{ config, service_configs, lib, ... }: { imports = [ (lib.serviceMountWithZpool "grafana" service_configs.zpool_ssds [ service_configs.grafana.dir ]) (lib.serviceFilePerms "grafana" [ "Z ${service_configs.grafana.dir} 0700 grafana grafana" ]) ]; services.grafana = { enable = true; dataDir = service_configs.grafana.dir; settings = { server = { http_addr = "127.0.0.1"; http_port = service_configs.ports.private.grafana.port; domain = service_configs.grafana.domain; root_url = "https://${service_configs.grafana.domain}"; }; "auth.anonymous" = { enabled = true; org_role = "Admin"; }; "auth.basic".enabled = false; "auth".disable_login_form = true; analytics.reporting_enabled = false; feature_toggles.enable = "dataConnectionsConsole=false"; users.default_theme = "dark"; # Disable unused built-in integrations alerting.enabled = false; "unified_alerting".enabled = false; explore.enabled = false; news.news_feed_enabled = false; plugins = { enable_alpha = false; plugin_admin_enabled = false; }; }; provision = { datasources.settings = { apiVersion = 1; datasources = [ { name = "Prometheus"; type = "prometheus"; url = "http://127.0.0.1:${toString service_configs.ports.private.prometheus.port}"; access = "proxy"; isDefault = true; editable = false; uid = "prometheus"; } ]; }; dashboards.settings.providers = [ { name = "system"; type = "file"; options.path = "/etc/grafana-dashboards"; disableDeletion = true; updateIntervalSeconds = 60; } ]; }; }; services.caddy.virtualHosts."${service_configs.grafana.domain}".extraConfig = '' import ${config.age.secrets.caddy_auth.path} reverse_proxy :${toString service_configs.ports.private.grafana.port} ''; }