Skyler Grey | 2ca6ccd | 2023-10-14 22:56:43 +0000 | [diff] [blame] | 1 | { lib, config, base, pkgs, helpers, ... }: |
Skyler Grey | fe1740c | 2023-10-21 01:24:18 +0000 | [diff] [blame] | 2 | lib.recursiveUpdate { |
Skyler Grey | 6f0f43d | 2023-05-03 15:01:05 +0000 | [diff] [blame] | 3 | services.grafana = { |
| 4 | enable = true; |
| 5 | |
| 6 | settings = { |
| 7 | server = rec { |
| 8 | domain = "logs.clicks.codes"; |
Skyler Grey | a78aa67 | 2023-05-20 13:48:18 +0200 | [diff] [blame] | 9 | root_url = "https://${domain}"; |
Skyler Grey | 6f0f43d | 2023-05-03 15:01:05 +0000 | [diff] [blame] | 10 | http_port = 9052; |
| 11 | enable_gzip = true; |
| 12 | }; |
| 13 | analytics.reporting_enabled = false; |
TheCodedProf | a7cc4e9 | 2023-10-10 19:29:06 -0400 | [diff] [blame] | 14 | "auth.generic_oauth" = { |
| 15 | enabled = true; |
| 16 | name = "Clicks OAuth"; |
| 17 | allow_sign_up = true; |
| 18 | client_id = "grafana"; |
| 19 | client_secret = "!!client_secret!!"; |
| 20 | scopes = "openid email profile offline_access roles"; |
| 21 | email_attribute_path = "email"; |
| 22 | login_attribute_path = "login"; |
| 23 | name_attribute_path = "name"; |
| 24 | auth_url = |
| 25 | "https://login.clicks.codes/realms/clicks/protocol/openid-connect/auth"; |
| 26 | token_url = |
| 27 | "https://login.clicks.codes/realms/clicks/protocol/openid-connect/token"; |
| 28 | api_url = |
| 29 | "https://login.clicks.codes/realms/clicks/protocol/openid-connect/userinfo"; |
| 30 | role_attribute_path = |
Skyler Grey | fe1740c | 2023-10-21 01:24:18 +0000 | [diff] [blame] | 31 | "contains(resource_access.grafana.roles[*], 'server_admin') && 'GrafanaAdmin' || contains(resource_access.grafana.roles[*], 'admin') && 'Admin' || contains(resource_access.grafana.roles[*], 'editor') && 'Editor' || 'Viewer'"; |
TheCodedProf | a7cc4e9 | 2023-10-10 19:29:06 -0400 | [diff] [blame] | 32 | allow_assign_grafana_admin = true; |
| 33 | auto_login = true; |
| 34 | }; |
| 35 | "auth.basic".enabled = false; |
| 36 | auth.disable_login_form = true; |
Skyler Grey | 6f0f43d | 2023-05-03 15:01:05 +0000 | [diff] [blame] | 37 | }; |
Skyler Grey | a78aa67 | 2023-05-20 13:48:18 +0200 | [diff] [blame] | 38 | |
| 39 | provision.datasources.settings.datasources = [{ |
| 40 | name = "clicks-postgresql"; |
| 41 | type = "postgres"; |
| 42 | access = "proxy"; |
| 43 | |
| 44 | url = "postgres://localhost:${toString config.services.postgresql.port}"; |
| 45 | user = "clicks_grafana"; |
TheCodedProf | a7cc4e9 | 2023-10-10 19:29:06 -0400 | [diff] [blame] | 46 | password = |
| 47 | "$__file{${config.sops.secrets.clicks_grafana_db_password.path}}"; |
Skyler Grey | a78aa67 | 2023-05-20 13:48:18 +0200 | [diff] [blame] | 48 | # defined in postgres.nix |
| 49 | }]; |
Skyler Grey | 6f0f43d | 2023-05-03 15:01:05 +0000 | [diff] [blame] | 50 | }; |
TheCodedProf | a7cc4e9 | 2023-10-10 19:29:06 -0400 | [diff] [blame] | 51 | |
| 52 | sops.secrets.clicks_grafana_client_secret = { |
| 53 | mode = "0600"; |
Skyler Grey | bcb46d3 | 2023-11-10 20:48:38 +0000 | [diff] [blame] | 54 | owner = config.users.users.root.name; |
| 55 | group = config.users.users.root.group; |
Samuel Shuert | f68685d | 2023-10-28 20:07:56 -0400 | [diff] [blame^] | 56 | sopsFile = ../../secrets/grafana.json; |
TheCodedProf | a7cc4e9 | 2023-10-10 19:29:06 -0400 | [diff] [blame] | 57 | format = "json"; |
| 58 | }; |
Skyler Grey | fe1740c | 2023-10-21 01:24:18 +0000 | [diff] [blame] | 59 | } (let isDerived = base != null; |
| 60 | in if isDerived then |
| 61 | let |
| 62 | generators = lib.generators; |
| 63 | cfg = config.services.grafana; |
| 64 | settingsFormatIni = pkgs.formats.ini { |
| 65 | listToValue = |
| 66 | lib.concatMapStringsSep " " (generators.mkValueStringDefault { }); |
| 67 | mkKeyValue = generators.mkKeyValueDefault { |
| 68 | mkValueString = v: |
| 69 | if v == null then "" else generators.mkValueStringDefault { } v; |
| 70 | } "="; |
| 71 | }; |
| 72 | grafana_cfgfile = settingsFormatIni.generate "config.ini" cfg.settings; |
| 73 | in { |
| 74 | scalpel.trafos."grafana.ini" = { |
| 75 | source = toString grafana_cfgfile; |
| 76 | matchers."client_secret".secret = |
| 77 | config.sops.secrets.clicks_grafana_client_secret.path; |
| 78 | owner = config.users.users.grafana.name; |
Skyler Grey | bcb46d3 | 2023-11-10 20:48:38 +0000 | [diff] [blame] | 79 | group = config.users.users.root.name; |
Skyler Grey | fe1740c | 2023-10-21 01:24:18 +0000 | [diff] [blame] | 80 | mode = "0400"; |
| 81 | }; |
TheCodedProf | a7cc4e9 | 2023-10-10 19:29:06 -0400 | [diff] [blame] | 82 | |
Skyler Grey | fe1740c | 2023-10-21 01:24:18 +0000 | [diff] [blame] | 83 | systemd.services.grafana.serviceConfig.ExecStart = lib.mkForce |
| 84 | (pkgs.writeShellScript "grafana-start" '' |
| 85 | set -o errexit -o pipefail -o nounset -o errtrace |
| 86 | shopt -s inherit_errexit |
TheCodedProf | a7cc4e9 | 2023-10-10 19:29:06 -0400 | [diff] [blame] | 87 | |
Skyler Grey | fe1740c | 2023-10-21 01:24:18 +0000 | [diff] [blame] | 88 | exec ${cfg.package}/bin/grafana-server -homepath ${cfg.dataDir} -config ${ |
| 89 | config.scalpel.trafos."grafana.ini".destination |
| 90 | } |
| 91 | ''); |
| 92 | systemd.services.grafana.restartTriggers = [ grafana_cfgfile ]; |
| 93 | } |
| 94 | else |
| 95 | { }) |