services/grafana: init

modules/services/grafana/module.nix

@@ -0,0 +1,61 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib.modules) mkIf;
+  inherit (lib.options) mkEnableOption;
+
+  cfg = config.modules.system.services.grafana;
+  domain = "info.copeberg.org";
+  port = 4021;
+in {
+  options.modules.system.services.grafana.enable = mkEnableOption "Grafana, a graphing service";
+
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [config.services.grafana.settings.server.http_port];
+
+    modules.system.services.database.postgresql.enable = true;
+
+    services.grafana = {
+      enable = true;
+      package = pkgs.grafana;
+
+      settings = {
+        server = {
+          http_addr = "127.0.0.1";
+          http_port = port;
+
+          root_url = "https://${domain}";
+          domain = domain;
+          enforce_domain = true;
+        };
+        database = {
+          type = "postgres";
+          host = "/run/postgresql";
+          name = "grafana";
+          user = "grafana";
+          ssl_mode = "disable";
+        };
+
+        analytics = {
+          reporting_enabled = false;
+          check_for_updates = false;
+        };
+
+        # users.allow_signup = false;
+      };
+    };
+    services.nginx = {
+      enable = true;
+      virtualHosts.${domain} = {
+        addSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://localhost:${toString port}";
+        };
+      };
+    };
+  };
+}

modules/services/postgresql/module.nix

@@ -27,6 +27,7 @@ in {
 
       ensureDatabases = [
         "git"
+        "grafana"
       ];
 
       ensureUsers = [
@@ -44,6 +45,10 @@ in {
           name = "git";
           ensureDBOwnership = true;
         }
+        {
+          name = "grafana";
+          ensureDBOwnership = true;
+        }
       ];
       settings = {
         # taken from https://pgconfigurator.cybertec.at/