plumjam/nixos - Change DQKCPBYIW34BPR3BNMCBID7HL3MHGKR47LGBJ6B7VSIKMCOV3EFAC

hosts.plum: add grafana and prometheus for monitoring

Created by James Plummer on September 7, 2025

DQKCPBYIW34BPR3BNMCBID7HL3MHGKR47LGBJ6B7VSIKMCOV3EFAC

Dependencies

In channels

main

Change contents

Insertion in secrets.nix at line 13 [4.1]

[2.144]

[3.205]


  "hosts/plum/grafana/password.age".publicKeys = [ plum ] ++ admins;

File addition: linux (d--x------)
[5.2]

File addition: node-exporter.nix (----------)

[0.77]

{ config, lib, ... }: let
  inherit (lib) enabled merge mkIf;
in merge <| mkIf true {
  services.prometheus.exporters.node = enabled {
    enabledCollectors = [ "processes" "systemd" ];
    listenAddress = "[::]";
  };
}

File addition: grafana (d--x------)
[6.7]

File addition: prometheus.nix (----------)

[0.447]

{ self, config, lib, ... }: let
  inherit (lib) enabled filterAttrs flatten mapAttrsToList;
in {
  services.grafana.provision.datasources.settings = {
    datasources = [{
      name = "Prometheus";
      type = "prometheus";
      url = "http://[::1]:${toString config.services.prometheus.port}";
      orgId = 1;
    }];
    deleteDatasources = [{
      name = "Prometheus";
      orgId = 1;
    }];
  };
  services.prometheus = enabled {
    listenAddress = "[::]";
    retentionTime = "1w";
    scrapeConfigs = let
      configToScrapeConfig = hostName: { config, ... }: let
        hostConfig = config;
      in hostConfig.services.prometheus.exporters
        |> filterAttrs (exporterName: exporterConfig:
          exporterName != "minio" &&
          exporterName != "unifi-poller" &&
          exporterName != "tor" &&
          exporterConfig.enable or false)
        |> mapAttrsToList (exporterName: exporterConfig: {
          job_name = "${exporterName}-${hostName}";
          static_configs = [{
            targets = [ "${hostName}:${toString exporterConfig.port}" ];
          }];
        });
    in self.nixosConfigurations
      |> mapAttrsToList configToScrapeConfig
      |> flatten;
  };
}

File addition: password.age (----------)
[0.447]

File addition: default.nix (----------)

[0.447]

{ self, config, lib, ... }: let
  inherit (config.networking) domain;
  inherit (lib) const enabled genAttrs merge;
  fqdn = "metrics.${domain}";
  port = 8000;
in {
  imports = [
    (self + /modules/nginx.nix)
  ];
  age.secrets.grafanaPassword = {
    file = ./password.age;
    owner = "grafana";
  };
  systemd.services.grafana = {
    after = [ "network.target" ];
    requires = [ "network.target" ];
  };
  services.grafana = enabled {
    provision = enabled;
    settings = {
      analytics.reporting_enabled = false;
      database.type = "sqlite3";
      server.domain = fqdn;
      server.http_addr = "::1";
      server.http_port = port;
      users.default_theme = "system";
    };
    settings.security = {
      admin_email = "metrics@${domain}";
      admin_password = "$__file{${config.age.secrets.grafanaPassword.path}}";
      admin_user = "admin";
      cookie_secure = true;
      disable_gravatar = true;
    };
  };
  services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate {
    locations."/" = {
      extraConfig = /* nginx */ ''
        # grafana sets `nosniff` without correct content type so unset the header
        proxy_hide_header X-Content-Type-Options;
      '';
      proxyPass = "http://[::1]:${toString port}";
      proxyWebsockets = true;
    };
  };
}

Insertion in hosts/plum/configuration.nix at line 13 [6.1247]
[2.262]
[7.148]
```
		./grafana
		./grafana/prometheus.nix
```
Insertion in hosts/plum/configuration.nix at line 19 [6.1247]
[7.272]
[6.1407]
```
		(self + /modules/linux/node-exporter.nix)
```

hosts.plum: add grafana and prometheus for monitoring

Dependencies

In channels

Change contents

Insertion in secrets.nix at line 13 [4.1]

File addition: linux (d--x------)

File addition: node-exporter.nix (----------)

File addition: grafana (d--x------)

File addition: prometheus.nix (----------)

File addition: password.age (----------)

File addition: default.nix (----------)

Insertion in hosts/plum/configuration.nix at line 13 [6.1247]

Insertion in hosts/plum/configuration.nix at line 19 [6.1247]