Skip to content

Commit

Permalink
grafana: add netsage-sankey-panel
Browse files Browse the repository at this point in the history
  • Loading branch information
@MarcelCoding
MarcelCoding committed Jan 7, 2025
1 parent d046f55 commit fd03dd7
Showing 1 changed file with 151 additions and 138 deletions.
289 changes: 151 additions & 138 deletions modules/obs/grafana.nix
View file
Original file line number Diff line number Diff line change
@@ -1,153 +1,166 @@
{ self, config, ... }:
{
sops.secrets."obs_db_pw" = {
sopsFile = self + "/secrets/management/obs.yaml";
owner = config.systemd.services.grafana.serviceConfig.User;
};
sops.secrets."obs_auth_secret_key" = {
sopsFile = self + "/secrets/management/obs.yaml";
owner = config.systemd.services.grafana.serviceConfig.User;
{ self, config, pkgs, ... }:

let
sankey-panel-plugin = pkgs.grafanaPlugins.grafanaPlugin {
pname = "netsage-sankey-panel";
version = "1.1.3";
zipHash = "sha256-HUFJcolJqdveAB5e4kjBnEXd3+ZbyXgAHawlEHDGtrw=";
};
sops.secrets."obs_secret_key" = {
sopsFile = self + "/secrets/management/obs.yaml";
owner = config.systemd.services.grafana.serviceConfig.User;
in
{
sops.secrets = {
"obs_db_pw" = {
sopsFile = self + "/secrets/management/obs.yaml";
owner = config.systemd.services.grafana.serviceConfig.User;
};
"obs_auth_secret_key" = {
sopsFile = self + "/secrets/management/obs.yaml";
owner = config.systemd.services.grafana.serviceConfig.User;
};
"obs_secret_key" = {
sopsFile = self + "/secrets/management/obs.yaml";
owner = config.systemd.services.grafana.serviceConfig.User;
};
};

services.nginx = {
enable = true;
virtualHosts."obs.${config.dd-ix.domain}" = {
listen = [{
addr = "[::]:443";
proxyProtocol = true;
ssl = true;
}];
services = {
nginx = {
enable = true;
virtualHosts."obs.${config.dd-ix.domain}" = {
listen = [{
addr = "[::]:443";
proxyProtocol = true;
ssl = true;
}];

onlySSL = true;
useACMEHost = "obs.${config.dd-ix.domain}";
onlySSL = true;
useACMEHost = "obs.${config.dd-ix.domain}";

locations."/" = {
proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
locations."/" = {
proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
};
};
};
};

services.grafana = {
enable = true;
settings = {
server = {
enforce_domain = true;
domain = "obs.${config.dd-ix.domain}";
root_url = "https://obs.${config.dd-ix.domain}";
enable_gzip = true;
};
log.level = "warn";
security = {
disable_initial_admin_creation = true;
disable_gravatar = true;
data_source_proxy_whitelist = [
"svc-prom01.dd-ix.net:443"
"svc-prom02.dd-ix.net:443"
];
csrf_trusted_origins = [
"auth.dd-ix.net"
];
cookie_secure = true;
cookie_samesite = "strict";
content_security_policy = true;
strict_transport_security = true;
allow_embedding = false;
secret_key = "$__file{${config.sops.secrets."obs_secret_key".path}}";
};
smtp = {
enabled = true;
host = "svc-mta01.dd-ix.net:25";
from_name = "DD-IX OBS";
from_address = "[email protected]";
startTLS_policy = "MandatoryStartTLS";
};
database = {
user = "grafana";
type = "postgres";
ssl_mode = "verify-full";
server_cert_name = "svc-pg01.dd-ix.net";
name = "grafana";
host = "svc-pg01.dd-ix.net";
password = "$__file{${config.sops.secrets."obs_db_pw".path}}";
};
analytics = {
reporting_enabled = false;
feedback_links_enabled = false;
};
auth = {
signout_redirect_url = "https://auth.dd-ix.net/application/o/obs/end-session/";
};
"auth.generic_oauth" = {
name = "DD-IX Auth";
enabled = true;
client_id = "0JoW22eMuKF2CPfQUjL1AlnuQ96Bx6fGdJt9iZJa";
client_secret = "$__file{${config.sops.secrets."obs_auth_secret_key".path}}";
scopes = "openid email profile";
auto_login = true;
disable_login_form = true;
auth_url = "https://auth.dd-ix.net/application/o/authorize/";
token_url = "https://auth.dd-ix.net/application/o/token/";
api_url = "https://auth.dd-ix.net/application/o/userinfo/";
role_attribute_path = "contains(groups, 'DDIX-Board') && 'Admin' || contains(groups, 'DDIX-Tech') && 'Editor' || 'Viewer'";
login_attribute_path = "preferred_username";
grafana = {
enable = true;
declarativePlugins = [ sankey-panel-plugin ];
settings = {
server = {
enforce_domain = true;
domain = "obs.${config.dd-ix.domain}";
root_url = "https://obs.${config.dd-ix.domain}";
enable_gzip = true;
};
log.level = "warn";
security = {
disable_initial_admin_creation = true;
disable_gravatar = true;
data_source_proxy_whitelist = [
"svc-prom01.dd-ix.net:443"
"svc-prom02.dd-ix.net:443"
];
csrf_trusted_origins = [
"auth.dd-ix.net"
];
cookie_secure = true;
cookie_samesite = "strict";
content_security_policy = true;
strict_transport_security = true;
allow_embedding = false;
secret_key = "$__file{${config.sops.secrets."obs_secret_key".path}}";
};
smtp = {
enabled = true;
host = "svc-mta01.dd-ix.net:25";
from_name = "DD-IX OBS";
from_address = "[email protected]";
startTLS_policy = "MandatoryStartTLS";
};
database = {
user = "grafana";
type = "postgres";
ssl_mode = "verify-full";
server_cert_name = "svc-pg01.dd-ix.net";
name = "grafana";
host = "svc-pg01.dd-ix.net";
password = "$__file{${config.sops.secrets."obs_db_pw".path}}";
};
analytics = {
reporting_enabled = false;
feedback_links_enabled = false;
};
auth = {
signout_redirect_url = "https://auth.dd-ix.net/application/o/obs/end-session/";
};
"auth.generic_oauth" = {
name = "DD-IX Auth";
enabled = true;
client_id = "0JoW22eMuKF2CPfQUjL1AlnuQ96Bx6fGdJt9iZJa";
client_secret = "$__file{${config.sops.secrets."obs_auth_secret_key".path}}";
scopes = "openid email profile";
auto_login = true;
disable_login_form = true;
auth_url = "https://auth.dd-ix.net/application/o/authorize/";
token_url = "https://auth.dd-ix.net/application/o/token/";
api_url = "https://auth.dd-ix.net/application/o/userinfo/";
role_attribute_path = "contains(groups, 'DDIX-Board') && 'Admin' || contains(groups, 'DDIX-Tech') && 'Editor' || 'Viewer'";
login_attribute_path = "preferred_username";
};
user.auto_assign_org = true;
remote_cache = {
type = "redis";
connstr = "addr=${config.services.redis.servers.grafana.bind}:${builtins.toString config.services.redis.servers.grafana.port},pool_size=100,db=0,ssl=false";
};
metrics.enabled = false;
};
user.auto_assign_org = true;
remote_cache = {
type = "redis";
connstr = "addr=${config.services.redis.servers.grafana.bind}:${builtins.toString config.services.redis.servers.grafana.port},pool_size=100,db=0,ssl=false";
provision = {
enable = true;
datasources.settings = {
deleteDatasources = [
{ name = "svc-prom01"; orgId = 1; }
{ name = "svc-prom01_15s"; orgId = 1; }
{ name = "svc-prom01_1m"; orgId = 1; }
{ name = "svc-prom02_15s"; orgId = 1; }
{ name = "svc-prom02_1m"; orgId = 1; }
];
datasources = [
{
name = "svc-prom02_15s";
url = "https://svc-prom02.dd-ix.net:443";
uid = "svc-prom02_15s";
type = "prometheus";
access = "proxy";
enable = true;
jsonData.timeInterval = "15s";
}
{
name = "svc-prom02_1m";
url = "https://svc-prom02.dd-ix.net:443";
uid = "svc-prom02_1m";
type = "prometheus";
access = "proxy";
enable = true;
jsonData.timeInterval = "1m";
}
{
name = "svc-prom01_1m";
url = "https://svc-prom01.dd-ix.net:443";
uid = "svc-prom01_1m";
type = "prometheus";
access = "proxy";
enable = true;
jsonData.timeInterval = "1m";
}
];
};
};
metrics.enabled = false;
};
provision = {

redis.servers.grafana = {
enable = true;
datasources.settings = {
deleteDatasources = [
{ name = "svc-prom01"; orgId = 1; }
{ name = "svc-prom01_15s"; orgId = 1; }
{ name = "svc-prom01_1m"; orgId = 1; }
{ name = "svc-prom02_15s"; orgId = 1; }
{ name = "svc-prom02_1m"; orgId = 1; }
];
datasources = [
{
name = "svc-prom02_15s";
url = "https://svc-prom02.dd-ix.net:443";
uid = "svc-prom02_15s";
type = "prometheus";
access = "proxy";
enable = true;
jsonData.timeInterval = "15s";
}
{
name = "svc-prom02_1m";
url = "https://svc-prom02.dd-ix.net:443";
uid = "svc-prom02_1m";
type = "prometheus";
access = "proxy";
enable = true;
jsonData.timeInterval = "1m";
}
{
name = "svc-prom01_1m";
url = "https://svc-prom01.dd-ix.net:443";
uid = "svc-prom01_1m";
type = "prometheus";
access = "proxy";
enable = true;
jsonData.timeInterval = "1m";
}
];
};
port = 6379;
};
};

services.redis.servers.grafana = {
enable = true;
port = 6379;
};
}

0 comments on commit fd03dd7

Please sign in to comment.