From 9616fb1df0b5d3ce8b7bf85b392e4db15ebd2e73 Mon Sep 17 00:00:00 2001
From: Daniel Flanagan <daniel@lyte.dev>
Date: Wed, 11 Sep 2024 15:28:52 -0500
Subject: [PATCH] Setup grafana smtp

---
 nixos/beefcake.nix           | 51 +++++++++++++++++++++++++++++++++---
 secrets/beefcake/secrets.yml |  5 ++--
 2 files changed, 51 insertions(+), 5 deletions(-)

diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix
index 2621f56..4842cf9 100644
--- a/nixos/beefcake.nix
+++ b/nixos/beefcake.nix
@@ -896,6 +896,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
           SIGNUPS_ALLOWED = "false";
           ROCKET_ADDRESS = "127.0.0.1";
           ROCKET_PORT = 8222;
+          # TODO: smtp setup?
+          # right now, I think I configured this manually by temporarily setting ADMIN_TOKEN
+          # and then configuring in https://bw.lyte.dev/admin
         };
       };
       services.caddy.virtualHosts."bw.lyte.dev" = {
@@ -1452,16 +1455,34 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
         checkConfig = true;
         listenAddress = "127.0.0.1";
         port = 9090;
+        scrapeConfigs = [
+          {
+            job_name = "beefcake";
+            static_configs = [
+              {
+                targets = let inherit (config.services.prometheus.exporters.node) port listenAddress; in ["${listenAddress}:${toString port}"];
+              }
+            ];
+          }
+        ];
         exporters = {
           postgres = {
             enable = true;
             # runAsLocalSuperUser = true;
           };
+          node = {
+            enable = true;
+            listenAddress = "127.0.0.1";
+            port = 9100;
+            enabledCollectors = [
+              "systemd"
+            ];
+          };
+          zfs = {
+            enable = true;
+          };
         };
-        # alertmanager.enable = true; # grafana for alerts?
       };
-      # services.node-exporter.enable = true; # TODO: node-exporter?
-      # TODO: exporters.zfs?
       # TODO: promtail?
       # idrac exporter?
       # restic exporter?
@@ -1494,17 +1515,41 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
           group = "grafana";
           mode = "0400";
         };
+        grafana-smtp-password = {
+          owner = "grafana";
+          group = "grafana";
+          mode = "0400";
+        };
       };
       services.grafana = {
         enable = true;
         dataDir = "/storage/grafana";
         provision = {
           enable = true;
+          datasources = {
+            settings = {
+              datasources = [
+                {
+                  name = "Prometheus";
+                  type = "prometheus";
+                  access = "proxy";
+                  url = "http://localhost:${toString config.services.prometheus.port}";
+                  isDefault = true;
+                }
+              ];
+            };
+          };
         };
         settings = {
           server = {
             http_port = 3814;
           };
+          smtp = {
+            enabled = true;
+            from_address = "grafana@lyte.dev";
+            host = "smtp.mailgun.org";
+            password = ''$__file{${config.sops.secrets.grafana-smtp-password.path}}'';
+          };
           security = {
             admin_email = "daniel@lyte.dev";
             admin_user = "lytedev";
diff --git a/secrets/beefcake/secrets.yml b/secrets/beefcake/secrets.yml
index d2507db..70c973c 100644
--- a/secrets/beefcake/secrets.yml
+++ b/secrets/beefcake/secrets.yml
@@ -17,6 +17,7 @@ plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7z
 nextcloud-admin-password: ENC[AES256_GCM,data:QaoSZyommeGED3nWNru92UVO2tjk24HE9fWX7ExYT101o4ZL411TmV1TXHSyfwjmE7yLIm1K/j4xpEbIY3zvFg==,iv:xC5EZVPHumVPOob5jiiXMFAmdFQcFSUPtZgioAgGDDs=,tag:Q/kY38XWkGsqcmCkd2lodg==,type:str]
 grafana-admin-password: ENC[AES256_GCM,data:SpxQ7FgFoF5cZj5+1ug=,iv:NaQPIqFE62PHC14rT/xqYchdt7IykS8jJhuGRcC2SjM=,tag:Q8QtHiE4Beh5GG/IcvjG4w==,type:str]
 netlify-ddns-password: ENC[AES256_GCM,data:mz9MS93ZPbtziwo56DP27q5ZgA1rgCptQpgTPrq2Ihc3KjSxSACJ6p6t8NjRPr4lSDLPzDa47OnRct/N4fcm5Q==,iv:upOh9S0wvTXBwfso3GhQzpl5befY0T0hTW/LGNcvv0k=,tag:/LNP0wIaxtExulV0blVkXA==,type:str]
+grafana-smtp-password: ENC[AES256_GCM,data:eSzFlEcgSPEy7p0QW6Pr6Z86TRHuuIJcM7nSI7bBBFy/9/VQaYk6+Ztu049ZGrejPNk=,iv:o14YoiTE4dCKw/Rbh/B2m2b5oyitvaB+FnLxydgu75c=,tag:4iRngd9OiZMq5RTVKdklHw==,type:str]
 #ENC[AES256_GCM,data:IDauOj95sPt6LQkNWOaAV3AR7XPHJljX7Gef/IgtzC227ln7aKpVLCbhxD6pNTwd9/KhIXJp3vagCjfgkO/utA==,iv:Pn5jIPsFMBA2xnp3SUBgBug1NN8d3h3zy1pGVzO2hO0=,tag:NzhLA7nqE7SRRMV+rKgCjQ==,type:comment]
 forgejo-runner.env: ENC[AES256_GCM,data:x4EaDzK4W34ZEZ/Inakore2YABZf8e7TBBjoC6xTPZ9GBrSZCE85FOcHAmMXPDo=,iv:bNGOsLnhxnlC/opCKT1DSsGoWdmgJ8NgEPY3ySlN108=,tag:Ijp3qHBSdv6EDaZdomJhAA==,type:str]
 jland.env: ENC[AES256_GCM,data:u+QKwKWG9NFduuofhe3aatof3KoC0N4ZpNOD8E/7l0BTSoTe5Tqmz5/33EOcBUw99+YLFR4kTJwdUmLWHk4UD87aGsJ4liPCtXnBsToAzBGg0I3mhGQ/QM8iKXMW9oKb3ciapitQBuJa1WIp5/bHNtCXWQ==,iv:iZDET5EWM4DnAoQqLP9+Ll4S+mFHt2wZ3ENtN79Dbqw=,tag:qVpocN3FxlHfte2hAmtGPA==,type:str]
@@ -49,8 +50,8 @@ sops:
             bGpacHFRSkJYUUMwOEh4cVBXZ1NESmsKa5EhZ7148ojCqZldukLcPLr93HqnpNgq
             rMI0Nyz4Z4lkTVMRpA94zyNTkNwJ02/CYcKi8EJi6jGZnNPUTcnTwg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-11T19:52:21Z"
-    mac: ENC[AES256_GCM,data:Vp4vxT+koS3a4iY6u62aH+vAsgztpIZpzdzEkXv2I4ycYM5EHNAS09oeKH3+hpIuRLZ0o6txo+BXqGGqLyNVPL5kBJygOa1kRsdf0TC6z2lutCeh6/R2EAPLzJUBVJ6T9dWSOT3Q7PYjXOVlqu4uHr0DZsLfHDBORAZ/B95vyrc=,iv:GQF3woxacyK9o07n0LGE91PS6CCZ7g/yJgL5BniCffg=,tag:9D158qqTma/I2p/f7bwl3A==,type:str]
+    lastmodified: "2024-09-11T20:26:42Z"
+    mac: ENC[AES256_GCM,data:a0gC3hbOoEkRWWv9o1wUbiuvTnp9+vSDTD+l1xxRnwApXW6oqoLpcChbfrHNKNpJKMOQ7KUEgR2Gc5oWQUk+sth4QY/P59QeTtXNAWdmyB8SsbaRdmms/EapUhH8qSy2v24JOaqIdCv/HrRF1MJnHjJ0qZX/bTC6JVmIrsM6LlQ=,iv:AkMwDNRPn+yUOWFcHCdPLerkztAi9/W0W87LQSD/aZo=,tag:+6fi773Qc5lTM60fIVHSnQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.0