-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathgrafana.nix
81 lines (78 loc) · 2.25 KB
/
grafana.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
let
secrets = import ./secrets.nix;
adminPasswordPath = "/etc/secrets/grafana/gf_admin_password";
influxDBTokenPath = "/etc/secrets/grafana/gf_influxdb_token";
in
{
systemd.tmpfiles.rules = [
"f+ ${adminPasswordPath} 0600 grafana grafana - ${secrets.grafana.admin_password}"
"f+ ${influxDBTokenPath} 0600 grafana grafana - ${secrets.influxdb.token}"
];
services.postgresql = {
enable = true;
ensureDatabases = [ "grafana" ];
ensureUsers = [
{
name = "grafana";
ensureDBOwnership = true;
}
];
};
services.grafana = {
enable = true;
settings = {
server.http_addr = "0.0.0.0";
database = {
type = "postgres";
host = "/run/postgresql";
user = "grafana";
name = "grafana";
};
security = {
admin_user = "ymatsiuk";
admin_password = "$__file{${adminPasswordPath}}";
cookie_secure = true;
cookie_samesite = "strict";
content_security_policy = true;
content_security_policy_template = ''
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';
'';
};
analytics.reporting_enabled = false;
"auth.anonymous".hide_version = true;
};
provision = {
enable = true;
dashboards.settings = {
apiVersion = 1;
providers = [
{
name = "default";
options.path = ./grafana;
}
];
};
datasources.settings = {
apiVersion = 1;
datasources = [
{
name = "InfluxDB";
type = "influxdb";
uid = "influxdb2";
access = "proxy";
url = "http://localhost:8086";
secureJsonData = {
token = "$__file{${influxDBTokenPath}}";
};
jsonData = {
version = "Flux";
organization = "home";
defaultBucket = "hass";
tlsSkipVerify = true;
};
}
];
};
};
};
}