Skip to content
Snippets Groups Projects
Select Git revision
  • production protected
  • develop default protected
  • nixpkgs-upgrade-2024-12-23
  • 190-our-regular-updates-fill-up-the-servers-boot-partitions
  • nixpkgs-upgrade-2024-10-14
  • hro-cloud protected
  • 162.flexible-grafana-module
  • nixpkgs-upgrade-2024-05-13
  • nixpkgs-upgrade-2024-04-22
  • nixpkgs-upgrade-2024-03-25
  • nixpkgs-upgrade-2024-03-18
  • nixpkgs-upgrade-2024-03-11
  • nixpkgs-upgrade-2024-03-04
  • 163.jp-to-ben-for-prod
  • nixpkgs-upgrade-2024-02-26
  • 164.grafana-alert-rules
  • 157.authorize-new-hro-key
  • nixpkgs-upgrade-2024-02-19
  • nixpkgs-upgrade-2024-02-12
  • make-sure-we-run-a-openzfs-compatible-kernel
20 results
Blame Permalink
grafana.nix 6.87 KiB 
# Grafana Server
#
# Scope: Beautiful plots of time series data retrieved from Prometheus
# See https://christine.website/blog/prometheus-grafana-loki-nixos-2020-11-20

{ config, lib, ... }:

let
  cfg = config.services.private-storage.monitoring.grafana;
  grafanaAuth = if (cfg.googleOAuthClientID == "") then {
                  anonymous.enable = true;
                } else {
                  google.enable = true;
                  # Grafana considers it "sign up" to let in a user it has
                  # never seen before.
                  google.allowSignUp = true;
                  google.clientSecretFile = cfg.googleOAuthClientSecretFile;
                  google.clientId = cfg.googleOAuthClientID;
                };

in {
  options.services.private-storage.monitoring.grafana = {
    domains = lib.mkOption
    { type = lib.types.listOf lib.types.str;
      example = [ "grafana.grid.private.storage" ];
      description = "The domain names at which the server is reachable.";
    };
    prometheusUrl = lib.mkOption
    { type = lib.types.str;
      example = "http://prometheus:9090/";
      default = "http://localhost:9090/";
      description = "The URL of the Prometheus host to access";
    };
    lokiUrl = lib.mkOption
    { type = lib.types.str;
      example = "http://loki:3100/";
      default = "http://localhost:3100/";
      description = "The URL of the Loki host to access";
    };
    letsEncryptAdminEmail = lib.mkOption
    { type = lib.types.str;
      description = ''
        An email address to give to Let's Encrypt as an
        operational contact for the service's TLS certificate.
      '';
    };
    googleOAuthClientID = lib.mkOption
    { type = lib.types.str;
      example = "grafana-staging-345678";
      default = "replace-by-your-client-id-or-set-empty-string-for-anonymous-access";
      description = "The GSuite OAuth2 SSO Client ID.  Empty string turns SSO auth off and anonymous (free for all) access on.";
    };
    googleOAuthClientSecretFile = lib.mkOption
    { type = lib.types.path;
      example = /var/secret/monitoring-gsuite-client-secret;
      default = /run/keys/grafana-google-sso.secret;
      description = "The path to the GSuite SSO secret file.";
    };
    adminPasswordFile = lib.mkOption
    { type = lib.types.path;
      example = "/var/secret/monitoring-admin-password";
      default = /run/keys/grafana-admin.password;
      description = "A file containing the password for the Grafana Admin account.";
    };
    enableSlackAlert = lib.mkOption
    { type = lib.types.bool;
      default = false;
      description = ''
        Enables the slack alerter. Expects a file that contains
        the secret Slack Web Hook URL in grafanaSlackUrlFile (see below).