diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-31 17:01:36 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-31 17:01:36 +0100 |
commit | 8deefff11f92dc28424580989193e09c61906151 (patch) | |
tree | 06605f31299ff0aad09ed8fdee052523ac9be598 | |
parent | e1483ff2214541c2ad3f2f99770ed41544bb8721 (diff) | |
download | nixos-8deefff11f92dc28424580989193e09c61906151.tar nixos-8deefff11f92dc28424580989193e09c61906151.tar.gz nixos-8deefff11f92dc28424580989193e09c61906151.tar.bz2 nixos-8deefff11f92dc28424580989193e09c61906151.tar.xz nixos-8deefff11f92dc28424580989193e09c61906151.zip |
vidhar: grafana
-rw-r--r-- | hosts/vidhar/default.nix | 31 | ||||
-rw-r--r-- | hosts/vidhar/grafana-admin-password | 26 | ||||
-rw-r--r-- | hosts/vidhar/grafana-secret-key | 26 | ||||
-rw-r--r-- | hosts/vidhar/zfs.nix | 6 | ||||
-rw-r--r-- | modules/yggdrasil-wg/default.nix | 5 |
5 files changed, 93 insertions, 1 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index 29cd96db..ee67d254 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix | |||
@@ -119,5 +119,36 @@ | |||
119 | 119 | ||
120 | cpuFreqGovernor = "schedutil"; | 120 | cpuFreqGovernor = "schedutil"; |
121 | }; | 121 | }; |
122 | |||
123 | services.nginx = { | ||
124 | enable = true; | ||
125 | upstreams.grafana = { | ||
126 | servers = { "unix:${config.services.grafana.socket}" = {}; }; | ||
127 | }; | ||
128 | virtualHosts = { | ||
129 | ${config.services.grafana.domain} = { | ||
130 | locations."/" = { | ||
131 | proxyPass = "http://grafana"; | ||
132 | proxyWebsockets = true; | ||
133 | }; | ||
134 | }; | ||
135 | }; | ||
136 | }; | ||
137 | services.grafana = { | ||
138 | enable = true; | ||
139 | analytics.reporting.enable = false; | ||
140 | domain = "grafana.vidhar.yggdrasil"; | ||
141 | security.adminPasswordFile = config.sops.secrets."grafana-admin-password".path; | ||
142 | security.secretKeyFile = config.sops.secrets."grafana-secret-key".path; | ||
143 | protocol = "socket"; | ||
144 | }; | ||
145 | sops.secrets."grafana-admin-password" = { | ||
146 | format = "binary"; | ||
147 | sopsFile = ./grafana-admin-password; | ||
148 | }; | ||
149 | sops.secrets."grafana-secret-key" = { | ||
150 | format = "binary"; | ||
151 | sopsFile = ./grafana-secret-key; | ||
152 | }; | ||
122 | }; | 153 | }; |
123 | } | 154 | } |
diff --git a/hosts/vidhar/grafana-admin-password b/hosts/vidhar/grafana-admin-password new file mode 100644 index 00000000..56a69070 --- /dev/null +++ b/hosts/vidhar/grafana-admin-password | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:HHEQGFQxEfyuQZIHjvS4kw==,iv:04dLr3xnha39cObi9LXjzhbfxIcy13tgNm510e/WQfw=,tag:SnVtPyjmtcfjdc4fsDEMpg==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2021-12-31T15:57:51Z", | ||
10 | "mac": "ENC[AES256_GCM,data:Dqp4zA7D/hV5FQsp0czjym4MOjusC1CkmsitIHsD2XE87PN0LdAKTL/8tYSH+UGRdoSAnjyPYL5EastF5l4ubWNibom0R/it+TotvFBfaD27DWquZ3zvrwgjBXjaswGPYD5YbRocUmi1kOmZQtjegb6KTGpKicxwKbxg0xU/oHk=,iv:oHCqnCCSmwz23FItsThtNZC2J4doebMNVdhNkGv5+UM=,tag:u3owTxS9FHCZtG7YmDGbuw==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2021-12-31T15:57:38Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAQzuwBJzuzxQRohpEqMZtMaJo3c7FWAxJ1BrC0zOAJCQw\nzLfsrjUWCsxqBJkbK4h84Iun8OdulMHyAbg2knSGNWOQoe7ec1cGl06gFhuxkXzy\n0l4BEW/pamCejbYKw+OISBBB6atjs4b3aOzSbnJSBjauommsCnn8aJtZt1ZfctiY\nNo6tawcodNzYCzVmVDjfBM1270yrIP3W0hsttoyO/DQeZn2vB9YiFI59xnVqhrE7\n=tNlA\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2021-12-31T15:57:38Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA10EukKZpWrIMHrNrhbGBjKMvpco+UusoYebYNuSi9RAw\nc+UuuxmshOxq0n0RTjNBZvhixPcj7P9t12ldk1V1NYlHOocMFf5te1wPbkMoqZKz\n0l4Bl93nSz43RQYjeoQWleUSrBchNQ/WOs7Wr4DKgoZ5nC3q+Pn6qQ/yYayhDjpW\nHR+06wk41uF3lnoa1vhu43eK/7CbaqzUZPInBrYbkat7MvE33Mq9rcoXBomNT4eO\n=dSyp\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/vidhar/grafana-secret-key b/hosts/vidhar/grafana-secret-key new file mode 100644 index 00000000..aea7a8b6 --- /dev/null +++ b/hosts/vidhar/grafana-secret-key | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:wX0eku+X3z11qszRjbzANkpnzb0UPA==,iv:vDFM+mK0ylbzsm8bqUfByAylxJW36AM4O96ThbPVEps=,tag:fu2hHRhNCO4AAmXswWOr+w==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2021-12-31T15:58:23Z", | ||
10 | "mac": "ENC[AES256_GCM,data:6UhUWxJ1IAgM4tubK0dD1bTQwmJZCZ6KkLTlkPRkbVRpN6zQAK/RT665Ok2lGpxEZ2yYrAMUMGs4Kvpii7NwEd6vj2Ad+4rKZygJ1V2hnmSCN0AUC/EdzGorFheMy+yjqJSJIZTc+ZIpQ7n/mtdPe6SyxJfzJOLXIZ6xFlteAhQ=,iv:3Xwa0pBwieGDmPTCD1i8qavRI5oa1Bm8AIz+EA/l2X4=,tag:X0s9WfxtlaR6GKtnmnFvDg==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2021-12-31T15:57:56Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdA9CYiNCA1h7DNMvPg4qeFT1Yg1v3HdQRgUEj48QIYrDAw\navNJMsqFby1udTs4j80eY7hUm6FbD98MIr/Od0Pb1RznrLPcmTWYbSM6dHKLUjav\n0l4BJkl3Q8AiLsSWMfg9YQ7s5kBpzWmdajRJnV41lbMBKph0tRzzf/DvGjm9dDe2\nUS+rzi7WzWlmQS1ekMwNKAzz3ip4yJA4J591JOhtt96SqmQAHV8ww2q9IE6bOw6k\n=LmRs\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2021-12-31T15:57:56Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAQbyLmRaWWln+lPYj5lAtbcQ4KQ7ntPyJJIsMl2kkBFYw\nIedaJ+SpExs2kXTlAWxa5B74RFmAPRlCq+ByErWDorovhn1uYI2ljeYIHKvrcgbY\n0l4B7XQlAV3pz3v/ZwUhB20zatPCprUWdJH+3Gd8xQr46djdHGK9WQSetxxEuL8j\nyfENUOu/jnPlfMVyDwRHbweq7Ar60GXVfs2UrjsL7yRjr0FpMNu3Ho4O4kO9HBn6\n=B+g2\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix index 38c3a4e8..53ba5120 100644 --- a/hosts/vidhar/zfs.nix +++ b/hosts/vidhar/zfs.nix | |||
@@ -83,6 +83,12 @@ in { | |||
83 | options = [ "zfsutil" ]; | 83 | options = [ "zfsutil" ]; |
84 | }; | 84 | }; |
85 | 85 | ||
86 | "/var/lib/grafana" = | ||
87 | { device = "ssd-raid1/local/var-lib-grafana"; | ||
88 | fsType = "zfs"; | ||
89 | options = [ "zfsutil" ]; | ||
90 | }; | ||
91 | |||
86 | "/var/log" = | 92 | "/var/log" = |
87 | { device = "ssd-raid1/local/var-log"; | 93 | { device = "ssd-raid1/local/var-log"; |
88 | fsType = "zfs"; | 94 | fsType = "zfs"; |
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 3690964f..16f8d3a9 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix | |||
@@ -77,6 +77,9 @@ let | |||
77 | sif = ["${batSubnet}:2::/${toString batHostLength}"]; | 77 | sif = ["${batSubnet}:2::/${toString batHostLength}"]; |
78 | }; | 78 | }; |
79 | routers = [ "surtr" ]; | 79 | routers = [ "surtr" ]; |
80 | hostNames = { | ||
81 | vidhar = [ "grafana.vidhar.yggdrasil" ]; | ||
82 | }; | ||
80 | 83 | ||
81 | mkPublicKeyPath = family: host: ./hosts + "/${family}" + "/${host}.pub"; | 84 | mkPublicKeyPath = family: host: ./hosts + "/${family}" + "/${host}.pub"; |
82 | mkPrivateKeyPath = family: host: ./hosts + "/${family}" + "/${host}.priv"; | 85 | mkPrivateKeyPath = family: host: ./hosts + "/${family}" + "/${host}.priv"; |
@@ -241,7 +244,7 @@ in { | |||
241 | 244 | ||
242 | sops.secrets = listToAttrs (map familyToSopsSecret hostFamilies); | 245 | sops.secrets = listToAttrs (map familyToSopsSecret hostFamilies); |
243 | 246 | ||
244 | networking.hosts = mkIf inNetwork (listToAttrs (concatMap ({name, value}: map (ip: nameValuePair (stripSubnet ip) ["${name}.yggdrasil"]) value) (mapAttrsToList nameValuePair batHostIPs))); | 247 | networking.hosts = mkIf inNetwork (listToAttrs (concatMap ({name, value}: map (ip: nameValuePair (stripSubnet ip) (["${name}.yggdrasil"] ++ (hostNames.${name} or []))) value) (mapAttrsToList nameValuePair batHostIPs))); |
245 | 248 | ||
246 | boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard ++ [kernel.batman_adv]; | 249 | boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard ++ [kernel.batman_adv]; |
247 | environment.systemPackages = with pkgs; [ wireguard-tools batctl ]; | 250 | environment.systemPackages = with pkgs; [ wireguard-tools batctl ]; |