nixos-hypervisor/services/grafana/default.nix

{ lib, config, pkgs, ... }:
let
  cfg = config.services.vm_grafana;
in
{
  options.services.vm_grafana = {
    enable = lib.mkEnableOption "Enable minimal config";
    proxy_ip = lib.mkOption {
      type = lib.types.str;
      description = "The Nginx proxy IP address";
    };
    pgsql_ip = lib.mkOption {
      type = lib.types.str;
      description = "The PostgreSQL host IP address";
    };
  };
    config = lib.mkIf cfg.enable {
    services.rsyslogd.enable = true;
    services.grafana = {
      enable = true;
      settings = {
        server = {
          protocol = "http";
          http_addr = "${config.services.vm.vm_ip}";
          http_port = 3000;
          domain = "logs.le43.eu";
          root_url = "https://logs.le43.eu";
          serve_from_sub_path = false;
        };
        database = {
          type     = "postgres";
          host     = "${cfg.pgsql_ip}:5432";
          name     = "grafana";
          user     = "grafana";
          password = "\$__file{/run/secrets/grafana/database_secret}";
        };
        auth = {
          signout_redirect_url = https://authentik.le43.eu/application/o/grafana/end-session/;
          oauth_auto_login = true;
        };
        "oauth.generic_oauth" = {
          name = "authentik";
          enabled = true;
          client_id = "9HV82G8F92Jcbw4nP8eppMcPpLcAw5uYpejfReLy";
          client_secret = "\$__file{/run/secrets/grafana/client_secret}";
          scopes = [
            "openid"
            "email"
            "profile"
          ];
          auth_url = "https://authentik.le43.eu/application/o/authorize/";
          token_url = "https://authentik.le43.eu/application/o/token/";
          api_url = "https://authentik.le43.eu/application/o/userinfo/";
          role_attribute_path = "contains(groups, 'admin') && 'Admin' || 'Viewer'";
        };
      };
    };
    services.prometheus = {
      enable = true;
      port = 9001;
      scrapeConfigs = [
        {
          job_name = "grafana";
          static_configs = [{
            targets = [ "127.0.0.1:9002" ];
          }];
        }
        {
          job_name = "nginx";
          static_configs = [{
            targets = [ "${cfg.proxy_ip}:9002" ];
          }];
        }
        {
          job_name = "redis";
          static_configs = [{
            targets = [ "192.168.1.16:9002" ];
          }];
        }
        {
          job_name = "authentik";
          static_configs = [{
            targets = [ "192.168.1.25:9002" ];
          }];
        }
      ];
      exporters = {
        node = {
          enable = true;
          enabledCollectors = [ "systemd" ];
          port = 9002;
        };
      };
    };
    services.loki = {
      enable = true;
      configuration = {
        server.http_listen_port = 3100;
        server.grpc_listen_port = 9096;
        auth_enabled = false;
        ingester = {
          lifecycler = {
            address = "127.0.0.1";
            ring = {
              kvstore = {
                store = "inmemory";
              };
              replication_factor = 1;
            };
          };
          chunk_idle_period = "1h";
          max_chunk_age = "1h";
          chunk_target_size = 999999;
          chunk_retain_period = "30s";
        };
        schema_config = {
          configs = [{
            from = "2022-06-06";
            store = "boltdb-shipper";
            object_store = "filesystem";
            schema = "v13";
            index = {
              prefix = "index_";
              period = "24h";
            };
          }];
        };
        storage_config = {
          boltdb_shipper = {
            active_index_directory = "/var/lib/loki/boltdb-shipper-active";
            cache_location = "/var/lib/loki/boltdb-shipper-cache";
            cache_ttl = "24h";
          };

          filesystem = {
            directory = "/var/lib/loki/chunks";
          };
        };

        limits_config = {
          reject_old_samples = true;
          reject_old_samples_max_age = "168h";
          allow_structured_metadata = false;
        };

        table_manager = {
          retention_deletes_enabled = false;
          retention_period = "0s";
        };
        compactor = {
          working_directory = "/var/lib/loki";
          compactor_ring = {
            kvstore = {
              store = "inmemory";
            };
          };
        };
      };
    };
    services.promtail = {
      enable = true;
      configuration = {
        server = {
          http_listen_port = 3101;
          grpc_listen_port = 9095;
        };
        positions = {
          filename = "/tmp/positions.yaml";
        };
        clients = [{
          url = "http://127.0.0.1:3100/loki/api/v1/push";
        }];
        scrape_configs = [{
          job_name = "journal";
          journal = {
            max_age = "12h";
            labels = {
              job = "systemd-journal";
              host = "localhost";
            };
          };
          relabel_configs = [{
            source_labels = [ "__journal__systemd_unit" ];
            target_label = "unit";
          }];
        }];
      };
    };

    # Open ports in the firewall.
    networking.firewall.allowedTCPPorts = [ 3000 3100 3101 9001 ];
  };
}
Add other services 2024-09-09 15:19:57 +02:00			`{ lib, config, pkgs, ... }:`
			`let`
			`cfg = config.services.vm_grafana;`
			`in`
			`{`
			`options.services.vm_grafana = {`
			`enable = lib.mkEnableOption "Enable minimal config";`
			`proxy_ip = lib.mkOption {`
			`type = lib.types.str;`
			`description = "The Nginx proxy IP address";`
			`};`
Fix variable 2024-09-25 13:44:15 +02:00			`pgsql_ip = lib.mkOption {`
			`type = lib.types.str;`
			`description = "The PostgreSQL host IP address";`
			`};`
Add other services 2024-09-09 15:19:57 +02:00			`};`
			`config = lib.mkIf cfg.enable {`
			`services.rsyslogd.enable = true;`
			`services.grafana = {`
			`enable = true;`
			`settings = {`
			`server = {`
			`protocol = "http";`
			`http_addr = "${config.services.vm.vm_ip}";`
			`http_port = 3000;`
			`domain = "logs.le43.eu";`
			`root_url = "https://logs.le43.eu";`
			`serve_from_sub_path = false;`
			`};`
Add external database for grafana 2024-09-25 13:36:18 +02:00			`database = {`
			`type = "postgres";`
Fix variable 2024-09-25 13:44:15 +02:00			`host = "${cfg.pgsql_ip}:5432";`
Add external database for grafana 2024-09-25 13:36:18 +02:00			`name = "grafana";`
			`user = "grafana";`
			`password = "\$__file{/run/secrets/grafana/database_secret}";`
			`};`
Ajout config OAuth pour grafana 2024-09-25 12:56:59 +02:00			`auth = {`
			`signout_redirect_url = https://authentik.le43.eu/application/o/grafana/end-session/;`
			`oauth_auto_login = true;`
			`};`
			`"oauth.generic_oauth" = {`
			`name = "authentik";`
			`enabled = true;`
			`client_id = "9HV82G8F92Jcbw4nP8eppMcPpLcAw5uYpejfReLy";`
			`client_secret = "\$__file{/run/secrets/grafana/client_secret}";`
			`scopes = [`
			`"openid"`
			`"email"`
			`"profile"`
			`];`
			`auth_url = "https://authentik.le43.eu/application/o/authorize/";`
			`token_url = "https://authentik.le43.eu/application/o/token/";`
			`api_url = "https://authentik.le43.eu/application/o/userinfo/";`
			`role_attribute_path = "contains(groups, 'admin') && 'Admin' \|\| 'Viewer'";`
			`};`
Add other services 2024-09-09 15:19:57 +02:00			`};`
			`};`
			`services.prometheus = {`
			`enable = true;`
			`port = 9001;`
			`scrapeConfigs = [`
			`{`
			`job_name = "grafana";`
			`static_configs = [{`
			`targets = [ "127.0.0.1:9002" ];`
			`}];`
			`}`
			`{`
			`job_name = "nginx";`
			`static_configs = [{`
			`targets = [ "${cfg.proxy_ip}:9002" ];`
			`}];`
			`}`
Add prometheus jobs 2024-09-17 17:32:03 +02:00			`{`
			`job_name = "redis";`
			`static_configs = [{`
			`targets = [ "192.168.1.16:9002" ];`
			`}];`
			`}`
			`{`
			`job_name = "authentik";`
			`static_configs = [{`
			`targets = [ "192.168.1.25:9002" ];`
			`}];`
			`}`
Add other services 2024-09-09 15:19:57 +02:00			`];`
			`exporters = {`
			`node = {`
			`enable = true;`
			`enabledCollectors = [ "systemd" ];`
			`port = 9002;`
			`};`
			`};`
			`};`
			`services.loki = {`
			`enable = true;`
			`configuration = {`
			`server.http_listen_port = 3100;`
			`server.grpc_listen_port = 9096;`
			`auth_enabled = false;`
			`ingester = {`
			`lifecycler = {`
			`address = "127.0.0.1";`
			`ring = {`
			`kvstore = {`
			`store = "inmemory";`
			`};`
			`replication_factor = 1;`
			`};`
			`};`
			`chunk_idle_period = "1h";`
			`max_chunk_age = "1h";`
			`chunk_target_size = 999999;`
			`chunk_retain_period = "30s";`
			`};`
			`schema_config = {`
			`configs = [{`
			`from = "2022-06-06";`
			`store = "boltdb-shipper";`
			`object_store = "filesystem";`
			`schema = "v13";`
			`index = {`
			`prefix = "index_";`
			`period = "24h";`
			`};`
			`}];`
			`};`
			`storage_config = {`
			`boltdb_shipper = {`
			`active_index_directory = "/var/lib/loki/boltdb-shipper-active";`
			`cache_location = "/var/lib/loki/boltdb-shipper-cache";`
			`cache_ttl = "24h";`
			`};`

			`filesystem = {`
			`directory = "/var/lib/loki/chunks";`
			`};`
			`};`

			`limits_config = {`
			`reject_old_samples = true;`
			`reject_old_samples_max_age = "168h";`
			`allow_structured_metadata = false;`
			`};`

			`table_manager = {`
			`retention_deletes_enabled = false;`
			`retention_period = "0s";`
			`};`
			`compactor = {`
			`working_directory = "/var/lib/loki";`
			`compactor_ring = {`
			`kvstore = {`
			`store = "inmemory";`
			`};`
			`};`
			`};`
			`};`
			`};`
			`services.promtail = {`
			`enable = true;`
			`configuration = {`
			`server = {`
			`http_listen_port = 3101;`
			`grpc_listen_port = 9095;`
			`};`
			`positions = {`
			`filename = "/tmp/positions.yaml";`
			`};`
			`clients = [{`
			`url = "http://127.0.0.1:3100/loki/api/v1/push";`
			`}];`
			`scrape_configs = [{`
			`job_name = "journal";`
			`journal = {`
			`max_age = "12h";`
			`labels = {`
			`job = "systemd-journal";`
			`host = "localhost";`
			`};`
			`};`
			`relabel_configs = [{`
			`source_labels = [ "__journal__systemd_unit" ];`
			`target_label = "unit";`
			`}];`
			`}];`
			`};`
			`};`

			`# Open ports in the firewall.`
			`networking.firewall.allowedTCPPorts = [ 3000 3100 3101 9001 ];`
			`};`
			`}`