diff --git a/hosts/idols-aquamarine/grafana/dashboards.nix b/hosts/idols-aquamarine/grafana/dashboards.nix new file mode 100644 index 00000000..63d4c729 --- /dev/null +++ b/hosts/idols-aquamarine/grafana/dashboards.nix @@ -0,0 +1,37 @@ +{ + + # Declaratively provision Grafana's data sources, dashboards, and alerting rules. + # Grafana's alerting rules is not recommended to use, we use Prometheus alertmanager instead. + # https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources + services.grafana.provision.dashboards.settings = { + apiVersion = 1; + + providers = [ + { + # an unique provider name. Required + name = "Homelab"; + # An organization is an entity that helps you isolate users and resources such as dashboards, + # annotations, and data sources from each other. + # + # Org id. Default to 1 + # + # If you want to customize this id, you need to create the organizations first. + orgId = 1; + # provider type. Default to 'file' + type = "file"; + # disable dashboard deletion + disableDeletion = true; + # how often Grafana will scan for changed dashboards + updateIntervalSeconds = 20; + # allow updating provisioned dashboards from the UI + allowUiUpdates = false; + options = { + # path to dashboard files on disk. Required when using the 'file' type + path = "/etc/grafana/dashboards/"; + # use folder names from filesystem to create folders in Grafana + foldersFromFilesStructure = true; + }; + } + ]; + }; +} diff --git a/hosts/idols-aquamarine/grafana/dashboards.yml b/hosts/idols-aquamarine/grafana/dashboards.yml deleted file mode 100644 index 673fafd3..00000000 --- a/hosts/idols-aquamarine/grafana/dashboards.yml +++ /dev/null @@ -1,26 +0,0 @@ -# https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards -apiVersion: 1 - -providers: - # an unique provider name. Required - - name: "Homelab" - # An organization is an entity that helps you isolate users and resources such as dashboards, - # annotations, and data sources from each other. - # - # Org id. Default to 1 - # - # If you want to customize this id, you need to create the organizations first. - orgId: 1 - # provider type. Default to 'file' - type: file - # disable dashboard deletion - disableDeletion: true - # how often Grafana will scan for changed dashboards - updateIntervalSeconds: 20 - # allow updating provisioned dashboards from the UI - allowUiUpdates: false - options: - # path to dashboard files on disk. Required when using the 'file' type - path: /etc/grafana/dashboards/ - # use folder names from filesystem to create folders in Grafana - foldersFromFilesStructure: true diff --git a/hosts/idols-aquamarine/grafana/datasources.nix b/hosts/idols-aquamarine/grafana/datasources.nix new file mode 100644 index 00000000..2f70fc19 --- /dev/null +++ b/hosts/idols-aquamarine/grafana/datasources.nix @@ -0,0 +1,124 @@ +{ config, ... }: +{ + + # Declaratively provision Grafana's data sources, dashboards, and alerting rules. + # Grafana's alerting rules is not recommended to use, we use Prometheus alertmanager instead. + # https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources + services.grafana.provision.datasources.settings = { + apiVersion = 1; + + # List of data sources to delete from the database. + deleteDatasources = [ + { + name = "Loki"; + orgId = 1; + } + ]; + + # Mark provisioned data sources for deletion if they are no longer in a provisioning file. + # It takes no effect if data sources are already listed in the deleteDatasources section. + prune = true; + + datasources = [ + { + # https://grafana.com/docs/grafana/latest/datasources/prometheus/configure/ + name = "prometheus-homelab"; + type = "prometheus"; + access = "proxy"; + # Access mode - proxy (server in the UI) or direct (browser in the UI). + url = "http://localhost:9090"; + jsonData = { + httpMethod = "POST"; + manageAlerts = true; + timeInterval = "15s"; + queryTimeout = "90s"; + prometheusType = "Prometheus"; + cacheLevel = "High"; + disableRecordingRules = false; + # As of Grafana 10 the Prometheus data source can be configured to query live dashboards + # incrementally instead of re-querying the entire duration on each dashboard refresh. + # Increasing the duration of the incrementalQueryOverlapWindow will increase the size of every incremental query + # but might be helpful for instances that have inconsistent results for recent data. + incrementalQueryOverlapWindow = "10m"; + }; + editable = false; + } + { + # The VictoriaMetrics plugin includes more native VM functionality. + name = "victoriametrics-homelab"; + type = "victoriametrics-metrics-datasource"; + access = "proxy"; + url = "http://localhost:9090"; + # url: http://vmselect:8481/select/0/prometheus # cluster version + jsonData = { + httpMethod = "POST"; + manageAlerts = true; + timeInterval = "15s"; + queryTimeout = "90s"; + disableMetricsLookup = false; # enable this for metrics autocomplete + vmuiUrl = "https://prometheus.writefor.fun/vmui/"; + }; + isDefault = true; + editable = false; + } + { + # https://grafana.com/docs/grafana/latest/datasources/loki/configure-loki-data-source/ + name = "loki-k3s-test-1"; + type = "loki"; + access = "proxy"; + url = "https://loki-gateway.writefor.fun"; + jsonData = { + timeout = 30; + maxLines = 1000; + httpHeaderName1 = "X-Scope-OrgID"; + }; + secureJsonData = { + httpHeaderValue1 = "fake"; + }; + editable = false; + } + { + name = "alertmanager-homelab"; + type = "alertmanager"; + url = "http://localhost:9093"; + access = "proxy"; + jsonData = { + implementation = "prometheus"; + handleGrafanaManagedAlerts = false; + }; + editable = false; + } + { + # https://grafana.com/docs/grafana/latest/datasources/postgres/configure/ + name = "postgres-playground"; + type = "postgres"; + url = "postgres.writefor.fun:5432"; + user = "playground"; + secureJsonData = { + password = "$__file{${config.age.secrets."grafana-admin-password".path}}"; + }; + jsonData = { + database = "playground"; + sslmode = "verify-full"; # disable/require/verify-ca/verify-full + maxOpenConns = 50; + maxIdleConns = 250; + maxIdleConnsAuto = true; + connMaxLifetime = 14400; + timeInterval = "1m"; + timescaledb = false; + postgresVersion = 1500; # 15.xx + # tls + tlsConfigurationMethod = "file-path"; + sslRootCertFile = ../../../certs/ecc-ca.crt; + }; + editable = false; + } + { + name = "infinity-dataviewer"; + type = "yesoreyeram-infinity-datasource"; + editable = false; + } + ]; + + }; +} diff --git a/hosts/idols-aquamarine/grafana/datasources.yml b/hosts/idols-aquamarine/grafana/datasources.yml deleted file mode 100644 index 70eeb0b7..00000000 --- a/hosts/idols-aquamarine/grafana/datasources.yml +++ /dev/null @@ -1,45 +0,0 @@ -# https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources -apiVersion: 1 - -# List of data sources to delete from the database. -deleteDatasources: - - name: Loki - orgId: 1 - -# Mark provisioned data sources for deletion if they are no longer in a provisioning file. -# It takes no effect if data sources are already listed in the deleteDatasources section. -prune: true - -datasources: - # https://grafana.com/docs/grafana/latest/datasources/prometheus/ - - name: prometheus-homelab - type: prometheus - access: proxy - # Access mode - proxy (server in the UI) or direct (browser in the UI). - url: http://localhost:9090 - jsonData: - httpMethod: POST - manageAlerts: true - prometheusType: Prometheus - prometheusVersion: 2.49.0 - cacheLevel: "High" - disableRecordingRules: false - # As of Grafana 10, the Prometheus data source can be configured to query live dashboards - # incrementally, instead of re-querying the entire duration on each dashboard refresh. - # Increasing the duration of the incrementalQueryOverlapWindow will increase the size of every incremental query, - # but might be helpful for instances that have inconsistent results for recent data. - incrementalQueryOverlapWindow: 10m - isDefault: true - editable: false - # https://grafana.com/docs/grafana/latest/datasources/loki/ - - name: loki-k3s-test-1 - type: loki - access: proxy - url: https://loki-gateway.writefor.fun - jsonData: - timeout: 30 - maxLines: 1000 - httpHeaderName1: "X-Scope-OrgID" - secureJsonData: - httpHeaderValue1: "fake" - editable: false diff --git a/hosts/idols-aquamarine/grafana/default.nix b/hosts/idols-aquamarine/grafana/default.nix index 8af1bf72..f869c8f8 100644 --- a/hosts/idols-aquamarine/grafana/default.nix +++ b/hosts/idols-aquamarine/grafana/default.nix @@ -5,10 +5,16 @@ ... }: { + + imports = [ + ./dashboards.nix + ./datasources.nix + ]; + services.grafana = { enable = true; dataDir = "/data/apps/grafana"; - # DeclarativePlugins = with pkgs.grafanaPlugins; [ grafana-piechart-panel ]; + provision.enable = true; settings = { server = { http_addr = "127.0.0.1"; @@ -41,15 +47,6 @@ }; }; - # Declaratively provision Grafana's data sources, dashboards, and alerting rules. - # Grafana's alerting rules is not recommended to use, we use Prometheus alertmanager instead. - # https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources - provision = { - enable = true; - datasources.path = ./datasources.yml; - dashboards.path = ./dashboards.yml; - }; - # https://github.com/NixOS/nixpkgs/tree/master/pkgs/servers/monitoring/grafana/plugins declarativePlugins = with pkgs.grafanaPlugins; [ # https://github.com/VictoriaMetrics/victoriametrics-datasource diff --git a/hosts/idols-aquamarine/postgresql.nix b/hosts/idols-aquamarine/postgresql.nix index 499a5e3d..138bb97b 100644 --- a/hosts/idols-aquamarine/postgresql.nix +++ b/hosts/idols-aquamarine/postgresql.nix @@ -35,23 +35,11 @@ in # Ensures that the specified databases exist. ensureDatabases = [ - "mytestdb" # for testing - "juicefs" - # openobserve for every k8s clusters - "o2_k3s_test_1" - "o2_k3s_prod_1" + "playground" # for testing ]; ensureUsers = [ { - name = "o2_k3s_test_1"; - ensureDBOwnership = true; - } - { - name = "o2_k3s_prod_1"; - ensureDBOwnership = true; - } - { - name = "juicefs"; + name = "playground"; ensureDBOwnership = true; } ]; @@ -94,9 +82,10 @@ in huge_pages = "try"; }; - # allow root & myself can login via `psql -U postgres` without other aauthentication + # Map the systemUser to the DBUser + # allow root & myself to log in via psql -U postgres without any additional authentication. identMap = '' - # ArbitraryMapName systemUser DBUser + # ArbitraryMapName systemUser DBUser superuser_map root postgres superuser_map postgres postgres superuser_map postgres-exporter postgres @@ -115,6 +104,7 @@ in host all all 127.0.0.1/32 trust # IPv6 local connections: host all all ::1/128 trust + # Allow replication connections from localhost, by a user with the # replication privilege. local replication all trust