diff --git a/modules/nixos/services/homeserver/default.nix b/modules/nixos/services/homeserver/default.nix index a75002b..5f75bd4 100755 --- a/modules/nixos/services/homeserver/default.nix +++ b/modules/nixos/services/homeserver/default.nix @@ -4,6 +4,7 @@ imports = [ ./caddy.nix ./cloudflared.nix + ./grafana.nix ./kanidm.nix ./nextcloud.nix ./ntfy.nix diff --git a/modules/nixos/services/homeserver/grafana.nix b/modules/nixos/services/homeserver/grafana.nix new file mode 100644 index 0000000..4abbe46 --- /dev/null +++ b/modules/nixos/services/homeserver/grafana.nix @@ -0,0 +1,104 @@ +{ config, pkgs, ... }: + +{ + sops.secrets."grafana/secrets.env" = {}; + + services.caddy.virtualHosts."grafana.taild5f7e6.ts.net".extraConfig = + assert config.services.caddy.enable; + '' + import default-settings + + bind tailscale/grafana + + reverse_proxy localhost:${toString config.services.grafana.settings.server.http_port} + ''; + + systemd.services.grafana.serviceConfig.EnvironmentFile = config.sops.secrets."grafana/secrets.env".path; + + services.grafana = { + enable = true; + settings = { + server = { + domain = "grafana.taild5f7e6.ts.net"; + root_url = "https://grafana.taild5f7e6.ts.net/"; + enforce_domain = true; + http_addr = "127.0.0.1"; + http_port = 9001; + + enable_gzip = true; + }; + + security = { + secret_key = "$__env{GRAFANA_SECRET_KEY}"; + cookie_secure = true; + disable_gravatar = true; + }; + + analytics = { + reporting_enabled = false; + feedback_links_enabled = false; + }; + }; + + provision = { + enable = true; + + dashboards.settings.providers = [ + { + name = "Node Exporter Full"; + disableDeletion = true; + options.path = builtins.fetchurl { + url = "https://grafana.com/api/dashboards/1860/revisions/42/download"; + name = "node-exporter-full.json"; + sha256 = "sha256:0phjy96kq4kymzggm0r51y8i2s2z2x3p69bd5nx4n10r33mjgn54"; + }; + } + ]; + + datasources.settings.datasources = [ + { + name = "Prometheus"; + type = "prometheus"; + url = "http://127.0.0.1:${toString config.services.prometheus.port}"; + } + ]; + }; + }; + + services.caddy.virtualHosts."prometheus.taild5f7e6.ts.net".extraConfig = + assert config.services.caddy.enable; + '' + import default-settings + + bind tailscale/prometheus + + reverse_proxy localhost:${toString config.services.prometheus.port} + ''; + + services.prometheus = { + enable = true; + listenAddress = "127.0.0.1"; + port = 9000; + webExternalUrl = "https://prometheus.taild5f7e6.ts.net"; + + globalConfig.scrape_interval = "10s"; + + exporters.node = { + enable = true; + listenAddress = "127.0.0.1"; + port = 9002; + enabledCollectors = [ "systemd" "processes" ]; + }; + + scrapeConfigs = [ + { + job_name = "Node exporter"; + static_configs = [ + { + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + } + ]; + } + ]; + }; +} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 9045989..7584b9b 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -6,6 +6,8 @@ caddy: wo2wz.fyi.key: ENC[AES256_GCM,data:8uiuUyVx9yTtRQFR8DBpE5nh39pbsevlU1YFoKu2I/mO6Z1rS1LfUGh4fH6KuKqh1CNtd+e4JYtpUigCrWwcFg5th6K7tj7Zs+4bxigIn7DFpD38wko+1I2BoUOS6nyIgBJ8RL7DDlldS2K/Pow6F6j9kflha6sjUQ5ZFOeoWW1HV6GRNPKlk4/TDueRbYZKsPM0KeDRyCntbDWLE4ap2vLUvIGYoQAk+Ng5Xt3LMKeG2/LBUXp+EU7m4R1WHsmzHjIKtT7qgkhSvg6RwelBVFutp3fg3GbSEsC96D76osNsWNM/tDCqyu8VpG5fIYNXS+aS06wdvCmcvm13Qa1wnYMCvN7GrfNG+4BrarxrGBeb00UU1zBM11vNUyg2sWAhIrOt+5aTHM55rrcjNxJz+3OxEpEtkH7bKl6aL0Yk0/qxRFYHoBaAiRVd3kQ/2FbgTXF336fF40UGSSEoQ/y3Tbp0ad0rpqnxwP1mzK2s+blK5ljBQF3+vNyhQUbhmns3xZN063gvgE6OnK10RcnoKszQpPJ0uHEnjaHxHPkh1BxEgGHhH615+xcLT9O3jWUE/gONBEMQwBaL/f0qxPZZQrR837Yp3QphFrdfo8aobLNlGWZPgAmaphI09CEkDt9IiwM0GmbgoSMLa8uGaBY24W8q294zQwJtpjMt0ALSTEA1h4GdXpyM+iIDhCN5t8AENhFGF65cvHeKk9vvKkFIFOh4PXV/ITQd5VG3CSLgaKCbK3DA2TqFGscL1zf2j8crAR/ZajwTij+IEZd9qIutDE9al4zsSFD6EnkvKPAelC91MZ5S0UZ+c7HWY3j+BtYSEloq9hqZIW7eGO0HIPvhtVMHWlj6E8ujv3Jm0k0WnJ/pP2kEQGMfmutFSx/hAcb/vxs497i5H9oI7CY+yTIFZQiCjNy14m3sKR9dSCe0js7+fjP66KzKnJcoOyJRaOOE8zEz0pU8dgJiTF4mrGD0DTVLmBSq3l5GOOlH0a4FjOVqMzTy0NrbEAoTfqnPcBHhczbXQs+1NjNI2SwWXhSkXZbtnlPJKDUsHv9gjfUQOzL0jQGfmjy/CzEXq5dQUU/gl28i9/HehOvb84IE7hQIKL0Ddn7a8YJDzB0LfEadPjXA5R4sbml69SmUYNWQKQDmABfqM1nB45v/2+f5uzYe+fCxJiP89PR/FEWNvxipf8C9yMO3N+wjj05z4n0UK8q3YwxzZ35ry1kjOHelzXKTI9IakQ5yDlkX8ahDOrG01+qRRLQNoc6e2q7aEhTdNa1mY6ndhRHl1EV8Ed4As/77qDQOiVM6lhykdMdb/BI4d3qBVXwNqRH2kNOQig6mWmSKYL5YEA9sWOQ+CbK3j7TNGZPl8n4u7ya1zcP1m67vCFvc2Fr7rsKJOxoZzH22elfuE6hw6pHAv1m3iV8SYct2yDz81ngUYLzU5MBi8To/GgQIMVDoa4dZrh5aZtZ0OQpH/atQf+UfQS0GcrWw2o+HY96TaDMvGHSGDgE+lOM2ccoJLVFxNoZLqhYOxuK1CxMyd9DM8bjV/YExYritxG/D577M/bSJtpar+AAPrBp5RMjybhsnyxTPahQvihZz07Q4rLZIXjxr2eW04ijI8DBTDXX9uftUc8vDdY4dSy0CKoZ080ziDl6LLO3fVahuXQ6gmwrZdJ9W48Yt0Zc8eiDMZsQV/32IVJocvniZIIkS5nJA09+qoKCQGd+lW0uxjeiRTMYQWXVN7ktnmjaEeDeg1uqAF9QMdhwXGgVyPAppzp7u1s2tXAp8dZoPamczVLpktUg6kEcrDJHEVMTD8Zyoi+koy2C/g331E7Npe/jBrX3m8EBfE2nNBo17BBV7tRn8yBBGHLerw/4IjoOPZrF0NWcvJE/Xirx6lphBhu/JpFvDsfrO3v8qOClgadGIMbf4bA0UQ8NsqCvTmr95+5T7XpsK++YqlznEV4QveQwfxg67A9/uUyurBoidjx/dyMkFHjepk3TB05GZOKk6xuOwt9QhDq192ta2+PAyOoWJQMeexrIELKU1e1652zP+DQv797aqKRvE9og9Pog88VPHOg+8IJe534P9LCVdeTEV2WgfsY5Pj7Vp1qQft+d8aSCftFuQ2/umKlxaxnV/A2mXZcpZE0YQs9IE+P3YjqmqCfvkIzAGVr/HH2o5EdkYCBmuma296zgSyeQ2QfqYVcP09jkQLeCUKJAVEpvSV/TNWdzU8Hse58y7dZtabjcrXNJcv4V6sIaIUzk0D0QjqXxW8etZtglv3uWz,iv:bj2qvdXB4aSUIqzN5mRcMpC0cdgK5lQGFQHZQQ/or9g=,tag:zsqkNqyUcjB/YlblwdoOPw==,type:str] cloudflared: 8af2892d-d534-4e32-b867-5b79308a99d5.json: ENC[AES256_GCM,data:4fOlt/pNxQ9CSuKf1ZPv9odtdU+Q7NTlO56xGp5yY0AEZrbpljSlTS/b8dON5iVwRoUjUbUui8+jvDri7ad99e+kZUwzDC2S294oaQyPa5Bl4jrYZSFn6SWZbnBzyV5tVN0hoQlIMQ/oU53TvBAtNrj10toePH7iLB12AmqMCBshWEFUViAJqGcZZMrcarAT453FgtpR+f3vR8Wv90SGc7wHXARJZ4NzEIRmYD4dGA==,iv:1Mt9FJTlT7Sv9FvrNY97icXSi757ejt56lhc7OG1dJM=,tag:JxW5Cg6nPzzh4zxi9Wvw0A==,type:str] +grafana: + secrets.env: ENC[AES256_GCM,data:lWLfvr/pplCN1GzTiVF0avFzaqZX2+2kMK5bK19voyKGT8z6md/5vEKo4H9gDTKcSu7Y,iv:uj6wGI/OKtzvD4m+EVXfovvfRTCP4TnVxxnQtiwtpb4=,tag:syh4H2EnHgMJHQGyhBg+1g==,type:str] kanidm: oauth2: nextcloud: ENC[AES256_GCM,data:P7ha6OwX6A5PyNO4xy+UTfdQBeKbktJbK5Ggv/fLuW+SDrxTehuwM1F9A5el3j1Dsegk3VsrrTPBZTVU6i5qwA==,iv:YcvNvAZHjdBd9q5Uxdp+Phj5uQRqLoRi33rIzUcv7Ng=,tag:cXM58lfOpHbTbaJRNUm1Kw==,type:str] @@ -31,7 +33,7 @@ sops: N0U5bkt4aXJOS3N0Z2N4YTg4TDVUVncKCQLUTMmdM/IPzV3NDRhPdta1tvXxy/6P RYbLzlUryw+tqfTp8nDrdxyOWScLNzPOswAq0Qf7VMcEQ5bJEkAOhQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-02T23:07:45Z" - mac: ENC[AES256_GCM,data:woNQuo1JHFv69FY7AxrPRCqYz5TeVgd8/bEdjn3R19BiveXeo936FqpMO7nHDaSiPdOkoBmYV+Y0AXqBP4AvxGbWbT9pJ+ExuwszOvKVkNdPzH5QT77iDez7GiYIOkVW0sqbFdiBLPi5rLCL8M2M0TgO1R/VcXwdR0EUtpA9/Jc=,iv:bRjnnUwzYnGtIE5GWibpgTU+SWK6RdPi0CBaYNa4Zqg=,tag:8+G0xdTGvyEzwEirePXJxw==,type:str] + lastmodified: "2025-11-03T19:35:32Z" + mac: ENC[AES256_GCM,data:vN6cjwfohcSPtqjSc+PJbuLDXGZauk92/ICRi3u2KiXZiThbTHJVVRM5b9s/nPBKMfEXoNu1VW0G3FiM5AZIrJDDlzUrF63iGm8m4WHMp37EcKCAm+VUGJqSd2Tg5AzR0JBgf85MSpCuv+4Btu8y9l4cpJWWfD+xXaq77wrx7nk=,iv:u7i2waGlejnICk6xQGs59EVchPTpBv1Y/FSwr/tmJwM=,tag:+H6py1V65Y+QKQ0WQ4i5wg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0