5 files changed, 93 insertions, 1 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index 29cd96db..ee67d254 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -119,5 +119,36 @@
      cpuFreqGovernor = "schedutil";
    };
+    services.nginx = {
+      enable = true;
+      upstreams.grafana = {
+        servers = { "unix:${config.services.grafana.socket}" = {}; };
+      };
+      virtualHosts = {
+        ${config.services.grafana.domain} = {
+          locations."/" = {
+            proxyPass = "http://grafana";
+            proxyWebsockets = true;
+          };
+        };
+      };
+    };
+    services.grafana = {
+      enable = true;
+      analytics.reporting.enable = false;
+      domain = "grafana.vidhar.yggdrasil";
+      security.adminPasswordFile = config.sops.secrets."grafana-admin-password".path;
+      security.secretKeyFile = config.sops.secrets."grafana-secret-key".path;
+      protocol = "socket";
+    };
+    sops.secrets."grafana-admin-password" = {
+      format = "binary";
+      sopsFile = ./grafana-admin-password;
+    };
+    sops.secrets."grafana-secret-key" = {
+      format = "binary";
+      sopsFile = ./grafana-secret-key;
+    };
  };
 }
diff --git a/hosts/vidhar/grafana-admin-password b/hosts/vidhar/grafana-admin-password
new file mode 100644
index 00000000..56a69070
--- /dev/null
+++ b/hosts/vidhar/grafana-admin-password
@@ -0,0 +1,26 @@
+{
+        "data": "ENC[AES256_GCM,data:HHEQGFQxEfyuQZIHjvS4kw==,iv:04dLr3xnha39cObi9LXjzhbfxIcy13tgNm510e/WQfw=,tag:SnVtPyjmtcfjdc4fsDEMpg==,type:str]",
+        "sops": {
+                "kms": null,
+                "gcp_kms": null,
+                "azure_kv": null,
+                "hc_vault": null,
+                "age": null,
+                "lastmodified": "2021-12-31T15:57:51Z",
+                "mac": "ENC[AES256_GCM,data:Dqp4zA7D/hV5FQsp0czjym4MOjusC1CkmsitIHsD2XE87PN0LdAKTL/8tYSH+UGRdoSAnjyPYL5EastF5l4ubWNibom0R/it+TotvFBfaD27DWquZ3zvrwgjBXjaswGPYD5YbRocUmi1kOmZQtjegb6KTGpKicxwKbxg0xU/oHk=,iv:oHCqnCCSmwz23FItsThtNZC2J4doebMNVdhNkGv5+UM=,tag:u3owTxS9FHCZtG7YmDGbuw==,type:str]",
+                "pgp": [
+                        {
+                                "created_at": "2021-12-31T15:57:38Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAQzuwBJzuzxQRohpEqMZtMaJo3c7FWAxJ1BrC0zOAJCQw\nzLfsrjUWCsxqBJkbK4h84Iun8OdulMHyAbg2knSGNWOQoe7ec1cGl06gFhuxkXzy\n0l4BEW/pamCejbYKw+OISBBB6atjs4b3aOzSbnJSBjauommsCnn8aJtZt1ZfctiY\nNo6tawcodNzYCzVmVDjfBM1270yrIP3W0hsttoyO/DQeZn2vB9YiFI59xnVqhrE7\n=tNlA\n-----END PGP MESSAGE-----\n",
+                                "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
+                        },
+                        {
+                                "created_at": "2021-12-31T15:57:38Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA10EukKZpWrIMHrNrhbGBjKMvpco+UusoYebYNuSi9RAw\nc+UuuxmshOxq0n0RTjNBZvhixPcj7P9t12ldk1V1NYlHOocMFf5te1wPbkMoqZKz\n0l4Bl93nSz43RQYjeoQWleUSrBchNQ/WOs7Wr4DKgoZ5nC3q+Pn6qQ/yYayhDjpW\nHR+06wk41uF3lnoa1vhu43eK/7CbaqzUZPInBrYbkat7MvE33Mq9rcoXBomNT4eO\n=dSyp\n-----END PGP MESSAGE-----\n",
+                                "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+                        }
+                ],
+                "unencrypted_suffix": "_unencrypted",
+                "version": "3.7.1"
+        }
+}
+\ No newline at end of file
diff --git a/hosts/vidhar/grafana-secret-key b/hosts/vidhar/grafana-secret-key
new file mode 100644
index 00000000..aea7a8b6
--- /dev/null
+++ b/hosts/vidhar/grafana-secret-key
@@ -0,0 +1,26 @@
+{
+        "data": "ENC[AES256_GCM,data:wX0eku+X3z11qszRjbzANkpnzb0UPA==,iv:vDFM+mK0ylbzsm8bqUfByAylxJW36AM4O96ThbPVEps=,tag:fu2hHRhNCO4AAmXswWOr+w==,type:str]",
+        "sops": {
+                "kms": null,
+                "gcp_kms": null,
+                "azure_kv": null,
+                "hc_vault": null,
+                "age": null,
+                "lastmodified": "2021-12-31T15:58:23Z",
+                "mac": "ENC[AES256_GCM,data:6UhUWxJ1IAgM4tubK0dD1bTQwmJZCZ6KkLTlkPRkbVRpN6zQAK/RT665Ok2lGpxEZ2yYrAMUMGs4Kvpii7NwEd6vj2Ad+4rKZygJ1V2hnmSCN0AUC/EdzGorFheMy+yjqJSJIZTc+ZIpQ7n/mtdPe6SyxJfzJOLXIZ6xFlteAhQ=,iv:3Xwa0pBwieGDmPTCD1i8qavRI5oa1Bm8AIz+EA/l2X4=,tag:X0s9WfxtlaR6GKtnmnFvDg==,type:str]",
+                "pgp": [
+                        {
+                                "created_at": "2021-12-31T15:57:56Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdA9CYiNCA1h7DNMvPg4qeFT1Yg1v3HdQRgUEj48QIYrDAw\navNJMsqFby1udTs4j80eY7hUm6FbD98MIr/Od0Pb1RznrLPcmTWYbSM6dHKLUjav\n0l4BJkl3Q8AiLsSWMfg9YQ7s5kBpzWmdajRJnV41lbMBKph0tRzzf/DvGjm9dDe2\nUS+rzi7WzWlmQS1ekMwNKAzz3ip4yJA4J591JOhtt96SqmQAHV8ww2q9IE6bOw6k\n=LmRs\n-----END PGP MESSAGE-----\n",
+                                "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
+                        },
+                        {
+                                "created_at": "2021-12-31T15:57:56Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAQbyLmRaWWln+lPYj5lAtbcQ4KQ7ntPyJJIsMl2kkBFYw\nIedaJ+SpExs2kXTlAWxa5B74RFmAPRlCq+ByErWDorovhn1uYI2ljeYIHKvrcgbY\n0l4B7XQlAV3pz3v/ZwUhB20zatPCprUWdJH+3Gd8xQr46djdHGK9WQSetxxEuL8j\nyfENUOu/jnPlfMVyDwRHbweq7Ar60GXVfs2UrjsL7yRjr0FpMNu3Ho4O4kO9HBn6\n=B+g2\n-----END PGP MESSAGE-----\n",
+                                "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+                        }
+                ],
+                "unencrypted_suffix": "_unencrypted",
+                "version": "3.7.1"
+        }
+}
+\ No newline at end of file
diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix
index 38c3a4e8..53ba5120 100644
--- a/hosts/vidhar/zfs.nix
+++ b/hosts/vidhar/zfs.nix
@@ -83,6 +83,12 @@ in {
          options = [ "zfsutil" ];
        };
+      "/var/lib/grafana" =
+        { device = "ssd-raid1/local/var-lib-grafana";
+          fsType = "zfs";
+          options = [ "zfsutil" ];
+        };
      "/var/log" =
        { device = "ssd-raid1/local/var-log";
          fsType = "zfs";
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix
index 3690964f..16f8d3a9 100644
--- a/modules/yggdrasil-wg/default.nix
+++ b/modules/yggdrasil-wg/default.nix
@@ -77,6 +77,9 @@ let
    sif = ["${batSubnet}:2::/${toString batHostLength}"];
  };
  routers = [ "surtr" ];
+  hostNames = {
+    vidhar = [ "grafana.vidhar.yggdrasil" ];
+  };
  mkPublicKeyPath = family: host: ./hosts + "/${family}" + "/${host}.pub";
  mkPrivateKeyPath = family: host: ./hosts + "/${family}" + "/${host}.priv";
@@ -241,7 +244,7 @@ in {
    sops.secrets = listToAttrs (map familyToSopsSecret hostFamilies);
-    networking.hosts = mkIf inNetwork (listToAttrs (concatMap ({name, value}: map (ip: nameValuePair (stripSubnet ip) ["${name}.yggdrasil"]) value) (mapAttrsToList nameValuePair batHostIPs)));
+    networking.hosts = mkIf inNetwork (listToAttrs (concatMap ({name, value}: map (ip: nameValuePair (stripSubnet ip) (["${name}.yggdrasil"] ++ (hostNames.${name} or []))) value) (mapAttrsToList nameValuePair batHostIPs)));
    boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard ++ [kernel.batman_adv];
    environment.systemPackages = with pkgs; [ wireguard-tools batctl ];

diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index 29cd96db..ee67d254 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix
@@ -119,5 +119,36 @@
119		119
120	cpuFreqGovernor = "schedutil";	120	cpuFreqGovernor = "schedutil";
121	};	121	};
		122
		123	services.nginx = {
		124	enable = true;
		125	upstreams.grafana = {
		126	servers = { "unix:${config.services.grafana.socket}" = {}; };
		127	};
		128	virtualHosts = {
		129	${config.services.grafana.domain} = {
		130	locations."/" = {
		131	proxyPass = "http://grafana";
		132	proxyWebsockets = true;
		133	};
		134	};
		135	};
		136	};
		137	services.grafana = {
		138	enable = true;
		139	analytics.reporting.enable = false;
		140	domain = "grafana.vidhar.yggdrasil";
		141	security.adminPasswordFile = config.sops.secrets."grafana-admin-password".path;
		142	security.secretKeyFile = config.sops.secrets."grafana-secret-key".path;
		143	protocol = "socket";
		144	};
		145	sops.secrets."grafana-admin-password" = {
		146	format = "binary";
		147	sopsFile = ./grafana-admin-password;
		148	};
		149	sops.secrets."grafana-secret-key" = {
		150	format = "binary";
		151	sopsFile = ./grafana-secret-key;
		152	};
122	};	153	};
123	}	154	}


diff --git a/hosts/vidhar/grafana-admin-password b/hosts/vidhar/grafana-admin-password new file mode 100644 index 00000000..56a69070 --- /dev/null +++ b/hosts/vidhar/grafana-admin-password
@@ -0,0 +1,26 @@
		1	{
		2	"data": "ENC[AES256_GCM,data:HHEQGFQxEfyuQZIHjvS4kw==,iv:04dLr3xnha39cObi9LXjzhbfxIcy13tgNm510e/WQfw=,tag:SnVtPyjmtcfjdc4fsDEMpg==,type:str]",
		3	"sops": {
		4	"kms": null,
		5	"gcp_kms": null,
		6	"azure_kv": null,
		7	"hc_vault": null,
		8	"age": null,
		9	"lastmodified": "2021-12-31T15:57:51Z",
		10	"mac": "ENC[AES256_GCM,data:Dqp4zA7D/hV5FQsp0czjym4MOjusC1CkmsitIHsD2XE87PN0LdAKTL/8tYSH+UGRdoSAnjyPYL5EastF5l4ubWNibom0R/it+TotvFBfaD27DWquZ3zvrwgjBXjaswGPYD5YbRocUmi1kOmZQtjegb6KTGpKicxwKbxg0xU/oHk=,iv:oHCqnCCSmwz23FItsThtNZC2J4doebMNVdhNkGv5+UM=,tag:u3owTxS9FHCZtG7YmDGbuw==,type:str]",
		11	"pgp": [
		12	{
		13	"created_at": "2021-12-31T15:57:38Z",
		14	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAQzuwBJzuzxQRohpEqMZtMaJo3c7FWAxJ1BrC0zOAJCQw\nzLfsrjUWCsxqBJkbK4h84Iun8OdulMHyAbg2knSGNWOQoe7ec1cGl06gFhuxkXzy\n0l4BEW/pamCejbYKw+OISBBB6atjs4b3aOzSbnJSBjauommsCnn8aJtZt1ZfctiY\nNo6tawcodNzYCzVmVDjfBM1270yrIP3W0hsttoyO/DQeZn2vB9YiFI59xnVqhrE7\n=tNlA\n-----END PGP MESSAGE-----\n",
		15	"fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
		16	},
		17	{
		18	"created_at": "2021-12-31T15:57:38Z",
		19	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA10EukKZpWrIMHrNrhbGBjKMvpco+UusoYebYNuSi9RAw\nc+UuuxmshOxq0n0RTjNBZvhixPcj7P9t12ldk1V1NYlHOocMFf5te1wPbkMoqZKz\n0l4Bl93nSz43RQYjeoQWleUSrBchNQ/WOs7Wr4DKgoZ5nC3q+Pn6qQ/yYayhDjpW\nHR+06wk41uF3lnoa1vhu43eK/7CbaqzUZPInBrYbkat7MvE33Mq9rcoXBomNT4eO\n=dSyp\n-----END PGP MESSAGE-----\n",
		20	"fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
		21	}
		22	],
		23	"unencrypted_suffix": "_unencrypted",
		24	"version": "3.7.1"
		25	}
		26	} \ No newline at end of file


diff --git a/hosts/vidhar/grafana-secret-key b/hosts/vidhar/grafana-secret-key new file mode 100644 index 00000000..aea7a8b6 --- /dev/null +++ b/hosts/vidhar/grafana-secret-key
@@ -0,0 +1,26 @@
		1	{
		2	"data": "ENC[AES256_GCM,data:wX0eku+X3z11qszRjbzANkpnzb0UPA==,iv:vDFM+mK0ylbzsm8bqUfByAylxJW36AM4O96ThbPVEps=,tag:fu2hHRhNCO4AAmXswWOr+w==,type:str]",
		3	"sops": {
		4	"kms": null,
		5	"gcp_kms": null,
		6	"azure_kv": null,
		7	"hc_vault": null,
		8	"age": null,
		9	"lastmodified": "2021-12-31T15:58:23Z",
		10	"mac": "ENC[AES256_GCM,data:6UhUWxJ1IAgM4tubK0dD1bTQwmJZCZ6KkLTlkPRkbVRpN6zQAK/RT665Ok2lGpxEZ2yYrAMUMGs4Kvpii7NwEd6vj2Ad+4rKZygJ1V2hnmSCN0AUC/EdzGorFheMy+yjqJSJIZTc+ZIpQ7n/mtdPe6SyxJfzJOLXIZ6xFlteAhQ=,iv:3Xwa0pBwieGDmPTCD1i8qavRI5oa1Bm8AIz+EA/l2X4=,tag:X0s9WfxtlaR6GKtnmnFvDg==,type:str]",
		11	"pgp": [
		12	{
		13	"created_at": "2021-12-31T15:57:56Z",
		14	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdA9CYiNCA1h7DNMvPg4qeFT1Yg1v3HdQRgUEj48QIYrDAw\navNJMsqFby1udTs4j80eY7hUm6FbD98MIr/Od0Pb1RznrLPcmTWYbSM6dHKLUjav\n0l4BJkl3Q8AiLsSWMfg9YQ7s5kBpzWmdajRJnV41lbMBKph0tRzzf/DvGjm9dDe2\nUS+rzi7WzWlmQS1ekMwNKAzz3ip4yJA4J591JOhtt96SqmQAHV8ww2q9IE6bOw6k\n=LmRs\n-----END PGP MESSAGE-----\n",
		15	"fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
		16	},
		17	{
		18	"created_at": "2021-12-31T15:57:56Z",
		19	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAQbyLmRaWWln+lPYj5lAtbcQ4KQ7ntPyJJIsMl2kkBFYw\nIedaJ+SpExs2kXTlAWxa5B74RFmAPRlCq+ByErWDorovhn1uYI2ljeYIHKvrcgbY\n0l4B7XQlAV3pz3v/ZwUhB20zatPCprUWdJH+3Gd8xQr46djdHGK9WQSetxxEuL8j\nyfENUOu/jnPlfMVyDwRHbweq7Ar60GXVfs2UrjsL7yRjr0FpMNu3Ho4O4kO9HBn6\n=B+g2\n-----END PGP MESSAGE-----\n",
		20	"fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
		21	}
		22	],
		23	"unencrypted_suffix": "_unencrypted",
		24	"version": "3.7.1"
		25	}
		26	} \ No newline at end of file


diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix index 38c3a4e8..53ba5120 100644 --- a/hosts/vidhar/zfs.nix +++ b/hosts/vidhar/zfs.nix
@@ -83,6 +83,12 @@ in {
83	options = [ "zfsutil" ];	83	options = [ "zfsutil" ];
84	};	84	};
85		85
		86	"/var/lib/grafana" =
		87	{ device = "ssd-raid1/local/var-lib-grafana";
		88	fsType = "zfs";
		89	options = [ "zfsutil" ];
		90	};
		91
86	"/var/log" =	92	"/var/log" =
87	{ device = "ssd-raid1/local/var-log";	93	{ device = "ssd-raid1/local/var-log";
88	fsType = "zfs";	94	fsType = "zfs";


diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 3690964f..16f8d3a9 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix
@@ -77,6 +77,9 @@ let
77	sif = ["${batSubnet}:2::/${toString batHostLength}"];	77	sif = ["${batSubnet}:2::/${toString batHostLength}"];
78	};	78	};
79	routers = [ "surtr" ];	79	routers = [ "surtr" ];
		80	hostNames = {
		81	vidhar = [ "grafana.vidhar.yggdrasil" ];
		82	};
80		83
81	mkPublicKeyPath = family: host: ./hosts + "/${family}" + "/${host}.pub";	84	mkPublicKeyPath = family: host: ./hosts + "/${family}" + "/${host}.pub";
82	mkPrivateKeyPath = family: host: ./hosts + "/${family}" + "/${host}.priv";	85	mkPrivateKeyPath = family: host: ./hosts + "/${family}" + "/${host}.priv";
@@ -241,7 +244,7 @@ in {
241		244
242	sops.secrets = listToAttrs (map familyToSopsSecret hostFamilies);	245	sops.secrets = listToAttrs (map familyToSopsSecret hostFamilies);
243		246
244	networking.hosts = mkIf inNetwork (listToAttrs (concatMap ({name, value}: map (ip: nameValuePair (stripSubnet ip) ["${name}.yggdrasil"]) value) (mapAttrsToList nameValuePair batHostIPs)));	247	networking.hosts = mkIf inNetwork (listToAttrs (concatMap ({name, value}: map (ip: nameValuePair (stripSubnet ip) (["${name}.yggdrasil"] ++ (hostNames.${name} or []))) value) (mapAttrsToList nameValuePair batHostIPs)));
245		248
246	boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard ++ [kernel.batman_adv];	249	boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard ++ [kernel.batman_adv];
247	environment.systemPackages = with pkgs; [ wireguard-tools batctl ];	250	environment.systemPackages = with pkgs; [ wireguard-tools batctl ];