From 5f586cebef894a7d4b3e4fe7a2b0c3ee5c7bf3a9 Mon Sep 17 00:00:00 2001
From: Swarsel <leon.schwarzaeugl@gmail.com>
Date: Fri, 18 Oct 2024 21:34:23 +0200
Subject: [PATCH] feat: enable monitoring on winters

---
 SwarselSystems.org                    | 51 +++++++++++++++++++++++++++
 modules/nixos/setup.nix               |  1 +
 profiles/server/common/default.nix    |  1 +
 profiles/server/common/monitoring.nix | 12 ++++---
 profiles/server/winters/default.nix   |  1 +
 secrets/server/winters/secrets.yaml   |  7 ++--
 6 files changed, 65 insertions(+), 8 deletions(-)

diff --git a/SwarselSystems.org b/SwarselSystems.org
index 52e42e6..e9f8795 100644
--- a/SwarselSystems.org
+++ b/SwarselSystems.org
@@ -1975,6 +1975,7 @@ My work machine. Built for more security, this is the gold standard of my config
         paperless = true;
         transmission = true;
         syncthing = true;
+        monitoring = true;
       };
     };
 
@@ -3460,6 +3461,7 @@ I usually use =mutableUsers = false= in my NixOS configuration. However, on a ne
     options.swarselsystems.server.paperless = lib.mkEnableOption "enable paperless on server";
     options.swarselsystems.server.transmission = lib.mkEnableOption "enable transmission and friends on server";
     options.swarselsystems.server.syncthing = lib.mkEnableOption "enable syncthing on server";
+    options.swarselsystems.server.monitoring = lib.mkEnableOption "enable monitoring on server";
   }
 #+end_src
 
@@ -5388,6 +5390,7 @@ Also, the system state version is set here. No need to touch it.
       ./paperless.nix
       ./transmission.nix
       ./syncthing.nix
+      ./monitoring.nix
     ];
 
     nix =
@@ -6563,6 +6566,54 @@ Also, the system state version is set here. No need to touch it.
   }
 #+end_src
 
+**** monitoring
+
+#+begin_src nix :tangle profiles/server/common/monitoring.nix
+  { pkgs, lib, config, ... }:
+  {
+    config = lib.mkIf config.swarselsystems.server.monitoring {
+
+      sops.secrets = {
+        grafanaadminpass = {
+          owner = "grafana";
+        }
+        }
+      users.users.grafana = {
+        extraGroups = [ "users" ];
+      };
+
+      services.grafana = {
+        enable = true;
+        dataDir = "/Vault/data/grafana";
+        admin_password = "$__file{/run/secrets/grafanaadminpass}";
+        settings = {
+          http_port = 3000;
+          http_addr = "127.0.0.1";
+        };
+      };
+
+      services.nginx = {
+        virtualHosts = {
+          "status.swarsel.win" = {
+            enableACME = true;
+            forceSSL = true;
+            acmeRoot = null;
+            locations = {
+              "/" = {
+                proxyPass = "http://localhost:3000/";
+                extraConfig = ''
+                  client_max_body_size 0;
+                '';
+              };
+            };
+          };
+        };
+      };
+    };
+
+  }
+#+end_src
+
 
 *** Optional
 :PROPERTIES:
diff --git a/modules/nixos/setup.nix b/modules/nixos/setup.nix
index fd59da2..ea5c909 100644
--- a/modules/nixos/setup.nix
+++ b/modules/nixos/setup.nix
@@ -21,4 +21,5 @@ in
   options.swarselsystems.server.paperless = lib.mkEnableOption "enable paperless on server";
   options.swarselsystems.server.transmission = lib.mkEnableOption "enable transmission and friends on server";
   options.swarselsystems.server.syncthing = lib.mkEnableOption "enable syncthing on server";
+  options.swarselsystems.server.monitoring = lib.mkEnableOption "enable monitoring on server";
 }
diff --git a/profiles/server/common/default.nix b/profiles/server/common/default.nix
index fb5248d..8278e67 100644
--- a/profiles/server/common/default.nix
+++ b/profiles/server/common/default.nix
@@ -24,6 +24,7 @@
     ./paperless.nix
     ./transmission.nix
     ./syncthing.nix
+    ./monitoring.nix
   ];
 
   nix =
diff --git a/profiles/server/common/monitoring.nix b/profiles/server/common/monitoring.nix
index b5a7d7e..c651208 100644
--- a/profiles/server/common/monitoring.nix
+++ b/profiles/server/common/monitoring.nix
@@ -5,8 +5,8 @@
     sops.secrets = {
       grafanaadminpass = {
         owner = "grafana";
-      }
-        }
+      };
+    };
         users.users.grafana = {
         extraGroups = [ "users" ];
     };
@@ -14,10 +14,12 @@
     services.grafana = {
       enable = true;
       dataDir = "/Vault/data/grafana";
-      admin_password = "$__file{/run/secrets/grafanaadminpass}";
       settings = {
-        http_port = 3000;
-        http_addr = "127.0.0.1";
+        security.admin_password = "$__file{/run/secrets/grafanaadminpass}";
+        server = {
+          http_port = 3000;
+          http_addr = "127.0.0.1";
+        };
       };
     };
 
diff --git a/profiles/server/winters/default.nix b/profiles/server/winters/default.nix
index 3c5a38b..a7901f0 100644
--- a/profiles/server/winters/default.nix
+++ b/profiles/server/winters/default.nix
@@ -53,6 +53,7 @@
       paperless = true;
       transmission = true;
       syncthing = true;
+      monitoring = true;
     };
   };
 
diff --git a/secrets/server/winters/secrets.yaml b/secrets/server/winters/secrets.yaml
index d1bef1e..b700773 100644
--- a/secrets/server/winters/secrets.yaml
+++ b/secrets/server/winters/secrets.yaml
@@ -33,6 +33,7 @@ vpnloc: ENC[AES256_GCM,data:U8ModKho4vSHnMo9BOE978V6ZlMeQEoLaFW/,iv:Sw06YsWSZ4tG
 #ENC[AES256_GCM,data:yp7ApA4YLSk=,iv:O/SQxKe9EWqExHbeKsTXvbst0pjCxy3yiOjmeCVjmdY=,tag:RMkAOLOLCodnPSDEuImwRw==,type:comment]
 swarseluser: ENC[AES256_GCM,data:XvmOHYFNhb/bAYAZ/kmUWbbmRy/WrxSYri/Y5k+SH4N7ZIjuZDHOkWk93ERFuTb77HvhbPX/NRQraUoJoFsxGGg5co/gJnyfRg==,iv:J50PeDcC4PM3+yQ/YQNb8TW4kubwi2kjjSFU0RVFM30=,tag:ydLYkz1YKyguGZZZD/JcLA==,type:str]
 nextcloudadminpass: ENC[AES256_GCM,data:ZOCsu4/ijfheBfY9ZR5DBXSB,iv:bNlTLKQblnt2eYJqVgXwCaGAyAw2yhlb9Whsz0LBhm4=,tag:VQAWP/b8IghzXDFLJxXZ4Q==,type:str]
+grafanaadminpass: ENC[AES256_GCM,data:TBu0WOdvE+9CAH8EVm8=,iv:/usKOYscSXpo8tiSV/Las9eucBeYnpwG5DM9gJg8bfU=,tag:/LZqwuPWQyjSZURnsqq3hA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -48,8 +49,8 @@ sops:
             SHJMUFJSeGRQcTIyU1U5RXkvQi9NMzQKm8SP9jQ4fuIuddzqP+m6EJg7+zkX53jz
             bHaMPuLTaIHaaSDlVYe5stpyPDlZQ0NSGWV+HaIXkLZNfNM71hWYBQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-10-04T08:36:13Z"
-    mac: ENC[AES256_GCM,data:hQv1wB6bajUwKDIDObgbl15zrTjWjjq2ikEzn4WnnZs5ugqfFbNmqbWeadLhHSGjjUHNJy/9zQkM52Q0t2c4KOWY15F+ZcaQvlLB1pYF7zqOAmf1l9ruVOvuegCsFQBT4rZ0Z9XWrt+gacVtfrQa0IPxNyMWEaTHEIsGqfdaCEc=,iv:Kz1Occpgg2dX51v/UF4Ix2Zg60+uZG9oOrXX5T+ElJg=,tag:fg8FaThsSkLYEEniNo7ihg==,type:str]
+    lastmodified: "2024-10-18T19:30:49Z"
+    mac: ENC[AES256_GCM,data:2/OKp8nGwnllhsSn1KOG5OzzBRFVWF2Wi4Of+SsDE2EI91xHNt5DqNKES6xWH3sZMG0eKw4s4KCvMFGmZLkaoCanGscWe6GmZO6vOsTqI5261vJxFdJD40PPB5D2PywgfEIVR9elNDOLuXysekhSMg7497K5TvtQoJi0MXIDpvk=,iv:gW0/qEZwO0kPN0JynB/b8TjZJRYzaN8Qj7S7UWh5M+Q=,tag:UPOdYR7jJzevW3GJTySIUg==,type:str]
     pgp:
         - created_at: "2024-09-23T20:03:08Z"
           enc: |-
@@ -83,4 +84,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 4BE7925262289B476DBBC17B76FD3810215AE097
     unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.9.1