Grafana with authentik

2025-02-21 17:45:18 +01:00 · 2025-02-21 17:45:18 +01:00 · db350e2445
commit db350e2445
parent 1efda446f3
4 changed files with 49 additions and 2 deletions
--- a/hosts/caddy/default.nix
+++ b/hosts/caddy/default.nix
@ -105,7 +105,7 @@ in
      grafana = {
        proxy = {
          enable = true;
-          domain = p.domains.ts;
+          domain = p.domains.public;
          host = p.hosts.metrics;
        };
      };
@ -143,7 +143,7 @@ in
        extraVirtualHosts = [
          {
            subdomain = "h";
-            host = "http://ha.internal:8123";
+            host = "http://${p.hosts.homeassistant}:8123";
            domain = p.domains.public;
          }
        ];
--- a/hosts/metrics/default.nix
+++ b/hosts/metrics/default.nix
@ -7,6 +7,7 @@
 let
  tailscaleMagicDNS = "neon-dory.ts.net";
  defaultNodePort = toString config.services.prometheus.exporters.node.port;
+  p = import ../parameters.nix;
 in
 {

@ -16,6 +17,10 @@ in
      file = ../../secrets/grafana-admin-pwd.age;
      owner = "grafana";
    };
+    grafana-secret-auth = {
+      file = ../../secrets/grafana-secret-auth.age;
+      owner = "grafana";
+    };
  };

  my = {
@ -32,6 +37,12 @@ in
      grafana = {
        enable = true;
        adminPasswordFile = config.age.secrets.grafana-admin-pwd.path;
+        auth = {
+          enable = true;
+          baseUrl = "auth.${p.domains.public}";
+          sectetKeyFile = config.age.secrets.grafana-secret-auth.path;
+        };
+        proxy.domain = p.domains.public;
      };
      prometheus.enable = true;
      loki.enable = true;