIOkfzDh0Bag==,iv:ZsHANsb6PI4a84K81fM1PHtPPa0mi8nYLfh1A9CbaqY=,tag:IYQyFasarwh/EPZ3iUNX3Q==,type:str]
|
nginx-basic-auth-password: ENC[AES256_GCM,data:ne6h4KoBo7dNkrKhe4thFkgE/EmIOkfzDh0Bag==,iv:ZsHANsb6PI4a84K81fM1PHtPPa0mi8nYLfh1A9CbaqY=,tag:IYQyFasarwh/EPZ3iUNX3Q==,type:str]
|
||||||
sops:
|
sops:
|
||||||
|
@ -64,8 +62,8 @@ sops:
|
||||||
QnJZZzN1a1M5b1dwa3hvL3ZHYkpxQUkK1g9sQB0UHl9coaznjIn4WDpQv21Y8cl9
|
QnJZZzN1a1M5b1dwa3hvL3ZHYkpxQUkK1g9sQB0UHl9coaznjIn4WDpQv21Y8cl9
|
||||||
LNqnv0Q6KrxNliq2JEJoEpjD5+xTcqV/5FgylKhtdNWUZ0eAX8taog==
|
LNqnv0Q6KrxNliq2JEJoEpjD5+xTcqV/5FgylKhtdNWUZ0eAX8taog==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-10-27T05:54:06Z"
|
lastmodified: "2024-03-22T03:41:05Z"
|
||||||
mac: ENC[AES256_GCM,data:WI5ljTzMSziArRZRQgvqE8OdMoxjqT4mMHw9q67D1OjhI33/HCCJTJwaCVuZRUVYN2kA4kU8tt0uJwP7rAavSGf/xZ7LTR6eS+VR77t/6vPaczbKZAEuybLZFUHeDBuAX2ek5CRWzUcyZb2n0sihKIdgdy3DxuUCXJucN/n0lzM=,iv:r8WpJoIB73mhk+Im15+IAyJG5rfGz8oyifS6SbwpXUk=,tag:6qYueS06F1I+qV/d89PBmQ==,type:str]
|
mac: ENC[AES256_GCM,data:erV1yKaQjgaJieSFF5B7whTa8E/cP9Fzn9J5cIHRK7lXFKeiT9EmjWE8Iz8aCvbcxjxQNFMbFOAUBZJxR0zSQFY2VwRkxSV5zbwDDr0iRdFJcyggO84bYWIC6223S5tINHlgyYJ0UNAfQqkytKkXdQElicbQAi7MG9j2UNEasNM=,iv:P+H+pCaW6vlUpiKcBSoyf+f29qY6T+dunIcmEK8Zs/E=,tag:7AkgXgy9GY1NecJxG05Q4g==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -3,7 +3,6 @@
|
||||||
imports = [
|
imports = [
|
||||||
inputs.srvos.nixosModules.roles-prometheus
|
inputs.srvos.nixosModules.roles-prometheus
|
||||||
./alert-rules.nix
|
./alert-rules.nix
|
||||||
./grafana.nix
|
|
||||||
./matrix-hook.nix
|
./matrix-hook.nix
|
||||||
./prometheus.nix
|
./prometheus.nix
|
||||||
./telegraf.nix
|
./telegraf.nix
|
||||||
|
@ -19,10 +18,6 @@
|
||||||
basicAuthFile = config.sops.secrets.nginx-basic-auth-file.path;
|
basicAuthFile = config.sops.secrets.nginx-basic-auth-file.path;
|
||||||
proxyPass = "http://localhost:9093/";
|
proxyPass = "http://localhost:9093/";
|
||||||
};
|
};
|
||||||
locations."/grafana/" = {
|
|
||||||
proxyPass = "http://localhost:3000/";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
};
|
|
||||||
locations."/prometheus/".proxyPass = "http://localhost:9090/";
|
locations."/prometheus/".proxyPass = "http://localhost:9090/";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,71 +0,0 @@
|
||||||
{ config, ... }:
|
|
||||||
{
|
|
||||||
systemd.services.grafana.after = [ "prometheus.service" ];
|
|
||||||
|
|
||||||
services.grafana = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
analytics.reporting_enabled = false;
|
|
||||||
analytics.feedback_links_enabled = false;
|
|
||||||
|
|
||||||
"auth.anonymous".enabled = true;
|
|
||||||
|
|
||||||
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/github/
|
|
||||||
"auth.github" = {
|
|
||||||
enabled = true;
|
|
||||||
client_id = "ea6aa36488df8b2dede6";
|
|
||||||
client_secret = "$__file{${config.sops.secrets.grafana-client-secret.path}}";
|
|
||||||
auth_url = "https://github.com/login/oauth/authorize";
|
|
||||||
token_url = "https://github.com/login/oauth/access_token";
|
|
||||||
api_url = "https://api.github.com/user";
|
|
||||||
allow_sign_up = true;
|
|
||||||
auto_login = false;
|
|
||||||
allowed_organizations = [ "nix-community" ];
|
|
||||||
role_attribute_strict = true;
|
|
||||||
allow_assign_grafana_admin = true;
|
|
||||||
role_attribute_path = "contains(groups[*], '@nix-community/admin') && 'GrafanaAdmin' || 'Editor'";
|
|
||||||
};
|
|
||||||
|
|
||||||
server = {
|
|
||||||
root_url = "https://monitoring.nix-community.org/grafana/";
|
|
||||||
domain = "monitoring.nix-community.org";
|
|
||||||
enforce_domain = true;
|
|
||||||
enable_gzip = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
database = {
|
|
||||||
type = "postgres";
|
|
||||||
name = "grafana";
|
|
||||||
host = "/run/postgresql";
|
|
||||||
user = "grafana";
|
|
||||||
};
|
|
||||||
|
|
||||||
security.admin_password = "$__file{${config.sops.secrets.grafana-admin-password.path}}";
|
|
||||||
};
|
|
||||||
|
|
||||||
provision.datasources.settings.datasources = [
|
|
||||||
{
|
|
||||||
name = "prometheus";
|
|
||||||
type = "prometheus";
|
|
||||||
isDefault = true;
|
|
||||||
url = "http://localhost:9090";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.telegraf.extraConfig.inputs.prometheus.urls = [
|
|
||||||
"http://localhost:3000/metrics"
|
|
||||||
];
|
|
||||||
|
|
||||||
sops.secrets.grafana-admin-password.owner = "grafana";
|
|
||||||
sops.secrets.grafana-client-secret.owner = "grafana";
|
|
||||||
|
|
||||||
services.postgresql = {
|
|
||||||
enable = true;
|
|
||||||
ensureDatabases = [ "grafana" ];
|
|
||||||
ensureUsers = [{
|
|
||||||
name = "grafana";
|
|
||||||
ensureDBOwnership = true;
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Add table
Add a link
Reference in a new issue