{ inputs, secrets, config, lib, pkgs, ... }: { age.secrets.grafanaInfluxTokenMqttData = { file = secrets.briefkasten.influx.grafanaTokenMqttData; owner = "grafana"; }; dns.zones."ctu.cx".subdomains.grafana.CNAME = [ "${config.networking.fqdn}." ]; systemd.services.grafana.onFailure = [ "email-notify@%i.service" ]; services.grafana = { enable = true; settings = { server = { domain = "grafana.ctu.cx"; root_url = "https://${config.services.grafana.settings.server.domain}/"; http_addr = "::1"; http_port = 3001; }; security.allow_embedding = true; "users".auto_assign_org_role = "Viewer"; # "users".viewers_can_edit = true; "users".home_page = "/d/FRDYqjEGz/smarthome-influx"; "auth".disable_login_form = true; "auth.basic".enabled = false; "auth.anonymous".enabled = true; "auth.anonymous".org_name = "Main Org."; "auth.anonymous".org_role = "Viewer"; }; provision = { enable = true; datasources.settings.datasources = [ { name = "Prometheus"; type = "prometheus"; url = "https://prometheus.ctu.cx/"; isDefault = true; editable = false; jsonData.timeInterval = "20s"; } { name = "InfluxDB (mqttData)"; type = "influxdb"; url = "https://influx.home.ctu.cx"; orgId = 1; database = "mqttData"; editable = false; jsonData.version = "Flux"; jsonData.organization = "katja"; jsonData.defaultBucket = "mqttData"; secureJsonData.token = "$__file{${config.age.secrets.grafanaInfluxTokenMqttData.path}}"; } ]; dashboards.settings.providers = [{ folder = "provisioned"; options.path = ./dashboards; }]; }; }; services.nginx = { enable = true; virtualHosts."${config.services.grafana.settings.server.domain}" = { useACMEHost = "${config.networking.fqdn}"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://[::1]:${toString config.services.grafana.settings.server.http_port}/"; }; }; }