diff options
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/authelia/module.nix | 3 | ||||
| -rw-r--r-- | apps/grafana/appspec.nix | 9 | ||||
| -rw-r--r-- | apps/grafana/integration.nix | 3 | ||||
| -rw-r--r-- | apps/grafana/module.nix | 35 |
4 files changed, 49 insertions, 1 deletions
diff --git a/apps/authelia/module.nix b/apps/authelia/module.nix index fa4d35d..93119ba 100644 --- a/apps/authelia/module.nix +++ b/apps/authelia/module.nix @@ -8,7 +8,8 @@ services.authelia.instances.default.settings.notifier.filesystem.filename = "/var/lib/authelia-default/notifier.txt"; services.authelia.instances.default.settings.server.host = "0.0.0.0"; services.authelia.instances.default.settings.server.port = 9091; - services.authelia.instances.default.settings.session.domain = appConfig.domain; + # TODO this is not appConfig.domain! + services.authelia.instances.default.settings.session.domain = "nomath.org"; services.authelia.instances.default.settings.storage.local.path = "/var/lib/authelia-default/storage.sqlite3"; } # configure secrets diff --git a/apps/grafana/appspec.nix b/apps/grafana/appspec.nix new file mode 100644 index 0000000..1fe0d38 --- /dev/null +++ b/apps/grafana/appspec.nix @@ -0,0 +1,9 @@ +{ fysilib, lib, ... }: { + description = "Grafana"; + endOfLife = null; + options = { + domain = lib.mkOption { + type = fysilib.types.fqdn; + }; + }; +} diff --git a/apps/grafana/integration.nix b/apps/grafana/integration.nix new file mode 100644 index 0000000..936c6c7 --- /dev/null +++ b/apps/grafana/integration.nix @@ -0,0 +1,3 @@ +{ ... }: { + port = 3000; +} diff --git a/apps/grafana/module.nix b/apps/grafana/module.nix new file mode 100644 index 0000000..8f2a365 --- /dev/null +++ b/apps/grafana/module.nix @@ -0,0 +1,35 @@ +{ appConfig, lib, ... }: lib.mkMerge [ + { + services.grafana.enable = true; + services.grafana.settings.security.disable_initial_admin_creation = true; + services.grafana.settings.server.domain = appConfig.domain; + services.grafana.settings.server.http_addr = "[::0]"; + } + { + services.prometheus.enable = true; + services.prometheus.exporters.systemd.enable = true; + services.prometheus.scrapeConfigs = [ + { + job_name = "systemd"; + static_configs = [{ targets = [ "[::1]:9558" ]; }]; + } + ]; + } + { + services.grafana.settings."auth.proxy".auto_sign_up = true; + services.grafana.settings."auth.proxy".enabled = true; + services.grafana.settings."auth.proxy".header_name = "Remote-User"; + services.grafana.settings."auth.proxy".headers = lib.concatStringsSep " " [ "Email:Remote-Email" "Name:Remote-Name" "Role:Remote-Role" ]; + + services.grafana.settings."users".allow_sign_up = false; + } + { + services.grafana.provision.datasources.settings.datasources = [ + { + name = "Prometheus"; + type = "prometheus"; + url = "http://[23::1]:9090"; + } + ]; + } +] |