Skip to content
Snippets Groups Projects
Commit 85e626ad authored by Florian Sesser's avatar Florian Sesser
Browse files

Make Grafana read the Slack Alerter URL from its environment

Unfortunately still prints a bold warning on deployment.
parent bc8f13e0
Branches
No related tags found
2 merge requests!228merge develop into production,!185Enable alerting
......@@ -108,7 +108,7 @@ let
inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
inherit (grid-config) letsEncryptAdminEmail;
googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
# slackAlertChannelSecretUrl = lib.readFile ;
enableSlackAlert = true;
monitoringvpnIPv4 = "172.23.23.1";
stateVersion = "19.09";
})
......
SLACKURL=https://hooks.slack.com/services/x/y/z
......@@ -32,9 +32,10 @@
# logins to Grafana.
, googleOAuthClientID
# A (secret) Slack URL to post alerts to. Make one for your Slack channel
# at https://www.slack.com/apps/A0F7XDUAZ.
, slackAlertChannelSecretUrl ? ""
# Whether or not to enable slack alerting. Expects a SLACKURL environment
# variable with the secret URL. Get the secret URL for your Slack at
# https://www.slack.com/apps/A0F7XDUAZ.
, enableSlackAlert ? false
# A string giving the NixOS state version for the system.
, stateVersion
......@@ -75,12 +76,25 @@ in {
action = ["sudo" "systemctl" "restart" "grafana.service"];
};
};
grafanaEnvironment =
if !enableSlackAlert
then {}
else {
"grafanaEnvironment" = {
source = "${privateKeyPath}/grafanaEnvironment";
destination = "/run/keys/grafanaEnvironment";
owner.user = config.systemd.services.grafana.serviceConfig.User;
owner.group = config.users.users.grafana.group;
permissions = "0400";
action = ["sudo" "systemctl" "restart" "grafana.service"];
};
};
monitoringvpn = {
"monitoringvpn-private-key".source = "${privateKeyPath}/monitoringvpn/server.key";
"monitoringvpn-preshared-key".source = "${privateKeyPath}/monitoringvpn/preshared.key";
};
in
grafanaSSO // monitoringvpn;
grafanaSSO // grafanaEnvironment // monitoringvpn;
networking.hosts = hostsMap;
......@@ -100,7 +114,7 @@ in {
services.private-storage.monitoring.grafana = {
inherit letsEncryptAdminEmail;
inherit googleOAuthClientID;
inherit slackAlertChannelSecretUrl;
inherit enableSlackAlert;
domain = "${config.networking.hostName}.${config.networking.domain}";
};
......
......@@ -62,11 +62,18 @@ in {
default = /run/keys/grafana-admin.password;
description = "A file containing the password for the Grafana Admin account.";
};
slackAlertChannelSecretUrl = lib.mkOption
{ type = lib.types.str;
default = "";
example = lib.literalExample "https://hooks.slack.com/services/x/y/z";
description = "If set, enables the slack alerter. Don't commit a secret URL to the repo, use readFile instead.";
enableSlackAlert = lib.mkOption
{ type = lib.types.bool;
default = false;
description = ''
Enables the slack alerter. Expects a $SLACKURL environment
variable with the secret URL in grafanaEnvironmentFile.
'';
};
grafanaEnvironmentFile = lib.mkOption
{ type = lib.types.path;
default = /run/keys/grafanaEnvironment;
description = "Where to find the Grafana Systemd EnvironmentFile.";
};
};
......@@ -74,6 +81,8 @@ in {
# Port 80 for ACME ssl retrieval only. 443 for nginx -> grafana.
networking.firewall.allowedTCPPorts = [ 80 443 ];
systemd.services.grafana.serviceConfig.EnvironmentFile = cfg.grafanaEnvironmentFile;
services.grafana = {
enable = true;
domain = cfg.domain;
......@@ -128,17 +137,18 @@ in {
options.path = ./grafana-dashboards;
}];
# See https://grafana.com/docs/grafana/latest/administration/provisioning/#example-alert-notification-channels-config-file
notifiers = [ ] ++ (lib.optionals ("" != cfg.slackAlertChannelSecretUrl) [{
notifiers = [ ] ++ (lib.optionals (cfg.enableSlackAlert) [{
uid = "slack-notifier-1";
name = "Slack";
type = "slack";
is_default = true;
send_reminder = false;
settings = {
username = "${cfg.domain}";
uploadImage = true;
};
secure_settings = {
url = cfg.slackAlertChannelSecretUrl;
url = "$SLACKURL";
};
}]);
};
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment