{ config, ... }: let domain = "monitoring.${config.networking.domain}"; in { age.secrets."grafana/oidc_secret" = { file = ../../../../secrets/nuc/grafana/oidc.age; owner = "grafana"; }; # grafana configuration services.grafana = { enable = true; settings = { server = { inherit domain; http_addr = "127.0.0.1"; http_port = 2342; root_url = "https://${domain}"; }; database = { type = "postgres"; user = "grafana"; host = "/run/postgresql"; }; "auth.generic_oauth" = { enabled = true; name = "Authentik"; allow_sign_up = true; client_id = "grafana"; client_secret = "$__file{${config.age.secrets."grafana/oidc_secret".path}}"; scopes = "openid email profile offline_access roles"; email_attribute_path = "email"; login_attribute_path = "username"; name_attribute_path = "full_name"; auth_url = "https://auth.rfive.de/application/o/authorize/"; token_url = "https://auth.rfive.de/application/o/token/"; api_url = "https://auth.rfive.de/application/o/userinfo/"; role_attribute_path = "contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'"; }; }; }; services.postgresql = { enable = true; ensureUsers = [ { name = "grafana"; ensureDBOwnership = true; } ]; ensureDatabases = [ "grafana" ]; }; services.prometheus = { enable = true; port = 9001; exporters = { node = { enable = true; enabledCollectors = [ "systemd" ]; }; # postfix = { # enable = true; # port = 9003; # }; }; scrapeConfigs = [ { job_name = "node"; static_configs = [{ targets = [ "nuc.vpn.rfive.de:${toString config.services.prometheus.exporters.node.port}" "falkenstein.vpn.rfive.de:${toString config.services.prometheus.exporters.node.port}" "cudy.vpn.rfive.de:${toString config.services.prometheus.exporters.node.port}" "fujitsu.vpn.rfive.de:${toString config.services.prometheus.exporters.node.port}" ]; }]; scrape_interval = "15s"; } { job_name = "postfix"; static_configs = [{ targets = [ "falkenstein.vpn.rfive.de:${toString config.services.prometheus.exporters.postfix.port}" ]; }]; } ]; }; # nginx reverse proxy services.caddy.virtualHosts.${domain}.extraConfig = '' reverse_proxy 127.0.0.1:${toString config.services.grafana.settings.server.http_port} ''; }