Try grafana LXC + Agenix (forgejo-runner not working)

This commit is contained in:
Théo Barnouin 2024-10-23 15:52:13 +02:00
parent 7f7f604882
commit fa1821798d
4 changed files with 32 additions and 33 deletions

View file

@ -2,14 +2,18 @@ let
tbarnouin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos";
users = [ tbarnouin ];
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYomb5vtXsfYGZiVjSY7eOzWI+tp1YRLlPkpKDXIwGl root@nixos";
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYomb5vtXsfYGZiVjSY7eOzWI+tp1YRLlPkpKDXIwGl root@nixos";
forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2NAam+nseSCzJV/1UTyO2LgMjx0xT7/vTOOi5EG9HV root@forgejo-runner";
forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2NAam+nseSCzJV/1UTyO2LgMjx0xT7/vTOOi5EG9HV root@forgejo-runner";
grafana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQxvO9vdd2f9aV4F3LEQrrTJaLwLvSLbLtjB9qNxc4z root@grafana";
systems = [ laptop forgejo ];
systems = [ laptop forgejo grafana ];
in
{
"forgejo-runner-token.age".publicKeys = [ tbarnouin forgejo ];
"../services/forgejo-runner/secrets/forgejo-runner-token.age".publicKeys = [ tbarnouin forgejo ];
"../services/grafana/secrets/grafana-db.age".publicKeys = [ tbarnouin grafana ];
"../services/grafana/secrets/kuma-token.age".publicKeys = [ tbarnouin grafana ];
}

View file

@ -5,6 +5,10 @@ in
{
options.services.vm_grafana = {
enable = lib.mkEnableOption "Enable minimal config";
vm_ip = lib.mkOption {
type = lib.types.str;
description = "The VM IP address";
};
proxy_ip = lib.mkOption {
type = lib.types.str;
description = "The Nginx proxy IP address";
@ -14,7 +18,16 @@ in
description = "The PostgreSQL host IP address";
};
};
config = lib.mkIf cfg.enable {
config = lib.mkIf cfg.enable {
age.secrets.grafana-db = {
file = ./secrets/grafana-db.age;
mode = "0660";
owner = "grafana";
};
age.secrets.kuma-token = {
file = ./secrets/kuma-token.age;
mode = "0660";
};
services.rsyslogd = {
enable = true;
extraConfig = ''
@ -37,7 +50,7 @@ in
settings = {
server = {
protocol = "http";
http_addr = "${config.services.vm.vm_ip}";
http_addr = "${cfg.vm_ip}";
http_port = 3000;
domain = "logs.le43.eu";
root_url = "https://logs.le43.eu";
@ -48,26 +61,7 @@ in
host = "${cfg.pgsql_ip}:5432";
name = "grafana";
user = "grafana";
password = "\$__file{/run/secrets/grafana/database_secret}";
};
auth = {
signout_redirect_url = https://authentik.le43.eu/application/o/grafana/end-session/;
oauth_auto_login = true;
};
"oauth.generic_oauth" = {
name = "authentik";
enabled = true;
client_id = "9HV82G8F92Jcbw4nP8eppMcPpLcAw5uYpejfReLy";
client_secret = "\$__file{/run/secrets/grafana/client_secret}";
scopes = [
"openid"
"email"
"profile"
];
auth_url = "https://authentik.le43.eu/application/o/authorize/";
token_url = "https://authentik.le43.eu/application/o/token/";
api_url = "https://authentik.le43.eu/application/o/userinfo/";
role_attribute_path = "contains(groups, 'admin') && 'Admin' || 'Viewer'";
password = "\$__file{${config.age.secrets.grafana-db.path}";
};
};
};
@ -83,7 +77,7 @@ in
targets = [ "192.168.1.90:3001" ];
}];
basic_auth.username = "tbarnouin";
basic_auth.password_file = "/run/secrets/grafana/kuma_token";
basic_auth.password_file = config.age.secrets.kuma-token.path;
}
{
job_name = "grafana";
@ -170,13 +164,6 @@ in
}];
}
];
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
port = 9002;
};
};
};
services.loki = {
enable = true;

View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 OWkVXw 1n49CouMzxgvdrQ+7gIbilN2oRkG3lfTJehpVwxeLXw
NBB8G9JeEmvbfXk6WdaDPYTaSBsNtDyqdTkJKG3RNtw
-> ssh-ed25519 wnEUpw LepRS+v4Jq+Z4VBtyDRw1BQkGOwOzI5HsjRSFP9SLA4
hRZr5OauNH1VYHip7pifCuVxTTQa3S9VbjwjQEUuK00
--- G3K8IsDtSXZ7Cqp0ehe7eczyzzEsiwwV9xfenlBz0Vo
@²W £0ÊH%
ƒ·Õ8Š4¼Ã\»‚&È©´ I^˜@5©ÂƒÏF

Binary file not shown.