Add grafana and postgresql

I should probably move some stuff over from my other postgres instance
2021-11-14 22:46:14 +01:00 · 2021-11-14 22:46:14 +01:00 · c2a369c498
parent 0dc227fc5f
commit c2a369c498
5 changed files with 132 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -51,6 +51,21 @@
      ];
    };

+    nixosConfigurations.postgresql = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [
+        "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
+        ./hosts/postgresql/configuration.nix
+      ];
+    };
+    nixosConfigurations.grafana = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [
+        "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
+        ./hosts/grafana/configuration.nix
+      ];
+    };
+
    deploy.nodes.nginx = {
      hostname = "10.42.20.2";
      fastConnection = true;
@ -111,6 +126,26 @@
      };
    };

+    deploy.nodes.postgresql = {
+      hostname = "10.42.20.8";
+      fastConnection = true;
+      profiles.system = {
+        user = "root";
+        path = deploy-rs.lib.x86_64-linux.activate.nixos
+          self.nixosConfigurations.postgresql;
+      };
+    };
+
+    deploy.nodes.grafana = {
+      hostname = "10.42.20.9";
+      fastConnection = true;
+      profiles.system = {
+        user = "root";
+        path = deploy-rs.lib.x86_64-linux.activate.nixos
+          self.nixosConfigurations.grafana;
+      };
+    };
+
    checks =
      builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy)
      deploy-rs.lib;
--- a/hosts/grafana/configuration.nix
+++ b/hosts/grafana/configuration.nix
@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+let secrets = import ./secrets.nix;
+in {
+  imports = [
+    # Import common config
+    ../../common/generic-lxc.nix
+    ../../common
+  ];
+
+  networking.hostName = "grafana";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+
+  environment.systemPackages = with pkgs; [ ];
+
+  environment.etc.adminPass = {
+    enable = true;
+    text = secrets.passwd;
+  };
+
+  environment.etc.signKey = {
+    enable = true;
+    text = secrets.secretKey;
+  };
+  
+  networking.firewall.allowedTCPPorts = [ 3000 ];
+
+  services.grafana = {
+    enable = true;
+    protocol = "http";
+    domain = "grafana.voidcorp.nl";
+    rootUrl = "https://grafana.voidcorp.nl/";
+    addr = "0.0.0.0";
+    port = 3000;
+    database = {
+      type = "postgres";
+      host = "postgresql.voidlocal";
+      user = "grafana";
+      passwordFile = "/etc/adminPass";
+    };
+    security = {
+      adminUser = secrets.adminUser;
+      adminPasswordFile = "/etc/adminPass";
+      secretKeyFile = "/etc/signKey";
+    };
+    analytics.reporting.enable = false;
+  };
+
+}
--- a/hosts/grafana/secrets.nix
+++ b/hosts/grafana/secrets.nix
--- a/hosts/nginx/configuration.nix
+++ b/hosts/nginx/configuration.nix
@ -54,6 +54,7 @@ in {
    virtualHosts."s3.voidcorp.nl" = proxy "http://10.42.20.6:9000/";
    virtualHosts."explore.s3.voidcorp.nl" = proxy "http://10.42.20.6:9001/";
    virtualHosts."registry.voidcorp.nl" = proxy "http://10.42.20.7:5000/";
+    virtualHosts."grafana.voidcorp.nl" = proxy "http://10.42.20.9:3000/";
  };

  security.acme.email = "acme@voidcorp.nl";
--- a/hosts/postgresql/configuration.nix
+++ b/hosts/postgresql/configuration.nix
@ -0,0 +1,41 @@
+{ config, pkgs, ... }:
+let
+in {
+  imports = [
+    # Import common config
+    ../../common/generic-lxc.nix
+    ../../common
+  ];
+
+  networking.hostName = "postgresql";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+
+  environment.systemPackages = with pkgs; [ ];
+
+  networking.firewall.allowedTCPPorts = [ 5432 ];
+
+  services.postgresql = {
+    enable = true;
+    authentication = "host all all 10.42.0.0/16 trust";
+    ensureDatabases = [ "prometheus" "grafana" ];
+    ensureUsers = [
+      {
+        name = "prometheus";
+        ensurePermissions = { "DATABASE \"prometheus\"" = "ALL PRIVILEGES"; };
+      }
+      {
+        name = "grafana";
+        ensurePermissions = { "DATABASE \"grafana\"" = "ALL PRIVILEGES"; };
+      }
+    ];
+    enableTCPIP = true;
+  };
+
+}