From d5b9a7f71b4ff9e73fbc635c81e78cbae81cdd68 Mon Sep 17 00:00:00 2001
From: Kyren223 <Kyren223@proton.me>
Date: Tue, 1 Jul 2025 18:43:41 +0300
Subject: [PATCH] Added grafana

---
 host/configuration.nix   |  1 +
 nixosModules/grafana.nix | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 nixosModules/grafana.nix

diff --git a/host/configuration.nix b/host/configuration.nix
index f0a5885..e8bf703 100644
--- a/host/configuration.nix
+++ b/host/configuration.nix
@@ -12,6 +12,7 @@
     ./../nixosModules/nextcloud.nix
     ./../nixosModules/wakapi.nix
     ./../nixosModules/eko.nix
+    ./../nixosModules/grafana.nix
   ];
 
   boot.loader.grub = {
diff --git a/nixosModules/grafana.nix b/nixosModules/grafana.nix
new file mode 100644
index 0000000..2925e0b
--- /dev/null
+++ b/nixosModules/grafana.nix
@@ -0,0 +1,35 @@
+{ lib, config, ... }: {
+
+  imports = [
+    ./acme.nix
+  ];
+
+  options = {
+    grafana.enable = lib.mkEnableOption "enables grafana";
+  };
+
+  config = lib.mkIf config.grafana.enable {
+    # Open http and https ports to the public
+    networking.firewall.allowedTCPPorts = [ 443 80 ];
+
+    # Make sure acme module is active for the "kyren.codes" ssl cert
+    acme.enable = true;
+
+    services.nginx.virtualHosts."grafana.kyren.codes" = {
+      useACMEHost = "kyren.codes";
+      forceSSL = true;
+      locations."/".proxyPass = "http://localhost:3030/";
+    };
+
+    sops.secrets.gitea-db-password = {
+      owner = config.services.gitea.user;
+    };
+
+    services.grafana = {
+      enable = true;
+      settings.server = {
+        http_port = 3030;
+      };
+    };
+  };
+}