WIP: Got Grafana Working

nixos/default.nix

@@ -95,6 +95,8 @@
     };
   };
 
+  networking.firewall.allowedTCPPorts = [ 9002 ];
+
   users.users.${primaryUser} = {
     home = "/home/${primaryUser}";
     shell = pkgs.fish;

nixos/roles/monitoring.nix

@@ -1,24 +1,43 @@
 { config, ... }:
+let
+  serverIP = builtins.head (
+    builtins.match "([0-9.]+)/.*" config.systemd.network.networks."10-ethernet".networkConfig.Address
+  );
+in
 {
   services = {
     grafana = {
       enable = true;
-      domain = "grafana.cyperpunk.de";
+      settings = {
-      port = 2342;
+        server = {
-      addr = "127.0.0.1";
+          domain = serverIP; # "grafana.cyperpunk.de";
-      settings.security.secret_key = "$__file{${config.sops.secrets.grafana_secret_key.path}}";
+          http_port = 2342;
+          http_addr = "127.0.0.1";
+          serve_from_sub_path = false;
+        };
+        security = {
+          secret_key = "$__file{${config.sops.secrets.grafana_secret_key.path}}";
+          allow_embedding = true;
+        };
+        auth = {
+          disable_login_form = false;
+        };
+      };
     };
 
     # nginx reverse proxy
-    nginx.virtualHosts.${config.services.grafana.domain} = {
+    nginx = {
+      enable = true;
+      virtualHosts.${config.services.grafana.settings.server.domain} = {
         locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
+          proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
           proxyWebsockets = true;
           extraConfig = ''
-          proxy_set_header Host ${config.services.grafana.domain};
+            proxy_set_header Host ${config.services.grafana.settings.server.domain};
           '';
         };
       };
+    };
 
     prometheus = {
       enable = true;
@@ -28,15 +47,24 @@
           job_name = config.networking.hostName;
           static_configs = [
             {
-              targets = [
+              targets = [ "${serverIP}:${toString config.services.prometheus.exporters.node.port}" ];
-                "${config.networking.primaryIPAddress}:${toString config.services.prometheus.exporters.node.port}"
+            }
           ];
         }
+        {
+          job_name = "cyper-desktop";
+          static_configs = [
+            {
+              targets = [ "192.168.2.40:${toString config.services.prometheus.exporters.node.port}" ];
+            }
           ];
         }
       ];
     };
   };
 
-  networking.firewall.allowedTCPPorts = [ 80 ];
+  networking.firewall.allowedTCPPorts = [
+    80
+    9001
+  ];
 }

nixos/sops.nix

@@ -4,6 +4,10 @@
     defaultSopsFile = ../secrets/secrets.yaml;
     defaultSopsFormat = "yaml";
     age.keyFile = "/home/${primaryUser}/.config/nix/secrets/keys.txt";
-    grafana_secret_key = { };
+    secrets = {
+      grafana_secret_key = {
+        owner = "grafana";
+      };
+    };
   };
 }