From bbe481be8a3849e9447ba6b089b4e6ca97d01bbc Mon Sep 17 00:00:00 2001
From: Bloxx12 <charlie@charlieroot.dev>
Date: Wed, 9 Apr 2025 15:31:18 +0200
Subject: [PATCH] services/grafana: init

---
 modules/services/grafana/module.nix    | 61 ++++++++++++++++++++++++++
 modules/services/postgresql/module.nix |  5 +++
 2 files changed, 66 insertions(+)
 create mode 100644 modules/services/grafana/module.nix

diff --git a/modules/services/grafana/module.nix b/modules/services/grafana/module.nix
new file mode 100644
index 0000000..40e3227
--- /dev/null
+++ b/modules/services/grafana/module.nix
@@ -0,0 +1,61 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib.modules) mkIf;
+  inherit (lib.options) mkEnableOption;
+
+  cfg = config.modules.system.services.grafana;
+  domain = "info.copeberg.org";
+  port = 4021;
+in {
+  options.modules.system.services.grafana.enable = mkEnableOption "Grafana, a graphing service";
+
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [config.services.grafana.settings.server.http_port];
+
+    modules.system.services.database.postgresql.enable = true;
+
+    services.grafana = {
+      enable = true;
+      package = pkgs.grafana;
+
+      settings = {
+        server = {
+          http_addr = "127.0.0.1";
+          http_port = port;
+
+          root_url = "https://${domain}";
+          domain = domain;
+          enforce_domain = true;
+        };
+        database = {
+          type = "postgres";
+          host = "/run/postgresql";
+          name = "grafana";
+          user = "grafana";
+          ssl_mode = "disable";
+        };
+
+        analytics = {
+          reporting_enabled = false;
+          check_for_updates = false;
+        };
+
+        # users.allow_signup = false;
+      };
+    };
+    services.nginx = {
+      enable = true;
+      virtualHosts.${domain} = {
+        addSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://localhost:${toString port}";
+        };
+      };
+    };
+  };
+}
diff --git a/modules/services/postgresql/module.nix b/modules/services/postgresql/module.nix
index 84e95b5..c055d0a 100644
--- a/modules/services/postgresql/module.nix
+++ b/modules/services/postgresql/module.nix
@@ -27,6 +27,7 @@ in {
 
       ensureDatabases = [
         "git"
+        "grafana"
       ];
 
       ensureUsers = [
@@ -44,6 +45,10 @@ in {
           name = "git";
           ensureDBOwnership = true;
         }
+        {
+          name = "grafana";
+          ensureDBOwnership = true;
+        }
       ];
       settings = {
         # taken from https://pgconfigurator.cybertec.at/