From a1c4c7cf077d8abea3b04a98efe03ced7131bf1c Mon Sep 17 00:00:00 2001
From: Henry-Hiles <henry@henryhiles.com>
Date: Wed, 29 Oct 2025 12:36:48 -0400
Subject: [PATCH] add grafana stuff

---
 clients/quadraticserver/stats/grafana.nix    | 58 ++++++++++++++++++++
 clients/quadraticserver/stats/prometheus.nix | 48 ++++++++++++++++
 secrets/grafanaPassword.age                  |  9 +++
 secrets/grafanaSecret.age                    |  9 +++
 4 files changed, 124 insertions(+)
 create mode 100644 clients/quadraticserver/stats/grafana.nix
 create mode 100644 clients/quadraticserver/stats/prometheus.nix
 create mode 100644 secrets/grafanaPassword.age
 create mode 100644 secrets/grafanaSecret.age

diff --git a/clients/quadraticserver/stats/grafana.nix b/clients/quadraticserver/stats/grafana.nix
new file mode 100644
index 0000000..8f13664
--- /dev/null
+++ b/clients/quadraticserver/stats/grafana.nix
@@ -0,0 +1,58 @@
+{ config, pkgs, ... }:
+{
+  services =
+    let
+      domain = "status.federated.nexus";
+    in
+    {
+      grafana = {
+        enable = true;
+        declarativePlugins = [ ];
+        settings = {
+          analytics.feedback_links_enabled = false;
+          server = {
+            inherit domain;
+            protocol = "socket";
+
+            enable_gzip = true;
+          };
+
+          security = {
+            cookie_secure = true;
+            secret_key = "$__file{${config.age.secrets."grafanaSecret.age".path}}";
+
+            admin_user = "quadradical";
+            admin_password = "$__file{${config.age.secrets."grafanaPassword.age".path}}";
+          };
+        };
+
+        provision = {
+          enable = true;
+          datasources.settings.datasources = [
+            {
+              name = "Prometheus";
+              type = "prometheus";
+              url = with config.services.prometheus; "http://${listenAddress}:${toString port}";
+              jsonData = {
+                timeInterval = config.services.prometheus.globalConfig.scrape_interval;
+              };
+            }
+          ];
+
+          dashboards.settings.providers = [
+            {
+              name = "Node exporter";
+              options.path = pkgs.fetchurl {
+                name = "dashboard-node-exporter-full.json";
+                url = "https://grafana.com/api/dashboards/1860/revisions/42/download";
+                hash = "";
+              };
+            }
+          ];
+        };
+      };
+      caddy.virtualHosts."${domain}".extraConfig =
+        "reverse_proxy unix/${config.services.grafana.settings.server.socket}";
+    };
+  users.users.grafana = "caddy";
+}
diff --git a/clients/quadraticserver/stats/prometheus.nix b/clients/quadraticserver/stats/prometheus.nix
new file mode 100644
index 0000000..758ef73
--- /dev/null
+++ b/clients/quadraticserver/stats/prometheus.nix
@@ -0,0 +1,48 @@
+{ config, ... }:
+{
+  services.prometheus = {
+    enable = true;
+    listenAddress = "127.0.0.7";
+
+    globalConfig.scrape_interval = "10s";
+    scrapeConfigs = [
+      {
+        job_name = "node";
+        static_configs = [
+          {
+            targets = with config.services.prometheus.exporters.node; [
+              "${toStringlistenAddress}:${toString port}"
+            ];
+          }
+        ];
+      }
+    ];
+
+    exporters.node = {
+      enable = true;
+      listenAddress = "127.0.0.3";
+      enabledCollectors = [
+        "systemd"
+        "processes"
+      ];
+      # disabledCollectors = [
+      #   "arp"
+      #   "bcache"
+      #   "bonding"
+      #   "btrfs"
+      #   "conntrack"
+      #   "dmi"
+      #   "edac"
+      #   "entropy"
+      #   "exec"
+      #   "fibrechannel"
+      #   "filefd"
+      #   "hwmon"
+      #   "infiniband"
+      #   "ipvs"
+      #   "mdadm"
+      #   "netclass"
+      # ];
+    };
+  };
+}
diff --git a/secrets/grafanaPassword.age b/secrets/grafanaPassword.age
new file mode 100644
index 0000000..de88ace
--- /dev/null
+++ b/secrets/grafanaPassword.age
@@ -0,0 +1,9 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBKYWsr
+NStMaThHNXhaZmwzR1EwSmRrYkc2N20wWHdQQ3ZYQ1BNaHhCY2lBCmpNcHZIemNO
+UWJNdkJ3YlM4WU9sem14S1R2dXA1TFFJajVxcDN3cTgwNlUKLT4gOjY6dV1dYS1n
+cmVhc2UKSzV2MHAvdjg1REFNNlpqTXVvZlZkUDFyL2MxMEFQT2F1RHhZNHJxZ295
+UFZRbkkwYWJ3T0pGSjFwb2s0MHFTawo2SUpzeHBKRmh6TU55VTVLajVFZ2EwNXhX
+c0xVCi0tLSBDblh3S3hwdXRLSlE3SDlFTUxpendxSVFqdnhkMDMwTWp6bHhvalk3
+UHJzCh70zjx0fVGafTYt31Fb7lkZFHgqO2bYnlEMFsofvKFak3qjPvVnTi54G2nG
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/grafanaSecret.age b/secrets/grafanaSecret.age
new file mode 100644
index 0000000..d3451b6
--- /dev/null
+++ b/secrets/grafanaSecret.age
@@ -0,0 +1,9 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSAwZVh6
+QXdNeVF4N1dmVVJPbUxHQTdXc2g5Z09WRWF2TXpHQVF1UXM2ejFRClJ5eCtLbmg1
+TnNWa2ZubjlWTlNhRXN1VmkwY2FuZ0VxVW9hd3MvSU9oZDgKLT4gVVtqZmMtZ3Jl
+YXNlIEEzb2UgdThFVCBtdn02e0VCClhOM1l6Vjc4eS9TQzZVaWNYNXpGNFgzUnJE
+NXJIalBOZ1IyR2V2OU9pRGcKLS0tIEUvaTM3L0tGNkhFWHNtTkg2ZWNlQ2R4dzNS
+c1FMc0k5ank1cVVwSTg4SjAKF0pm88PGxxI7KAx4ECmQqOwvmOA0OabpUg7nTml4
+q2buzE+zKG4Mcl6bQVGQTpsY1uPCYFY=
+-----END AGE ENCRYPTED FILE-----