refactor: grafana - add more datasources, rewrite in nix

2026-01-11 22:30:25 +01:00 · 2025-09-26 22:07:52 +08:00
parent 935a1dccda
commit 7885d10e29
6 changed files with 174 additions and 97 deletions
--- a/hosts/idols-aquamarine/grafana/dashboards.nix
+++ b/hosts/idols-aquamarine/grafana/dashboards.nix
@@ -0,0 +1,37 @@
+{
+
+  # Declaratively provision Grafana's data sources, dashboards, and alerting rules.
+  # Grafana's alerting rules is not recommended to use, we use Prometheus alertmanager instead.
+  # https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources
+  services.grafana.provision.dashboards.settings = {
+    apiVersion = 1;
+
+    providers = [
+      {
+        # <string> an unique provider name. Required
+        name = "Homelab";
+        # An organization is an entity that helps you isolate users and resources such as dashboards,
+        # annotations, and data sources from each other.
+        #
+        # <int> Org id. Default to 1
+        #
+        # If you want to customize this id, you need to create the organizations first.
+        orgId = 1;
+        # <string> provider type. Default to 'file'
+        type = "file";
+        # <bool> disable dashboard deletion
+        disableDeletion = true;
+        # <int> how often Grafana will scan for changed dashboards
+        updateIntervalSeconds = 20;
+        # <bool> allow updating provisioned dashboards from the UI
+        allowUiUpdates = false;
+        options = {
+          # <string, required> path to dashboard files on disk. Required when using the 'file' type
+          path = "/etc/grafana/dashboards/";
+          # <bool> use folder names from filesystem to create folders in Grafana
+          foldersFromFilesStructure = true;
+        };
+      }
+    ];
+  };
+}
--- a/hosts/idols-aquamarine/grafana/dashboards.yml
+++ b/hosts/idols-aquamarine/grafana/dashboards.yml
@@ -1,26 +0,0 @@
-# https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards
-apiVersion: 1
-
-providers:
-  # <string> an unique provider name. Required
-  - name: "Homelab"
-    # An organization is an entity that helps you isolate users and resources such as dashboards,
-    # annotations, and data sources from each other.
-    #
-    # <int> Org id. Default to 1
-    #
-    # If you want to customize this id, you need to create the organizations first.
-    orgId: 1
-    # <string> provider type. Default to 'file'
-    type: file
-    # <bool> disable dashboard deletion
-    disableDeletion: true
-    # <int> how often Grafana will scan for changed dashboards
-    updateIntervalSeconds: 20
-    # <bool> allow updating provisioned dashboards from the UI
-    allowUiUpdates: false
-    options:
-      # <string, required> path to dashboard files on disk. Required when using the 'file' type
-      path: /etc/grafana/dashboards/
-      # <bool> use folder names from filesystem to create folders in Grafana
-      foldersFromFilesStructure: true
--- a/hosts/idols-aquamarine/grafana/datasources.nix
+++ b/hosts/idols-aquamarine/grafana/datasources.nix
@@ -0,0 +1,124 @@
+{ config, ... }:
+{
+
+  # Declaratively provision Grafana's data sources, dashboards, and alerting rules.
+  # Grafana's alerting rules is not recommended to use, we use Prometheus alertmanager instead.
+  # https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources
+  services.grafana.provision.datasources.settings = {
+    apiVersion = 1;
+
+    # List of data sources to delete from the database.
+    deleteDatasources = [
+      {
+        name = "Loki";
+        orgId = 1;
+      }
+    ];
+
+    # Mark provisioned data sources for deletion if they are no longer in a provisioning file.
+    # It takes no effect if data sources are already listed in the deleteDatasources section.
+    prune = true;
+
+    datasources = [
+      {
+        # https://grafana.com/docs/grafana/latest/datasources/prometheus/configure/
+        name = "prometheus-homelab";
+        type = "prometheus";
+        access = "proxy";
+        # Access mode - proxy (server in the UI) or direct (browser in the UI).
+        url = "http://localhost:9090";
+        jsonData = {
+          httpMethod = "POST";
+          manageAlerts = true;
+          timeInterval = "15s";
+          queryTimeout = "90s";
+          prometheusType = "Prometheus";
+          cacheLevel = "High";
+          disableRecordingRules = false;
+          # As of Grafana 10 the Prometheus data source can be configured to query live dashboards
+          # incrementally instead of re-querying the entire duration on each dashboard refresh.
+          # Increasing the duration of the incrementalQueryOverlapWindow will increase the size of every incremental query
+          # but might be helpful for instances that have inconsistent results for recent data.
+          incrementalQueryOverlapWindow = "10m";
+        };
+        editable = false;
+      }
+      {
+        # The VictoriaMetrics plugin includes more native VM functionality.
+        name = "victoriametrics-homelab";
+        type = "victoriametrics-metrics-datasource";
+        access = "proxy";
+        url = "http://localhost:9090";
+        # url: http://vmselect:8481/select/0/prometheus  # cluster version
+        jsonData = {
+          httpMethod = "POST";
+          manageAlerts = true;
+          timeInterval = "15s";
+          queryTimeout = "90s";
+          disableMetricsLookup = false; # enable this for metrics autocomplete
+          vmuiUrl = "https://prometheus.writefor.fun/vmui/";
+        };
+        isDefault = true;
+        editable = false;
+      }
+      {
+        # https://grafana.com/docs/grafana/latest/datasources/loki/configure-loki-data-source/
+        name = "loki-k3s-test-1";
+        type = "loki";
+        access = "proxy";
+        url = "https://loki-gateway.writefor.fun";
+        jsonData = {
+          timeout = 30;
+          maxLines = 1000;
+          httpHeaderName1 = "X-Scope-OrgID";
+        };
+        secureJsonData = {
+          httpHeaderValue1 = "fake";
+        };
+        editable = false;
+      }
+      {
+        name = "alertmanager-homelab";
+        type = "alertmanager";
+        url = "http://localhost:9093";
+        access = "proxy";
+        jsonData = {
+          implementation = "prometheus";
+          handleGrafanaManagedAlerts = false;
+        };
+        editable = false;
+      }
+      {
+        # https://grafana.com/docs/grafana/latest/datasources/postgres/configure/
+        name = "postgres-playground";
+        type = "postgres";
+        url = "postgres.writefor.fun:5432";
+        user = "playground";
+        secureJsonData = {
+          password = "$__file{${config.age.secrets."grafana-admin-password".path}}";
+        };
+        jsonData = {
+          database = "playground";
+          sslmode = "verify-full"; # disable/require/verify-ca/verify-full
+          maxOpenConns = 50;
+          maxIdleConns = 250;
+          maxIdleConnsAuto = true;
+          connMaxLifetime = 14400;
+          timeInterval = "1m";
+          timescaledb = false;
+          postgresVersion = 1500; # 15.xx
+          # tls
+          tlsConfigurationMethod = "file-path";
+          sslRootCertFile = ../../../certs/ecc-ca.crt;
+        };
+        editable = false;
+      }
+      {
+        name = "infinity-dataviewer";
+        type = "yesoreyeram-infinity-datasource";
+        editable = false;
+      }
+    ];
+
+  };
+}
--- a/hosts/idols-aquamarine/grafana/datasources.yml
+++ b/hosts/idols-aquamarine/grafana/datasources.yml
@@ -1,45 +0,0 @@
-# https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources
-apiVersion: 1
-
-# List of data sources to delete from the database.
-deleteDatasources:
-  - name: Loki
-    orgId: 1
-
-# Mark provisioned data sources for deletion if they are no longer in a provisioning file.
-# It takes no effect if data sources are already listed in the deleteDatasources section.
-prune: true
-
-datasources:
-  # https://grafana.com/docs/grafana/latest/datasources/prometheus/
-  - name: prometheus-homelab
-    type: prometheus
-    access: proxy
-    # Access mode - proxy (server in the UI) or direct (browser in the UI).
-    url: http://localhost:9090
-    jsonData:
-      httpMethod: POST
-      manageAlerts: true
-      prometheusType: Prometheus
-      prometheusVersion: 2.49.0
-      cacheLevel: "High"
-      disableRecordingRules: false
-      # As of Grafana 10, the Prometheus data source can be configured to query live dashboards
-      # incrementally, instead of re-querying the entire duration on each dashboard refresh.
-      # Increasing the duration of the incrementalQueryOverlapWindow will increase the size of every incremental query,
-      # but might be helpful for instances that have inconsistent results for recent data.
-      incrementalQueryOverlapWindow: 10m
-    isDefault: true
-    editable: false
-  # https://grafana.com/docs/grafana/latest/datasources/loki/
-  - name: loki-k3s-test-1
-    type: loki
-    access: proxy
-    url: https://loki-gateway.writefor.fun
-    jsonData:
-      timeout: 30
-      maxLines: 1000
-      httpHeaderName1: "X-Scope-OrgID"
-    secureJsonData:
-      httpHeaderValue1: "fake"
-    editable: false
--- a/hosts/idols-aquamarine/grafana/default.nix
+++ b/hosts/idols-aquamarine/grafana/default.nix
@@ -5,10 +5,16 @@
  ...
 }:
 {
+
+  imports = [
+    ./dashboards.nix
+    ./datasources.nix
+  ];
+
  services.grafana = {
    enable = true;
    dataDir = "/data/apps/grafana";
-    # DeclarativePlugins = with pkgs.grafanaPlugins; [ grafana-piechart-panel ];
+    provision.enable = true;
    settings = {
      server = {
        http_addr = "127.0.0.1";
@@ -41,15 +47,6 @@
      };
    };

-    # Declaratively provision Grafana's data sources, dashboards, and alerting rules.
-    # Grafana's alerting rules is not recommended to use, we use Prometheus alertmanager instead.
-    # https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources
-    provision = {
-      enable = true;
-      datasources.path = ./datasources.yml;
-      dashboards.path = ./dashboards.yml;
-    };
-
    # https://github.com/NixOS/nixpkgs/tree/master/pkgs/servers/monitoring/grafana/plugins
    declarativePlugins = with pkgs.grafanaPlugins; [
      # https://github.com/VictoriaMetrics/victoriametrics-datasource
--- a/hosts/idols-aquamarine/postgresql.nix
+++ b/hosts/idols-aquamarine/postgresql.nix
@@ -35,23 +35,11 @@ in

    # Ensures that the specified databases exist.
    ensureDatabases = [
-      "mytestdb" # for testing
-      "juicefs"
-      # openobserve for every k8s clusters
-      "o2_k3s_test_1"
-      "o2_k3s_prod_1"
+      "playground" # for testing
    ];
    ensureUsers = [
      {
-        name = "o2_k3s_test_1";
-        ensureDBOwnership = true;
-      }
-      {
-        name = "o2_k3s_prod_1";
-        ensureDBOwnership = true;
-      }
-      {
-        name = "juicefs";
+        name = "playground";
        ensureDBOwnership = true;
      }
    ];
@@ -94,9 +82,10 @@ in
      huge_pages = "try";
    };

-    # allow root & myself can login via `psql -U postgres` without other aauthentication
+    # Map the systemUser to the DBUser
+    # allow root & myself to log in via psql -U postgres without any additional authentication.
    identMap = ''
-      # ArbitraryMapName systemUser DBUser
+      # ArbitraryMapName systemUser          DBUser
      superuser_map      root                postgres
      superuser_map      postgres            postgres
      superuser_map      postgres-exporter   postgres
@@ -115,6 +104,7 @@ in
      host    all             all             127.0.0.1/32            trust
      # IPv6 local connections:
      host    all             all             ::1/128                 trust
+
      # Allow replication connections from localhost, by a user with the
      # replication privilege.
      local   replication     all                                     trust