diff options
| author | Seth Flynn <[email protected]> | 2025-04-03 07:46:08 -0400 |
|---|---|---|
| committer | Seth Flynn <[email protected]> | 2025-04-03 07:51:45 -0400 |
| commit | 8ec093da85fdd820ca96238145abc7cb132d5423 (patch) | |
| tree | 58756bacf95703e638add8177e4246ef9c16a7a0 /modules/nixos/mixins/grafana.nix | |
| parent | db76d5cde3efa16cf49a6a80a55ce4c37dcd96aa (diff) | |
atlas: stop hosting victorialogs/victoriametrics & grafana
Diffstat (limited to 'modules/nixos/mixins/grafana.nix')
| -rw-r--r-- | modules/nixos/mixins/grafana.nix | 82 |
1 files changed, 0 insertions, 82 deletions
diff --git a/modules/nixos/mixins/grafana.nix b/modules/nixos/mixins/grafana.nix deleted file mode 100644 index 03f2c6a..0000000 --- a/modules/nixos/mixins/grafana.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ - config, - lib, - secretsDir, - ... -}: - -let - grafanaCfg = config.services.grafana; -in - -{ - config = lib.mkMerge [ - { - services.grafana = { - settings = { - analytics = { - feedback_links_enabled = false; - reporting_enabled = false; - }; - - server = { - http_port = 6000; - - domain = lib.mkDefault ("grafana." + config.networking.domain); - enable_gzip = true; - enforce_domain = true; - root_url = "https://" + grafanaCfg.settings.server.domain + "/"; - }; - }; - }; - } - - (lib.mkIf grafanaCfg.enable { - services = { - nginx.virtualHosts.${grafanaCfg.settings.server.domain} = { - locations."/" = { - proxyPass = "http://${grafanaCfg.settings.server.http_addr}:${toString grafanaCfg.settings.server.http_port}"; - proxyWebsockets = true; - }; - }; - }; - }) - - (lib.mkIf config.services.kanidm.enableServer { - services.grafana = { - settings = { - "auth.basic".enabled = false; - - "auth.generic_oauth" = { - enabled = true; - - name = "Kanidm"; - client_id = "grafana"; - client_secret = "$__file{${config.age.secrets.grafanaKanidm.path}}"; - scopes = "openid,profile,email,groups"; - auth_url = config.services.kanidm.serverSettings.origin + "/ui/oauth2"; - token_url = config.services.kanidm.serverSettings.origin + "/oauth2/token"; - api_url = config.services.kanidm.serverSettings.origin + "/oauth2/openid/grafana/userinfo"; - use_pkce = true; - use_refresh_token = true; - - allow_assign_grafana_admin = true; - allow_sign_up = true; - auto_login = true; - groups_attribute_path = "groups"; - login_attribute_path = "preferred_username"; - role_attribute_path = "contains(grafana_role[*], 'GrafanaAdmin') && 'GrafanaAdmin' || contains(grafana_role[*], 'Admin') && 'Admin' || contains(grafana_role[*], 'Editor') && 'Editor' || 'Viewer'"; - }; - }; - }; - }) - - (lib.mkIf (grafanaCfg.enable && config.services.kanidm.enableServer) { - age.secrets.grafanaKanidm = { - file = secretsDir + "/grafanaKanidmSecret.age"; - owner = config.users.users.grafana.name; - group = config.users.groups.grafana.name; - }; - }) - ]; -} |