From c721c57198dbb89dc0753119f9c118d1e6c1126a Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@private.storage>
Date: Tue, 13 Jul 2021 09:59:27 +0000
Subject: [PATCH] Add correct letsEncryptAdminEmail to grafana web server

---
 morph/grid/local/grid.nix                   | 2 +-
 morph/lib/customize-monitoring.nix          | 6 +++++-
 nixos/modules/monitoring/server/grafana.nix | 9 +++++++++
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index b10bd83a..994c43d4 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -50,7 +50,7 @@ let
       (gridlib.hardware-virtual ({ publicIPv4 = "192.168.67.24"; }))
       (gridlib.customize-monitoring {
         inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
-        inherit (config) domain publicKeyPath privateKeyPath;
+        inherit (config) domain publicKeyPath privateKeyPath letsEncryptAdminEmail;
         monitoringvpnIPv4 = "172.23.23.1";
         stateVersion = "19.09";
       })
diff --git a/morph/lib/customize-monitoring.nix b/morph/lib/customize-monitoring.nix
index 906e900a..8fea5773 100644
--- a/morph/lib/customize-monitoring.nix
+++ b/morph/lib/customize-monitoring.nix
@@ -13,6 +13,7 @@
 , privateKeyPath
 , monitoringvpnIPv4
 , domain
+, letsEncryptAdminEmail
 
   # A list of VPN IP addresses as strings indicating which clients will be
   # allowed onto the VPN.
@@ -59,7 +60,10 @@
     inherit paymentExporterTargets;
   };
 
-  services.private-storage.monitoring.grafana.domain = "${config.networking.hostName}.${config.networking.domain}";
+  services.private-storage.monitoring.grafana = {
+    inherit letsEncryptAdminEmail;
+    domain = "${config.networking.hostName}.${config.networking.domain}";
+  };
 
   system.stateVersion = stateVersion;
 }
diff --git a/nixos/modules/monitoring/server/grafana.nix b/nixos/modules/monitoring/server/grafana.nix
index e035b6d3..329c7a19 100644
--- a/nixos/modules/monitoring/server/grafana.nix
+++ b/nixos/modules/monitoring/server/grafana.nix
@@ -34,6 +34,13 @@ in {
       default = "http://localhost:3100/";
       description = "The URL of the Loki host to access";
     };
+    letsEncryptAdminEmail = lib.mkOption
+    { type = lib.types.str;
+      description = ''
+        An email address to give to Let's Encrypt as an
+        operational contact for the service's TLS certificate.
+      '';
+    };
     googleOAuthClientID = lib.mkOption
     { type = lib.types.str;
       example = lib.literalExample "grafana-staging-345678";
@@ -87,6 +94,8 @@ in {
     };
 
     # nginx reverse proxy
+    security.acme.email = cfg.letsEncryptAdminEmail;
+    security.acme.acceptTerms = true;
     services.nginx = {
       enable = true;
 
-- 
GitLab