diff options
| author | Timo Wilken | 2023-12-03 21:48:06 +0100 |
|---|---|---|
| committer | Timo Wilken | 2023-12-13 19:39:32 +0100 |
| commit | 91211036d84baa5e15286539ddadbe6b3d6e7b22 (patch) | |
| tree | 0511988d8fb40648ede92a086a251b5519a3ccfa /tw/services | |
| parent | 5be8cd1a02ef562a9a8ee251d3cc401585dd3491 (diff) | |
Expose Grafana externally
Diffstat (limited to 'tw/services')
| -rw-r--r-- | tw/services/grafana.scm | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/tw/services/grafana.scm b/tw/services/grafana.scm index 6555ba62..a796ba19 100644 --- a/tw/services/grafana.scm +++ b/tw/services/grafana.scm @@ -6,22 +6,31 @@ #:use-module (gnu services configuration) #:use-module (gnu services databases) #:use-module (gnu services shepherd) + #:use-module (guix records) + #:use-module (tw services web) #:export (grafana-service-type grafana-configuration)) ;; TODO: Mimir for long-term Prometheus metrics storage? ;; TODO: Store Grafana data in Postgres instead of SQLite? -;; TODO: Back up /var/lib/grafana, especially grafana.db (define %grafana-user "grafana") (define %grafana-uid 472) ; to match container -;; TODO: reverse proxy to make it accessible at http://vin.wg/grafana? (define-configuration/no-serialization grafana-configuration + ;; TODO: update to 10.2.2 + ;; https://hub.docker.com/r/grafana/grafana-oss/tags (container (string "docker.io/grafana/grafana-oss:9.5.2") "Container image to run.") + (domain (string "localhost") "The external domain which will resolve to this +Grafana instance.") (bind-address (string "0.0.0.0") "The host IP to bind to.") (host-port (integer 3000) "The port to bind to on the host.") - (data-path (string "/var/lib/grafana") "The path to store data in, on the host.")) + (data-path (string "/var/lib/grafana") "The path to store data in, on the host.") + (metrics-credentials-file (string "/etc/grafana/metrics-credentials") "The +file name containing the user name and password to use for basic +authentication to Grafana's metrics endpoint. These are specified as the +GF_METRICS_BASIC_AUTH_USERNAME and GF_METRICS_BASIC_AUTH_PASSWORD environment +variables.")) (define (grafana-accounts config) (list (user-account @@ -43,6 +52,7 @@ (list #$(file-append docker-cli "/bin/docker") "run" "--rm" "--network=host" "--name" "grafana" "--user" '#$%grafana-user "-v" '#$(format #f "~a:/var/lib/grafana" (grafana-configuration-data-path config)) + "--env-file" '#$(grafana-configuration-metrics-credentials-file config) ;; https://grafana.com/docs/grafana/latest/setup-grafana/configure-docker/ "-e" "GF_SERVER_PROTOCOL=http" ; use Wireguard for encryption "-e" '#$(format #f "GF_SERVER_HTTP_ADDR=~a" (grafana-configuration-bind-address config)) @@ -58,11 +68,23 @@ '#$(grafana-configuration-container config)))) (stop #~(make-kill-destructor))))) +(define (grafana-reverse-proxy config) + (match-record config <grafana-configuration> (domain bind-address host-port) + (if (string=? domain "localhost") (list) + (list (https-reverse-proxy-configuration + (domains (list domain)) + (destination-port host-port) + (destination-ip + (if (string=? bind-address "0.0.0.0") + "127.0.0.1" + bind-address))))))) + (define grafana-service-type (service-type (name 'grafana) (extensions (list (service-extension shepherd-root-service-type grafana-shepherd-service) - (service-extension account-service-type grafana-accounts))) + (service-extension account-service-type grafana-accounts) + (service-extension https-reverse-proxy-service-type grafana-reverse-proxy))) (default-value (grafana-configuration)) (description "Grafana server, running under Docker."))) |