forked from Drift/pvv-nixos-config
ildkule: switch grafana db from sqlite to postgres
This commit is contained in:
parent
e7786fee0c
commit
171fea39bc
|
@ -1,15 +1,41 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, values, ... }: let
|
||||||
|
|
||||||
let
|
|
||||||
cfg = config.services.grafana;
|
cfg = config.services.grafana;
|
||||||
in {
|
in {
|
||||||
|
sops.secrets = let
|
||||||
|
owner = "grafana";
|
||||||
|
group = "grafana";
|
||||||
|
in {
|
||||||
|
"keys/grafana/secret_key" = { inherit owner group; };
|
||||||
|
"keys/grafana/admin_password" = { inherit owner group; };
|
||||||
|
"keys/postgres/grafana" = { inherit owner group; };
|
||||||
|
};
|
||||||
|
|
||||||
services.grafana = {
|
services.grafana = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings.server = {
|
|
||||||
|
settings = let
|
||||||
|
# See https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider
|
||||||
|
secretFile = path: "$__file{${path}}";
|
||||||
|
in {
|
||||||
|
server = {
|
||||||
domain = "ildkule.pvv.ntnu.no";
|
domain = "ildkule.pvv.ntnu.no";
|
||||||
http_port = 2342;
|
http_port = 2342;
|
||||||
http_addr = "127.0.0.1";
|
http_addr = "127.0.0.1";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
security = {
|
||||||
|
secret_key = secretFile config.sops.secrets."keys/grafana/secret_key".path;
|
||||||
|
admin_password = secretFile config.sops.secrets."keys/grafana/admin_password".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
database = {
|
||||||
|
type = "postgres";
|
||||||
|
user = "grafana";
|
||||||
|
host = "${values.hosts.bicep.ipv4}:5432";
|
||||||
|
password = secretFile config.sops.secrets."keys/postgres/grafana".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
provision = {
|
provision = {
|
||||||
enable = true;
|
enable = true;
|
||||||
datasources.settings.datasources = [
|
datasources.settings.datasources = [
|
||||||
|
|
|
@ -9,7 +9,11 @@
|
||||||
#ENC[AES256_GCM,data:pHSDnojWTLYXIKk=,iv:ph2xCpxbP3OiWm+B/MDboykPa2gtCWpP0b3j96YCDh4=,tag:u5hmvxHaa/m8GaSeYvONmg==,type:comment]
|
#ENC[AES256_GCM,data:pHSDnojWTLYXIKk=,iv:ph2xCpxbP3OiWm+B/MDboykPa2gtCWpP0b3j96YCDh4=,tag:u5hmvxHaa/m8GaSeYvONmg==,type:comment]
|
||||||
#ENC[AES256_GCM,data:Q0fCyyP0DJqUyJPo,iv:qwBE3c2VqF52Yq8POXhy2Qv2xJd82wL1aX4eVY6wL1w=,tag:IwmbD7XqIkemOTODBKpS0g==,type:comment]
|
#ENC[AES256_GCM,data:Q0fCyyP0DJqUyJPo,iv:qwBE3c2VqF52Yq8POXhy2Qv2xJd82wL1aX4eVY6wL1w=,tag:IwmbD7XqIkemOTODBKpS0g==,type:comment]
|
||||||
keys:
|
keys:
|
||||||
|
grafana:
|
||||||
|
secret_key: ENC[AES256_GCM,data:+WoAJbDBEgKs0RoHT+7oEELAVQ+/2Xt+5RTMSXg23moCqVRx+Gzll9P5Drw=,iv:AkRn/Y20iEe5i1T+84wAgLCTFtAox2G3giyawAkltAw=,tag:BZbt5Wb5lYLIJBm/pfP4GQ==,type:str]
|
||||||
|
admin_password: ENC[AES256_GCM,data:ttKwfC4WuXeL/6x4,iv:x1X+e3z08CR992GzC62YnFIN7SGrE81/nDNrgcgVzx0=,tag:YajUoy61kYbpeGeC7yNrXQ==,type:str]
|
||||||
postgres:
|
postgres:
|
||||||
|
grafana: ENC[AES256_GCM,data:D6qkg98WZYzKYegSNBb31v8o+KHisGmJ+ab5Ut7EMtsJz36kUup5RS4EbtM=,iv:rfE1uH1QycKMTpSq2p1ntQ2BIvptAh2J3l/QcQhiuLo=,tag:QxmGFcekjFRPf6orN86IxQ==,type:str]
|
||||||
postgres_exporter_env: ENC[AES256_GCM,data:8MEoikoA6tFNm9qZbk0DFWANd7nRs5QSqrsGLoLKPIc1xykJaXTlyP5v8ywVGR8j7bfPs4p6QfpUIWK8CCnfQ1QhsFPXUMksl8p+K+xuMakYZr9OoWigGqvOHpFb9blfBN1FBdRrk38REXWAMUn74KSRI9v+0i5lpC4=,iv:anpjWVUadKfSAm9XbkeAKu+jAk+LxcpVYQ+gUe5szYw=,tag:4tzb/8B/e1uVoqTsQGlcKA==,type:str]
|
postgres_exporter_env: ENC[AES256_GCM,data:8MEoikoA6tFNm9qZbk0DFWANd7nRs5QSqrsGLoLKPIc1xykJaXTlyP5v8ywVGR8j7bfPs4p6QfpUIWK8CCnfQ1QhsFPXUMksl8p+K+xuMakYZr9OoWigGqvOHpFb9blfBN1FBdRrk38REXWAMUn74KSRI9v+0i5lpC4=,iv:anpjWVUadKfSAm9XbkeAKu+jAk+LxcpVYQ+gUe5szYw=,tag:4tzb/8B/e1uVoqTsQGlcKA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
|
@ -44,8 +48,8 @@ sops:
|
||||||
a2hQVVprakt5NURpNXdQUjREczJKWTgKn60yrLqco9brlqigAolO8rEkww9z3y3u
|
a2hQVVprakt5NURpNXdQUjREczJKWTgKn60yrLqco9brlqigAolO8rEkww9z3y3u
|
||||||
KmefLVZCGfoko+fnKLVE9UKFS/tAowqgPS1qE76u1Mmkk6yqZoG9rg==
|
KmefLVZCGfoko+fnKLVE9UKFS/tAowqgPS1qE76u1Mmkk6yqZoG9rg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-01-21T23:46:53Z"
|
lastmodified: "2023-01-22T01:11:03Z"
|
||||||
mac: ENC[AES256_GCM,data:CNmF0R8LLQbemjk7YnavmQsDFD1XYNQzXmPMtOdwj9dAB4uRJS0/eEBF59u007ObSK8hfk+Qw3wpnJmNLj0MBo7lmwmnsVb7RC9DlB53UFFcKisb8s+kASBmJQqmVoHk97IZNWlMYmxxfwrCOe3dvzfWupYuuLpgZM7nGlJhz6E=,iv:IP7l48mtgcVdQRJcYDVi1Vd6MhSgeWYQyu/rm+TJWFo=,tag:r5yR2rB0ZuC8yUCPw1+OCg==,type:str]
|
mac: ENC[AES256_GCM,data:qR9M3jAIEsT/65yl6p12BQTHVvAu+oD2ufp7BSLk421mZYfQsKYFh//OZIe5wUE7XDDzhme/oIZGIQX8txaUuDDvFGQO8pQ/Oe19j7MoRG6o/UOTD9nlxcOf/oGekex2vkg5MUgfB1rotSp9Yq6fspVciKQKEawxPCHejqKQRNk=,iv:BkCoXNVAD6joueXkyWApeeZmYj2yopGGG+qK494Ah24=,tag:ax0AUfZdCA3saCYWLsYNrA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-01-21T19:52:08Z"
|
- created_at: "2023-01-21T19:52:08Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
|
@ -25,5 +25,9 @@ in rec {
|
||||||
ipv4 = pvv-ipv4 187;
|
ipv4 = pvv-ipv4 187;
|
||||||
ipv6 = pvv-ipv6 "1:187";
|
ipv6 = pvv-ipv6 "1:187";
|
||||||
};
|
};
|
||||||
|
bicep = {
|
||||||
|
ipv4 = pvv-ipv4 209;
|
||||||
|
ipv6 = pvv-ipv6 209;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue