forgejo/module.nix: inherit mkEnableOption

On desktop systems, it is convenient to have the timeout
at zero, and just spam space when trying to start
a previous generation. On servers however, it is preferable
to have some time to choose the generation, which is
quite convenient if you have to acess is remotely via a
web interface, which tend to be quite slow and unresponsive.

hosts/tower/configuration.nix

@@ -29,8 +29,14 @@
       locate.enable = true;
     };
     system = {
-      boot.grub.enable = true;
-      services.forgejo.enable = true;
+      boot = {
+        grub.enable = true;
+        timeout = 30;
+      };
+      services = {
+        forgejo.enable = true;
+        grafana.enable = true;
+      };
       programs = {
         editors = {
           helix.enable = true;

modules/services/forgejo/module.nix

@@ -6,6 +6,7 @@
 }: let
   inherit (pkgs) fetchurl;
   inherit (lib.modules) mkIf;
+  inherit (lib.options) mkEnableOption;
   inherit (config.services.forgejo) customDir user group;
 
   cfg = config.modules.system.services.forgejo;
@@ -16,7 +17,7 @@
   acmeRoot = "/var/lib/acme/challenges-forgejo";
   dataDir = "/srv/data/forgejo";
 in {
-  options.modules.system.services.forgejo.enable = lib.mkEnableOption "forgejo";
+  options.modules.system.services.forgejo.enable = mkEnableOption "forgejo";
 
   config = mkIf cfg.enable {
     modules.system.services = {

modules/services/grafana/module.nix

@@ -0,0 +1,61 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib.modules) mkIf;
+  inherit (lib.options) mkEnableOption;
+
+  cfg = config.modules.system.services.grafana;
+  domain = "info.copeberg.org";
+  port = 4021;
+in {
+  options.modules.system.services.grafana.enable = mkEnableOption "Grafana, a graphing service";
+
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [config.services.grafana.settings.server.http_port];
+
+    modules.system.services.database.postgresql.enable = true;
+
+    services.grafana = {
+      enable = true;
+      package = pkgs.grafana;
+
+      settings = {
+        server = {
+          http_addr = "127.0.0.1";
+          http_port = port;
+
+          root_url = "https://${domain}";
+          domain = domain;
+          enforce_domain = true;
+        };
+        database = {
+          type = "postgres";
+          host = "/run/postgresql";
+          name = "grafana";
+          user = "grafana";
+          ssl_mode = "disable";
+        };
+
+        analytics = {
+          reporting_enabled = false;
+          check_for_updates = false;
+        };
+
+        # users.allow_signup = false;
+      };
+    };
+    services.nginx = {
+      enable = true;
+      virtualHosts.${domain} = {
+        addSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://localhost:${toString port}";
+        };
+      };
+    };
+  };
+}

modules/services/postgresql/module.nix

@@ -27,6 +27,7 @@ in {
 
       ensureDatabases = [
         "git"
+        "grafana"
       ];
 
       ensureUsers = [
@@ -44,6 +45,10 @@ in {
           name = "git";
           ensureDBOwnership = true;
         }
+        {
+          name = "grafana";
+          ensureDBOwnership = true;
+        }
       ];
       settings = {
         # taken from https://pgconfigurator.cybertec.at/

modules/system/boot/module.nix

@@ -5,13 +5,21 @@
   ...
 }: let
   inherit (lib.modules) mkForce;
-  inherit (lib.options) mkEnableOption;
+  inherit (lib.options) mkOption mkEnableOption;
+  inherit (lib.types) int;
 
   cfg = config.modules.system.boot;
 in {
   options.modules.system.boot = {
     grub.enable = mkEnableOption "Grub, a bloated boot loader";
     systemd-boot.enable = mkEnableOption "Poetteringboot";
+    timeout = mkOption {
+      description = ''
+        Set the boot loader's timeout. This is 0 by default, but preferably longer on remote servers to make switching to previous generations easier.
+      '';
+      type = int;
+      default = 0;
+    };
   };
   config = {
     assertions = [
@@ -33,7 +41,7 @@ in {
       loader = {
         efi.canTouchEfiVariables = true;
         # I love spamming space
-        timeout = 0;
+        timeout = cfg.timeout;
         systemd-boot = {
           enable = cfg.systemd-boot.enable;
           editor = mkForce false;