From 91211036d84baa5e15286539ddadbe6b3d6e7b22 Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Sun, 3 Dec 2023 21:48:06 +0100
Subject: Expose Grafana externally

---
 tw/system/files/grafana/metrics-credentials.enc |  9 +++++++++
 tw/system/vin.scm                               | 15 +++++++++++++--
 2 files changed, 22 insertions(+), 2 deletions(-)
 create mode 100644 tw/system/files/grafana/metrics-credentials.enc

(limited to 'tw/system')

diff --git a/tw/system/files/grafana/metrics-credentials.enc b/tw/system/files/grafana/metrics-credentials.enc
new file mode 100644
index 00000000..3e1bf1fe
--- /dev/null
+++ b/tw/system/files/grafana/metrics-credentials.enc
@@ -0,0 +1,9 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9TV0hVQSBxbVk0
+YTUvTnV6TEI3bmRHSTNiNVZIcUc4OEZtVW9PcXNsczZYYjAya1R3ClRLRXFTdjc1
+djl3SXArQlloc1VENktIbUxJTmRmU0E0MzFjcktKR2dsVGcKLS0tIFAzcXY4VEhY
+R3dLZlh6Vzl3VDYxcW8rNTZwNXl5dG1MZUpESnRvNFBtS28KOJgtJ5BkwrdX+93W
+VGoh3vbzeCWdwOGCTqheJ1wgOGyGmCqSI/itWgydfvYdDyXCtusVZPTnn0Q1sonT
+Ag/4jjm0vBM0LTrhHPHvi8SJIevsEjNhF8TJbTBYPJw4iqRl6WR+ZW3CTQbFZNLA
+f/0x4hTgXVf8wvo=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tw/system/vin.scm b/tw/system/vin.scm
index 65870e1f..c3cbc50c 100644
--- a/tw/system/vin.scm
+++ b/tw/system/vin.scm
@@ -3,6 +3,7 @@
   #:use-module (gnu bootloader grub)
   #:use-module (gnu packages databases)
   #:use-module (gnu services admin)    ; unattended-upgrade-service-type
+  #:use-module (gnu services certbot)
   #:use-module (gnu services databases)
   #:use-module (gnu services docker)
   #:use-module (gnu services dbus)
@@ -161,13 +162,19 @@
             (encrypted-file (local-file "files/restic/vin-grafana.enc"))
             (destination "/etc/restic/vin-grafana")
             (user "restic")
-            (group "restic"))))))
+            (group "restic"))
+           (secret
+            ;; Set GF_METRICS_BASIC_AUTH_{USERNAME,PASSWORD} variables.
+            (encrypted-file (local-file "files/grafana/metrics-credentials.enc"))
+            (destination "/etc/grafana/metrics-credentials"))))))
 
       ;; For running the Grafana docker container.
       (service grafana-service-type
         (grafana-configuration
+         (domain "grafana.twilken.net")
          (data-path "/var/lib/grafana")
-         (bind-address (server-wireguard-address host-name))))
+         (bind-address (server-wireguard-address host-name))
+         (metrics-credentials-file "/etc/grafana/metrics-credentials")))
       (service docker-service-type)     ; required by `grafana-service-type'
       (service dbus-root-service-type)  ; required by `docker-service-type'
       (service elogind-service-type)    ; required by `docker-service-type'
@@ -191,6 +198,10 @@
                (keep-daily 30)
                (keep-monthly -1))))
 
+      (service certbot-service-type
+        (certbot-configuration
+         (email "letsencrypt@twilken.net")))
+
       ;; Personal statistics exporter: stores hledger data (and soon location
       ;; data?) in Postgres for Grafana to read.
       (service syncthing-service-type
-- 
cgit v1.2.3