From 92e8a6630b8f7cb8c98b0b6712f31a1598905bd9 Mon Sep 17 00:00:00 2001
From: RGBCube <git@rgbcu.be>
Date: Sat, 13 Jan 2024 09:36:18 +0300
Subject: [PATCH] Use postgresql instead of sqlite for grafana

---
 hosts/cube/grafana.nix    | 23 ++++++++++++++++++-----
 hosts/cube/postgresql.nix | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+), 5 deletions(-)
 create mode 100644 hosts/cube/postgresql.nix

diff --git a/hosts/cube/grafana.nix b/hosts/cube/grafana.nix
index 4360bd1..1c7ac92 100644
--- a/hosts/cube/grafana.nix
+++ b/hosts/cube/grafana.nix
@@ -1,4 +1,4 @@
-{ config, ulib, ... }: with ulib;
+{ config, pkgs, ulib, ... }: with ulib;
 
 let
   inherit (config.networking) domain;
@@ -10,18 +10,31 @@ in serverSystemConfiguration {
     group = "grafana";
   };
 
+  services.postgresql = {
+    ensureDatabases = [ "grafana" ];
+    initialScript   = pkgs.writeText "postgresql-initial-script" ''
+      CREATE ROLE grafana WITH LOGIN PASSWORD NULL CREATEDB;
+      GRANT ALL PRIVILEGES ON DATABASE grafana TO grafana;
+    '';
+  };
+
   services.grafana = enabled {
     domain = fqdn;
     port   = 8999;
 
+    settings = {
+      database.host = "/run/postgresql";
+      database.type = "postgres";
+      database.user = "grafana";
+
+      server.http_addr    = "::";
+      users.default_theme = "system";
+    };
+
     settings.security = {
       admin_email    = "metrics@${domain}";
       admin_password = "$__file{${config.age.secrets."cube.mail.password".path}}";
     };
-
-    settings.server.http_addr = "::";
-
-    settings.users.default_theme = "system";
   };
 
   services.nginx.virtualHosts.${fqdn} = {
diff --git a/hosts/cube/postgresql.nix b/hosts/cube/postgresql.nix
new file mode 100644
index 0000000..b2d8f3b
--- /dev/null
+++ b/hosts/cube/postgresql.nix
@@ -0,0 +1,33 @@
+{ config, lib, ulib, ... }: with ulib;
+
+serverSystemConfiguration {
+  services.prometheus.exporters.postgres = enabled {
+    port                = 9030;
+    runAsLocalSuperUser = true;
+  };
+
+  services.prometheus.scrapeConfigs = [{
+    job_name = "postgres";
+
+    static_configs = [{
+      labels.job = "postgres";
+      targets    = [ "[::]:${toString config.services.prometheus.exporters.postgres.port}" ];
+    }];
+  }];
+
+  services.postgresql = enabled {
+    enableTCPIP    = true;
+
+    authentication = lib.mkOverride 10 ''
+    # Type  Database DBUser Authentication IdentMap
+      local sameuser all    peer           map=superuser_map
+    '';
+
+    identMap = ''
+    # Map           System   DBUser
+      superuser_map root     postgres
+      superuser_map postgres postgres
+      superuser_map /^(.*)$  \1
+    '';
+  };
+}