ildkule: switch grafana db from sqlite to postgres

This commit is contained in:
Oystein Kristoffer Tveit 2023-01-22 02:18:21 +01:00
parent e7786fee0c
commit 171fea39bc
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
3 changed files with 43 additions and 9 deletions

View File

@ -1,15 +1,41 @@
{ config, pkgs, ... }: { config, pkgs, values, ... }: let
let
cfg = config.services.grafana; cfg = config.services.grafana;
in { in {
sops.secrets = let
owner = "grafana";
group = "grafana";
in {
"keys/grafana/secret_key" = { inherit owner group; };
"keys/grafana/admin_password" = { inherit owner group; };
"keys/postgres/grafana" = { inherit owner group; };
};
services.grafana = { services.grafana = {
enable = true; enable = true;
settings.server = {
settings = let
# See https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider
secretFile = path: "$__file{${path}}";
in {
server = {
domain = "ildkule.pvv.ntnu.no"; domain = "ildkule.pvv.ntnu.no";
http_port = 2342; http_port = 2342;
http_addr = "127.0.0.1"; http_addr = "127.0.0.1";
}; };
security = {
secret_key = secretFile config.sops.secrets."keys/grafana/secret_key".path;
admin_password = secretFile config.sops.secrets."keys/grafana/admin_password".path;
};
database = {
type = "postgres";
user = "grafana";
host = "${values.hosts.bicep.ipv4}:5432";
password = secretFile config.sops.secrets."keys/postgres/grafana".path;
};
};
provision = { provision = {
enable = true; enable = true;
datasources.settings.datasources = [ datasources.settings.datasources = [

View File

@ -9,7 +9,11 @@
#ENC[AES256_GCM,data:pHSDnojWTLYXIKk=,iv:ph2xCpxbP3OiWm+B/MDboykPa2gtCWpP0b3j96YCDh4=,tag:u5hmvxHaa/m8GaSeYvONmg==,type:comment] #ENC[AES256_GCM,data:pHSDnojWTLYXIKk=,iv:ph2xCpxbP3OiWm+B/MDboykPa2gtCWpP0b3j96YCDh4=,tag:u5hmvxHaa/m8GaSeYvONmg==,type:comment]
#ENC[AES256_GCM,data:Q0fCyyP0DJqUyJPo,iv:qwBE3c2VqF52Yq8POXhy2Qv2xJd82wL1aX4eVY6wL1w=,tag:IwmbD7XqIkemOTODBKpS0g==,type:comment] #ENC[AES256_GCM,data:Q0fCyyP0DJqUyJPo,iv:qwBE3c2VqF52Yq8POXhy2Qv2xJd82wL1aX4eVY6wL1w=,tag:IwmbD7XqIkemOTODBKpS0g==,type:comment]
keys: keys:
grafana:
secret_key: ENC[AES256_GCM,data:+WoAJbDBEgKs0RoHT+7oEELAVQ+/2Xt+5RTMSXg23moCqVRx+Gzll9P5Drw=,iv:AkRn/Y20iEe5i1T+84wAgLCTFtAox2G3giyawAkltAw=,tag:BZbt5Wb5lYLIJBm/pfP4GQ==,type:str]
admin_password: ENC[AES256_GCM,data:ttKwfC4WuXeL/6x4,iv:x1X+e3z08CR992GzC62YnFIN7SGrE81/nDNrgcgVzx0=,tag:YajUoy61kYbpeGeC7yNrXQ==,type:str]
postgres: postgres:
grafana: ENC[AES256_GCM,data:D6qkg98WZYzKYegSNBb31v8o+KHisGmJ+ab5Ut7EMtsJz36kUup5RS4EbtM=,iv:rfE1uH1QycKMTpSq2p1ntQ2BIvptAh2J3l/QcQhiuLo=,tag:QxmGFcekjFRPf6orN86IxQ==,type:str]
postgres_exporter_env: ENC[AES256_GCM,data:8MEoikoA6tFNm9qZbk0DFWANd7nRs5QSqrsGLoLKPIc1xykJaXTlyP5v8ywVGR8j7bfPs4p6QfpUIWK8CCnfQ1QhsFPXUMksl8p+K+xuMakYZr9OoWigGqvOHpFb9blfBN1FBdRrk38REXWAMUn74KSRI9v+0i5lpC4=,iv:anpjWVUadKfSAm9XbkeAKu+jAk+LxcpVYQ+gUe5szYw=,tag:4tzb/8B/e1uVoqTsQGlcKA==,type:str] postgres_exporter_env: ENC[AES256_GCM,data:8MEoikoA6tFNm9qZbk0DFWANd7nRs5QSqrsGLoLKPIc1xykJaXTlyP5v8ywVGR8j7bfPs4p6QfpUIWK8CCnfQ1QhsFPXUMksl8p+K+xuMakYZr9OoWigGqvOHpFb9blfBN1FBdRrk38REXWAMUn74KSRI9v+0i5lpC4=,iv:anpjWVUadKfSAm9XbkeAKu+jAk+LxcpVYQ+gUe5szYw=,tag:4tzb/8B/e1uVoqTsQGlcKA==,type:str]
sops: sops:
kms: [] kms: []
@ -44,8 +48,8 @@ sops:
a2hQVVprakt5NURpNXdQUjREczJKWTgKn60yrLqco9brlqigAolO8rEkww9z3y3u a2hQVVprakt5NURpNXdQUjREczJKWTgKn60yrLqco9brlqigAolO8rEkww9z3y3u
KmefLVZCGfoko+fnKLVE9UKFS/tAowqgPS1qE76u1Mmkk6yqZoG9rg== KmefLVZCGfoko+fnKLVE9UKFS/tAowqgPS1qE76u1Mmkk6yqZoG9rg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-21T23:46:53Z" lastmodified: "2023-01-22T01:11:03Z"
mac: ENC[AES256_GCM,data:CNmF0R8LLQbemjk7YnavmQsDFD1XYNQzXmPMtOdwj9dAB4uRJS0/eEBF59u007ObSK8hfk+Qw3wpnJmNLj0MBo7lmwmnsVb7RC9DlB53UFFcKisb8s+kASBmJQqmVoHk97IZNWlMYmxxfwrCOe3dvzfWupYuuLpgZM7nGlJhz6E=,iv:IP7l48mtgcVdQRJcYDVi1Vd6MhSgeWYQyu/rm+TJWFo=,tag:r5yR2rB0ZuC8yUCPw1+OCg==,type:str] mac: ENC[AES256_GCM,data:qR9M3jAIEsT/65yl6p12BQTHVvAu+oD2ufp7BSLk421mZYfQsKYFh//OZIe5wUE7XDDzhme/oIZGIQX8txaUuDDvFGQO8pQ/Oe19j7MoRG6o/UOTD9nlxcOf/oGekex2vkg5MUgfB1rotSp9Yq6fspVciKQKEawxPCHejqKQRNk=,iv:BkCoXNVAD6joueXkyWApeeZmYj2yopGGG+qK494Ah24=,tag:ax0AUfZdCA3saCYWLsYNrA==,type:str]
pgp: pgp:
- created_at: "2023-01-21T19:52:08Z" - created_at: "2023-01-21T19:52:08Z"
enc: | enc: |

View File

@ -25,5 +25,9 @@ in rec {
ipv4 = pvv-ipv4 187; ipv4 = pvv-ipv4 187;
ipv6 = pvv-ipv6 "1:187"; ipv6 = pvv-ipv6 "1:187";
}; };
bicep = {
ipv4 = pvv-ipv4 209;
ipv6 = pvv-ipv6 209;
};
}; };
} }