foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-14 12:19:00 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

hosts/plover: update Grafana and PostgreSQL integration

Browse Source
This commit is contained in:
Gabriel Arazas 2023-10-14 11:01:57 +08:00
parent 7430d992f2
commit 9527896251
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
hosts/plover/modules/services/grafana.nix
View File

@ -2,6 +2,9 @@
let let
monitoringDomain = "monitoring.${config.networking.domain}"; monitoringDomain = "monitoring.${config.networking.domain}";
grafanaDatabaseUser = config.services.grafana.settings.database.user;
grafanaDatabaseName = config.services.grafana.settings.database.name;
authDomain = "auth.${config.networking.domain}"; authDomain = "auth.${config.networking.domain}";
authSubpath = path: "${authDomain}/${path}"; authSubpath = path: "${authDomain}/${path}";
@ -129,16 +132,26 @@ in
systemd.services.grafana = { systemd.services.grafana = {
preStart = preStart =
let let
grafanaDatabaseUser = config.services.grafana.settings.database.user;
psql = lib.getExe' config.services.postgresql.package "psql"; psql = lib.getExe' config.services.postgresql.package "psql";
in in
lib.mkBefore '' lib.mkBefore ''
# Setting up the appropriate schema for PostgreSQL secure schema usage. # Setting up the appropriate schema for PostgreSQL secure schema usage.
${psql} -tAc "SELECT 1 FROM information_schema.schemata WHERE schema_name='${grafanaDatabaseUser}';" \ ${psql} -tAc "CREATE SCHEMA IF NOT EXISTS AUTHORIZATION ${grafanaDatabaseUser};"
grep -q 1 || ${psql} -tAc "CREATE SCHEMA IF NOT EXISTS AUTHORIZATION ${grafanaDatabaseUser};"
''; '';
}; };
# Setting up PostgreSQL with secure schema.
services.postgresql = {
ensureDatabases = [ grafanaDatabaseName ];
ensureUsers = [{
name = grafanaDatabaseName;
ensurePermissions = {
"DATABASE ${grafanaDatabaseName}" = "ALL PRIVILEGES";
"SCHEMA ${grafanaDatabaseUser}" = "ALL PRIVILEGES";
};
}];
};
sops.secrets = sops.secrets =
let let
grafanaFileAttributes = { grafanaFileAttributes = {