{ self, lib, ... }: { flake.machines.tharos = { nixos = { config, ... }: let grafana = { domain = config.services.grafana.settings.server.domain; port = config.services.grafana.settings.server.http_port; database = config.services.grafana.settings.database; }; in { services.grafana = { enable = true; openFirewall = true; settings = { server = { domain = "grafana.${self.domain}"; root_url = "https://${grafana.domain}"; }; database = { type = "postgres"; user = grafana.database.name; host = let nextcloud = config.services.nextcloud; in lib.mkIf nextcloud.enable nextcloud.config.dbhost; }; security = { disable_initial_admin_creation = true; }; "auth.anonymous" = { enabled = true; org_role = "Viewer"; }; }; }; services.postgresql = { enable = true; ensureDatabases = [ grafana.database.name ]; ensureUsers = [ { name = grafana.database.user; ensureDBOwnership = true; } ]; }; services.caddy = { virtualHosts.${grafana.domain}.extraConfig = '' reverse_proxy http://localhost:${toString grafana.port} ''; }; }; vm = { pkgs, config, ... }: let grafana = { domain = config.services.grafana.settings.server.domain; port = config.services.grafana.settings.server.http_port; }; in { services.grafana = { settings.server = { domain = lib.mkForce "grafana.localhost"; root_url = lib.mkForce "http://${grafana.domain}:${toString grafana.port}"; }; }; services.caddy.virtualHosts = { "http://${grafana.domain}:${toString config.virtualisation.exposedPorts.http.port}".extraConfig = config.services.caddy.virtualHosts.${grafana.domain}.extraConfig; }; services.getty.helpLine = lib.mkBefore '' Grafana: http://${grafana.domain}:${ with config.virtualisation; toString (portOffset + exposedPorts.http.port) } ''; }; }; }