WIP: Got Grafana Working

2026-04-10 23:28:34 +02:00
parent ba3b1b4bb1
commit af52ae263e
3 changed files with 50 additions and 16 deletions
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -95,6 +95,8 @@
    };
  };

+  networking.firewall.allowedTCPPorts = [ 9002 ];
+
  users.users.${primaryUser} = {
    home = "/home/${primaryUser}";
    shell = pkgs.fish;
--- a/nixos/roles/monitoring.nix
+++ b/nixos/roles/monitoring.nix
@@ -1,22 +1,41 @@
 { config, ... }:
+let
+  serverIP = builtins.head (
+    builtins.match "([0-9.]+)/.*" config.systemd.network.networks."10-ethernet".networkConfig.Address
+  );
+in
 {
  services = {
    grafana = {
      enable = true;
-      domain = "grafana.cyperpunk.de";
-      port = 2342;
-      addr = "127.0.0.1";
-      settings.security.secret_key = "$__file{${config.sops.secrets.grafana_secret_key.path}}";
+      settings = {
+        server = {
+          domain = serverIP; # "grafana.cyperpunk.de";
+          http_port = 2342;
+          http_addr = "127.0.0.1";
+          serve_from_sub_path = false;
+        };
+        security = {
+          secret_key = "$__file{${config.sops.secrets.grafana_secret_key.path}}";
+          allow_embedding = true;
+        };
+        auth = {
+          disable_login_form = false;
+        };
+      };
    };

    # nginx reverse proxy
-    nginx.virtualHosts.${config.services.grafana.domain} = {
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
-        proxyWebsockets = true;
-        extraConfig = ''
-          proxy_set_header Host ${config.services.grafana.domain};
-        '';
+    nginx = {
+      enable = true;
+      virtualHosts.${config.services.grafana.settings.server.domain} = {
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
+          proxyWebsockets = true;
+          extraConfig = ''
+            proxy_set_header Host ${config.services.grafana.settings.server.domain};
+          '';
+        };
      };
    };

@@ -28,9 +47,15 @@
          job_name = config.networking.hostName;
          static_configs = [
            {
-              targets = [
-                "${config.networking.primaryIPAddress}:${toString config.services.prometheus.exporters.node.port}"
-              ];
+              targets = [ "${serverIP}:${toString config.services.prometheus.exporters.node.port}" ];
+            }
+          ];
+        }
+        {
+          job_name = "cyper-desktop";
+          static_configs = [
+            {
+              targets = [ "192.168.2.40:${toString config.services.prometheus.exporters.node.port}" ];
            }
          ];
        }
@@ -38,5 +63,8 @@
    };
  };

-  networking.firewall.allowedTCPPorts = [ 80 ];
+  networking.firewall.allowedTCPPorts = [
+    80
+    9001
+  ];
 }
--- a/nixos/sops.nix
+++ b/nixos/sops.nix
@@ -4,6 +4,10 @@
    defaultSopsFile = ../secrets/secrets.yaml;
    defaultSopsFormat = "yaml";
    age.keyFile = "/home/${primaryUser}/.config/nix/secrets/keys.txt";
-    grafana_secret_key = { };
+    secrets = {
+      grafana_secret_key = {
+        owner = "grafana";
+      };
+    };
  };
 }