Skip to content

Commit fd03dd7

Browse files
MarcelCodingMarcelCoding
committed
grafana: add netsage-sankey-panel
1 parent d046f55 commit fd03dd7

File tree

1 file changed

+151
-138
lines changed

1 file changed

+151
-138
lines changed

modules/obs/grafana.nix

Lines changed: 151 additions & 138 deletions
Original file line numberDiff line numberDiff line change
@@ -1,153 +1,166 @@
1-
{ self, config, ... }:
2-
{
3-
sops.secrets."obs_db_pw" = {
4-
sopsFile = self + "/secrets/management/obs.yaml";
5-
owner = config.systemd.services.grafana.serviceConfig.User;
6-
};
7-
sops.secrets."obs_auth_secret_key" = {
8-
sopsFile = self + "/secrets/management/obs.yaml";
9-
owner = config.systemd.services.grafana.serviceConfig.User;
1+
{ self, config, pkgs, ... }:
2+
3+
let
4+
sankey-panel-plugin = pkgs.grafanaPlugins.grafanaPlugin {
5+
pname = "netsage-sankey-panel";
6+
version = "1.1.3";
7+
zipHash = "sha256-HUFJcolJqdveAB5e4kjBnEXd3+ZbyXgAHawlEHDGtrw=";
108
};
11-
sops.secrets."obs_secret_key" = {
12-
sopsFile = self + "/secrets/management/obs.yaml";
13-
owner = config.systemd.services.grafana.serviceConfig.User;
9+
in
10+
{
11+
sops.secrets = {
12+
"obs_db_pw" = {
13+
sopsFile = self + "/secrets/management/obs.yaml";
14+
owner = config.systemd.services.grafana.serviceConfig.User;
15+
};
16+
"obs_auth_secret_key" = {
17+
sopsFile = self + "/secrets/management/obs.yaml";
18+
owner = config.systemd.services.grafana.serviceConfig.User;
19+
};
20+
"obs_secret_key" = {
21+
sopsFile = self + "/secrets/management/obs.yaml";
22+
owner = config.systemd.services.grafana.serviceConfig.User;
23+
};
1424
};
1525

16-
services.nginx = {
17-
enable = true;
18-
virtualHosts."obs.${config.dd-ix.domain}" = {
19-
listen = [{
20-
addr = "[::]:443";
21-
proxyProtocol = true;
22-
ssl = true;
23-
}];
26+
services = {
27+
nginx = {
28+
enable = true;
29+
virtualHosts."obs.${config.dd-ix.domain}" = {
30+
listen = [{
31+
addr = "[::]:443";
32+
proxyProtocol = true;
33+
ssl = true;
34+
}];
2435

25-
onlySSL = true;
26-
useACMEHost = "obs.${config.dd-ix.domain}";
36+
onlySSL = true;
37+
useACMEHost = "obs.${config.dd-ix.domain}";
2738

28-
locations."/" = {
29-
proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
30-
proxyWebsockets = true;
39+
locations."/" = {
40+
proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
41+
proxyWebsockets = true;
42+
};
3143
};
3244
};
33-
};
3445

35-
services.grafana = {
36-
enable = true;
37-
settings = {
38-
server = {
39-
enforce_domain = true;
40-
domain = "obs.${config.dd-ix.domain}";
41-
root_url = "https://obs.${config.dd-ix.domain}";
42-
enable_gzip = true;
43-
};
44-
log.level = "warn";
45-
security = {
46-
disable_initial_admin_creation = true;
47-
disable_gravatar = true;
48-
data_source_proxy_whitelist = [
49-
"svc-prom01.dd-ix.net:443"
50-
"svc-prom02.dd-ix.net:443"
51-
];
52-
csrf_trusted_origins = [
53-
"auth.dd-ix.net"
54-
];
55-
cookie_secure = true;
56-
cookie_samesite = "strict";
57-
content_security_policy = true;
58-
strict_transport_security = true;
59-
allow_embedding = false;
60-
secret_key = "$__file{${config.sops.secrets."obs_secret_key".path}}";
61-
};
62-
smtp = {
63-
enabled = true;
64-
host = "svc-mta01.dd-ix.net:25";
65-
from_name = "DD-IX OBS";
66-
from_address = "[email protected]";
67-
startTLS_policy = "MandatoryStartTLS";
68-
};
69-
database = {
70-
user = "grafana";
71-
type = "postgres";
72-
ssl_mode = "verify-full";
73-
server_cert_name = "svc-pg01.dd-ix.net";
74-
name = "grafana";
75-
host = "svc-pg01.dd-ix.net";
76-
password = "$__file{${config.sops.secrets."obs_db_pw".path}}";
77-
};
78-
analytics = {
79-
reporting_enabled = false;
80-
feedback_links_enabled = false;
81-
};
82-
auth = {
83-
signout_redirect_url = "https://auth.dd-ix.net/application/o/obs/end-session/";
84-
};
85-
"auth.generic_oauth" = {
86-
name = "DD-IX Auth";
87-
enabled = true;
88-
client_id = "0JoW22eMuKF2CPfQUjL1AlnuQ96Bx6fGdJt9iZJa";
89-
client_secret = "$__file{${config.sops.secrets."obs_auth_secret_key".path}}";
90-
scopes = "openid email profile";
91-
auto_login = true;
92-
disable_login_form = true;
93-
auth_url = "https://auth.dd-ix.net/application/o/authorize/";
94-
token_url = "https://auth.dd-ix.net/application/o/token/";
95-
api_url = "https://auth.dd-ix.net/application/o/userinfo/";
96-
role_attribute_path = "contains(groups, 'DDIX-Board') && 'Admin' || contains(groups, 'DDIX-Tech') && 'Editor' || 'Viewer'";
97-
login_attribute_path = "preferred_username";
46+
grafana = {
47+
enable = true;
48+
declarativePlugins = [ sankey-panel-plugin ];
49+
settings = {
50+
server = {
51+
enforce_domain = true;
52+
domain = "obs.${config.dd-ix.domain}";
53+
root_url = "https://obs.${config.dd-ix.domain}";
54+
enable_gzip = true;
55+
};
56+
log.level = "warn";
57+
security = {
58+
disable_initial_admin_creation = true;
59+
disable_gravatar = true;
60+
data_source_proxy_whitelist = [
61+
"svc-prom01.dd-ix.net:443"
62+
"svc-prom02.dd-ix.net:443"
63+
];
64+
csrf_trusted_origins = [
65+
"auth.dd-ix.net"
66+
];
67+
cookie_secure = true;
68+
cookie_samesite = "strict";
69+
content_security_policy = true;
70+
strict_transport_security = true;
71+
allow_embedding = false;
72+
secret_key = "$__file{${config.sops.secrets."obs_secret_key".path}}";
73+
};
74+
smtp = {
75+
enabled = true;
76+
host = "svc-mta01.dd-ix.net:25";
77+
from_name = "DD-IX OBS";
78+
from_address = "[email protected]";
79+
startTLS_policy = "MandatoryStartTLS";
80+
};
81+
database = {
82+
user = "grafana";
83+
type = "postgres";
84+
ssl_mode = "verify-full";
85+
server_cert_name = "svc-pg01.dd-ix.net";
86+
name = "grafana";
87+
host = "svc-pg01.dd-ix.net";
88+
password = "$__file{${config.sops.secrets."obs_db_pw".path}}";
89+
};
90+
analytics = {
91+
reporting_enabled = false;
92+
feedback_links_enabled = false;
93+
};
94+
auth = {
95+
signout_redirect_url = "https://auth.dd-ix.net/application/o/obs/end-session/";
96+
};
97+
"auth.generic_oauth" = {
98+
name = "DD-IX Auth";
99+
enabled = true;
100+
client_id = "0JoW22eMuKF2CPfQUjL1AlnuQ96Bx6fGdJt9iZJa";
101+
client_secret = "$__file{${config.sops.secrets."obs_auth_secret_key".path}}";
102+
scopes = "openid email profile";
103+
auto_login = true;
104+
disable_login_form = true;
105+
auth_url = "https://auth.dd-ix.net/application/o/authorize/";
106+
token_url = "https://auth.dd-ix.net/application/o/token/";
107+
api_url = "https://auth.dd-ix.net/application/o/userinfo/";
108+
role_attribute_path = "contains(groups, 'DDIX-Board') && 'Admin' || contains(groups, 'DDIX-Tech') && 'Editor' || 'Viewer'";
109+
login_attribute_path = "preferred_username";
110+
};
111+
user.auto_assign_org = true;
112+
remote_cache = {
113+
type = "redis";
114+
connstr = "addr=${config.services.redis.servers.grafana.bind}:${builtins.toString config.services.redis.servers.grafana.port},pool_size=100,db=0,ssl=false";
115+
};
116+
metrics.enabled = false;
98117
};
99-
user.auto_assign_org = true;
100-
remote_cache = {
101-
type = "redis";
102-
connstr = "addr=${config.services.redis.servers.grafana.bind}:${builtins.toString config.services.redis.servers.grafana.port},pool_size=100,db=0,ssl=false";
118+
provision = {
119+
enable = true;
120+
datasources.settings = {
121+
deleteDatasources = [
122+
{ name = "svc-prom01"; orgId = 1; }
123+
{ name = "svc-prom01_15s"; orgId = 1; }
124+
{ name = "svc-prom01_1m"; orgId = 1; }
125+
{ name = "svc-prom02_15s"; orgId = 1; }
126+
{ name = "svc-prom02_1m"; orgId = 1; }
127+
];
128+
datasources = [
129+
{
130+
name = "svc-prom02_15s";
131+
url = "https://svc-prom02.dd-ix.net:443";
132+
uid = "svc-prom02_15s";
133+
type = "prometheus";
134+
access = "proxy";
135+
enable = true;
136+
jsonData.timeInterval = "15s";
137+
}
138+
{
139+
name = "svc-prom02_1m";
140+
url = "https://svc-prom02.dd-ix.net:443";
141+
uid = "svc-prom02_1m";
142+
type = "prometheus";
143+
access = "proxy";
144+
enable = true;
145+
jsonData.timeInterval = "1m";
146+
}
147+
{
148+
name = "svc-prom01_1m";
149+
url = "https://svc-prom01.dd-ix.net:443";
150+
uid = "svc-prom01_1m";
151+
type = "prometheus";
152+
access = "proxy";
153+
enable = true;
154+
jsonData.timeInterval = "1m";
155+
}
156+
];
157+
};
103158
};
104-
metrics.enabled = false;
105159
};
106-
provision = {
160+
161+
redis.servers.grafana = {
107162
enable = true;
108-
datasources.settings = {
109-
deleteDatasources = [
110-
{ name = "svc-prom01"; orgId = 1; }
111-
{ name = "svc-prom01_15s"; orgId = 1; }
112-
{ name = "svc-prom01_1m"; orgId = 1; }
113-
{ name = "svc-prom02_15s"; orgId = 1; }
114-
{ name = "svc-prom02_1m"; orgId = 1; }
115-
];
116-
datasources = [
117-
{
118-
name = "svc-prom02_15s";
119-
url = "https://svc-prom02.dd-ix.net:443";
120-
uid = "svc-prom02_15s";
121-
type = "prometheus";
122-
access = "proxy";
123-
enable = true;
124-
jsonData.timeInterval = "15s";
125-
}
126-
{
127-
name = "svc-prom02_1m";
128-
url = "https://svc-prom02.dd-ix.net:443";
129-
uid = "svc-prom02_1m";
130-
type = "prometheus";
131-
access = "proxy";
132-
enable = true;
133-
jsonData.timeInterval = "1m";
134-
}
135-
{
136-
name = "svc-prom01_1m";
137-
url = "https://svc-prom01.dd-ix.net:443";
138-
uid = "svc-prom01_1m";
139-
type = "prometheus";
140-
access = "proxy";
141-
enable = true;
142-
jsonData.timeInterval = "1m";
143-
}
144-
];
145-
};
163+
port = 6379;
146164
};
147165
};
148-
149-
services.redis.servers.grafana = {
150-
enable = true;
151-
port = 6379;
152-
};
153166
}

0 commit comments

Comments
 (0)