feat: enable monitoring on winters

2025-12-06 09:07:21 +01:00 · 2024-10-18 21:34:23 +02:00 · 2024-10-18 21:34:23 +02:00 · 5f586cebef
commit 5f586cebef
parent 8c58ff78fe
6 changed files with 65 additions and 8 deletions
--- a/SwarselSystems.org
+++ b/SwarselSystems.org
@ -1975,6 +1975,7 @@ My work machine. Built for more security, this is the gold standard of my config
        paperless = true;
        transmission = true;
        syncthing = true;
+        monitoring = true;
      };
    };

@ -3460,6 +3461,7 @@ I usually use =mutableUsers = false= in my NixOS configuration. However, on a ne
    options.swarselsystems.server.paperless = lib.mkEnableOption "enable paperless on server";
    options.swarselsystems.server.transmission = lib.mkEnableOption "enable transmission and friends on server";
    options.swarselsystems.server.syncthing = lib.mkEnableOption "enable syncthing on server";
+    options.swarselsystems.server.monitoring = lib.mkEnableOption "enable monitoring on server";
  }
 #+end_src

@ -5388,6 +5390,7 @@ Also, the system state version is set here. No need to touch it.
      ./paperless.nix
      ./transmission.nix
      ./syncthing.nix
+      ./monitoring.nix
    ];

    nix =
@ -6563,6 +6566,54 @@ Also, the system state version is set here. No need to touch it.
  }
 #+end_src

+**** monitoring
+
+#+begin_src nix :tangle profiles/server/common/monitoring.nix
+  { pkgs, lib, config, ... }:
+  {
+    config = lib.mkIf config.swarselsystems.server.monitoring {
+
+      sops.secrets = {
+        grafanaadminpass = {
+          owner = "grafana";
+        }
+        }
+      users.users.grafana = {
+        extraGroups = [ "users" ];
+      };
+
+      services.grafana = {
+        enable = true;
+        dataDir = "/Vault/data/grafana";
+        admin_password = "$__file{/run/secrets/grafanaadminpass}";
+        settings = {
+          http_port = 3000;
+          http_addr = "127.0.0.1";
+        };
+      };
+
+      services.nginx = {
+        virtualHosts = {
+          "status.swarsel.win" = {
+            enableACME = true;
+            forceSSL = true;
+            acmeRoot = null;
+            locations = {
+              "/" = {
+                proxyPass = "http://localhost:3000/";
+                extraConfig = ''
+                  client_max_body_size 0;
+                '';
+              };
+            };
+          };
+        };
+      };
+    };
+
+  }
+#+end_src
+

 *** Optional
 :PROPERTIES: