Try grafana LXC + Agenix (forgejo-runner not working)
This commit is contained in:
parent
7f7f604882
commit
fa1821798d
4 changed files with 32 additions and 33 deletions
|
@ -2,14 +2,18 @@ let
|
|||
tbarnouin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos";
|
||||
users = [ tbarnouin ];
|
||||
|
||||
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYomb5vtXsfYGZiVjSY7eOzWI+tp1YRLlPkpKDXIwGl root@nixos";
|
||||
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYomb5vtXsfYGZiVjSY7eOzWI+tp1YRLlPkpKDXIwGl root@nixos";
|
||||
|
||||
forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2NAam+nseSCzJV/1UTyO2LgMjx0xT7/vTOOi5EG9HV root@forgejo-runner";
|
||||
forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2NAam+nseSCzJV/1UTyO2LgMjx0xT7/vTOOi5EG9HV root@forgejo-runner";
|
||||
|
||||
grafana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQxvO9vdd2f9aV4F3LEQrrTJaLwLvSLbLtjB9qNxc4z root@grafana";
|
||||
|
||||
systems = [ laptop forgejo ];
|
||||
systems = [ laptop forgejo grafana ];
|
||||
in
|
||||
{
|
||||
"forgejo-runner-token.age".publicKeys = [ tbarnouin forgejo ];
|
||||
"../services/forgejo-runner/secrets/forgejo-runner-token.age".publicKeys = [ tbarnouin forgejo ];
|
||||
"../services/grafana/secrets/grafana-db.age".publicKeys = [ tbarnouin grafana ];
|
||||
"../services/grafana/secrets/kuma-token.age".publicKeys = [ tbarnouin grafana ];
|
||||
}
|
||||
|
||||
|
|
|
@ -5,6 +5,10 @@ in
|
|||
{
|
||||
options.services.vm_grafana = {
|
||||
enable = lib.mkEnableOption "Enable minimal config";
|
||||
vm_ip = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "The VM IP address";
|
||||
};
|
||||
proxy_ip = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "The Nginx proxy IP address";
|
||||
|
@ -14,7 +18,16 @@ in
|
|||
description = "The PostgreSQL host IP address";
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
config = lib.mkIf cfg.enable {
|
||||
age.secrets.grafana-db = {
|
||||
file = ./secrets/grafana-db.age;
|
||||
mode = "0660";
|
||||
owner = "grafana";
|
||||
};
|
||||
age.secrets.kuma-token = {
|
||||
file = ./secrets/kuma-token.age;
|
||||
mode = "0660";
|
||||
};
|
||||
services.rsyslogd = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
|
@ -37,7 +50,7 @@ in
|
|||
settings = {
|
||||
server = {
|
||||
protocol = "http";
|
||||
http_addr = "${config.services.vm.vm_ip}";
|
||||
http_addr = "${cfg.vm_ip}";
|
||||
http_port = 3000;
|
||||
domain = "logs.le43.eu";
|
||||
root_url = "https://logs.le43.eu";
|
||||
|
@ -48,26 +61,7 @@ in
|
|||
host = "${cfg.pgsql_ip}:5432";
|
||||
name = "grafana";
|
||||
user = "grafana";
|
||||
password = "\$__file{/run/secrets/grafana/database_secret}";
|
||||
};
|
||||
auth = {
|
||||
signout_redirect_url = https://authentik.le43.eu/application/o/grafana/end-session/;
|
||||
oauth_auto_login = true;
|
||||
};
|
||||
"oauth.generic_oauth" = {
|
||||
name = "authentik";
|
||||
enabled = true;
|
||||
client_id = "9HV82G8F92Jcbw4nP8eppMcPpLcAw5uYpejfReLy";
|
||||
client_secret = "\$__file{/run/secrets/grafana/client_secret}";
|
||||
scopes = [
|
||||
"openid"
|
||||
"email"
|
||||
"profile"
|
||||
];
|
||||
auth_url = "https://authentik.le43.eu/application/o/authorize/";
|
||||
token_url = "https://authentik.le43.eu/application/o/token/";
|
||||
api_url = "https://authentik.le43.eu/application/o/userinfo/";
|
||||
role_attribute_path = "contains(groups, 'admin') && 'Admin' || 'Viewer'";
|
||||
password = "\$__file{${config.age.secrets.grafana-db.path}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -83,7 +77,7 @@ in
|
|||
targets = [ "192.168.1.90:3001" ];
|
||||
}];
|
||||
basic_auth.username = "tbarnouin";
|
||||
basic_auth.password_file = "/run/secrets/grafana/kuma_token";
|
||||
basic_auth.password_file = config.age.secrets.kuma-token.path;
|
||||
}
|
||||
{
|
||||
job_name = "grafana";
|
||||
|
@ -170,13 +164,6 @@ in
|
|||
}];
|
||||
}
|
||||
];
|
||||
exporters = {
|
||||
node = {
|
||||
enable = true;
|
||||
enabledCollectors = [ "systemd" ];
|
||||
port = 9002;
|
||||
};
|
||||
};
|
||||
};
|
||||
services.loki = {
|
||||
enable = true;
|
||||
|
|
8
services/grafana/secrets/grafana-db.age
Normal file
8
services/grafana/secrets/grafana-db.age
Normal file
|
@ -0,0 +1,8 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 OWkVXw 1n49CouMzxgvdrQ+7gIbilN2oRkG3lfTJehpVwxeLXw
|
||||
NBB8G9JeEmvbfXk6WdaDPYTaSBsNtDyqdTkJKG3RNtw
|
||||
-> ssh-ed25519 wnEUpw LepRS+v4Jq+Z4VBtyDRw1BQkGOwOzI5HsjRSFP9SLA4
|
||||
hRZr5OauNH1VYHip7pifCuVxTTQa3S9VbjwjQEUuK00
|
||||
--- G3K8IsDtSXZ7Cqp0ehe7eczyzzEsiwwV9xfenlBz0Vo
|
||||
@²WJƒ–£0ÊH%
|
||||
ƒ·Õ8Š4¼Ã\»‚&È©´
I^˜@5©ÂƒÏF
|
BIN
services/grafana/secrets/kuma-token.age
Normal file
BIN
services/grafana/secrets/kuma-token.age
Normal file
Binary file not shown.
Loading…
Reference in a new issue