From 66fe419c0fa94f1c68632a158e214afc6faf696c Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 12:59:50 +0200
Subject: [PATCH 01/24] initial commit for monitoring and formatting

---
 services/monitoring/grafana.mod.nix    | 32 ++++++++++++++++++++++++++
 services/monitoring/prometheus.mod.nix |  0
 2 files changed, 32 insertions(+)
 create mode 100644 services/monitoring/grafana.mod.nix
 create mode 100644 services/monitoring/prometheus.mod.nix

diff --git a/services/monitoring/grafana.mod.nix b/services/monitoring/grafana.mod.nix
new file mode 100644
index 0000000..ba7c273
--- /dev/null
+++ b/services/monitoring/grafana.mod.nix
@@ -0,0 +1,32 @@
+{
+  glucose.modules = [
+    {(
+      services.grafana = {
+        enable = true;
+        dataDir = "/var/services/grafana";
+        # declarativePlugins = null;
+
+        settings =  {
+         # analytics = {};
+         # database = {};
+         # paths = {};
+         # security = {};
+          server = {
+            root_url = "https://grf.collective-conciousness.monster";
+            enable_gzip = true;
+            http_addr = "127.0.0.1";
+            http_port = 6700;
+          };
+         # smtp = {};
+         # users = {};
+        };
+
+        /*provision = {
+          alerting = {};
+          dashboards = {};
+          datasources = {};
+        };*/
+      };
+    )}
+  ];
+}
\ No newline at end of file
diff --git a/services/monitoring/prometheus.mod.nix b/services/monitoring/prometheus.mod.nix
new file mode 100644
index 0000000..e69de29

From 3b3bbb61c31f8faad11b1987f06328ed040c0faa Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 13:12:54 +0200
Subject: [PATCH 02/24] added prometheus

---
 adyya-pkgs/adyya_pkgs.mod.nix          |  2 +-
 art.mod.nix                            |  2 +-
 services/monitoring/prometheus.mod.nix | 12 ++++++++++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/adyya-pkgs/adyya_pkgs.mod.nix b/adyya-pkgs/adyya_pkgs.mod.nix
index e5af837..696dc9d 100644
--- a/adyya-pkgs/adyya_pkgs.mod.nix
+++ b/adyya-pkgs/adyya_pkgs.mod.nix
@@ -66,7 +66,7 @@
     {
       nixpkgs.overlays = [
         (final: prev: {
- #         beeref = final.callPackage ./beeref.nix {}; # I'M GOING TO TRUNCATE *YOU*, BEEREF.
+          #         beeref = final.callPackage ./beeref.nix {}; # I'M GOING TO TRUNCATE *YOU*, BEEREF.
         })
       ];
     }
diff --git a/art.mod.nix b/art.mod.nix
index 51dd77f..8464dfe 100644
--- a/art.mod.nix
+++ b/art.mod.nix
@@ -18,7 +18,7 @@
           darktable
           obs-studio
           # pureref # not updated on nixpkgs apparently
-        #  beeref  # straight up doesn't work
+          #  beeref  # straight up doesn't work
         ];
       }
     )
diff --git a/services/monitoring/prometheus.mod.nix b/services/monitoring/prometheus.mod.nix
index e69de29..412a8dc 100644
--- a/services/monitoring/prometheus.mod.nix
+++ b/services/monitoring/prometheus.mod.nix
@@ -0,0 +1,12 @@
+{
+  glucose.modules = [
+    {(
+      services.prometheus = {
+        enable = true;
+        port = 6750;
+
+        enableReload = true;  
+      };
+    )}
+  ];
+}
\ No newline at end of file

From a6f6a9235e67a990b5ad8f69cb84d751beaaeb2d Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 14:59:49 +0200
Subject: [PATCH 03/24] syntax fumbled

---
 services/monitoring/grafana.mod.nix    | 4 ++--
 services/monitoring/prometheus.mod.nix | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/services/monitoring/grafana.mod.nix b/services/monitoring/grafana.mod.nix
index ba7c273..82064c6 100644
--- a/services/monitoring/grafana.mod.nix
+++ b/services/monitoring/grafana.mod.nix
@@ -1,6 +1,6 @@
 {
   glucose.modules = [
-    {(
+    {
       services.grafana = {
         enable = true;
         dataDir = "/var/services/grafana";
@@ -27,6 +27,6 @@
           datasources = {};
         };*/
       };
-    )}
+    }
   ];
 }
\ No newline at end of file
diff --git a/services/monitoring/prometheus.mod.nix b/services/monitoring/prometheus.mod.nix
index 412a8dc..e142759 100644
--- a/services/monitoring/prometheus.mod.nix
+++ b/services/monitoring/prometheus.mod.nix
@@ -1,12 +1,12 @@
 {
   glucose.modules = [
-    {(
+    {
       services.prometheus = {
         enable = true;
         port = 6750;
 
         enableReload = true;  
       };
-    )}
+    }
   ];
 }
\ No newline at end of file

From 634b971019cdbf2bd4fc85fc94b15f7945715dfa Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 15:06:32 +0200
Subject: [PATCH 04/24] open ports in firewall

---
 networking/firewall.mod.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/networking/firewall.mod.nix b/networking/firewall.mod.nix
index d952102..21cac4f 100644
--- a/networking/firewall.mod.nix
+++ b/networking/firewall.mod.nix
@@ -23,9 +23,13 @@
       networking.firewall = {
         allowedTCPPorts = [
           64738 # murmur tcp
+          6700 # grafana
+          6750 # prometheus
         ];
         allowedUDPPorts = [
           64738 # murmur udp
+          6700 # grafana
+          6750 # prometheus
         ];
       };
     }

From b73daed1c975fe0b350915fe5e345735ebf4eaf3 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 15:19:30 +0200
Subject: [PATCH 05/24] updated some comments and added grafana to caddyfile,
 currently restricted to the IP range of the wireguard network.

---
 networking/firewall.mod.nix | 4 ++--
 services/caddy/Caddyfile    | 7 +++++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/networking/firewall.mod.nix b/networking/firewall.mod.nix
index 21cac4f..e910880 100644
--- a/networking/firewall.mod.nix
+++ b/networking/firewall.mod.nix
@@ -40,9 +40,9 @@
       services.fail2ban.enable = true;
       networking.firewall = {
         interfaces.eth0.allowedTCPPorts = [
-          80
+          80 # http
           222 # forgejo ssh
-          443
+          443 # https 
           64738 # murmur tcp
         ];
         interfaces.eth0.allowedUDPPorts = [
diff --git a/services/caddy/Caddyfile b/services/caddy/Caddyfile
index c35763c..cd231c6 100644
--- a/services/caddy/Caddyfile
+++ b/services/caddy/Caddyfile
@@ -48,4 +48,11 @@ https://cache.collective-conciousness.monster {
     encode zstd gzip
      
     reverse_proxy 10.24.1.4:5020
+}
+
+https://grf.collective-conciousness.monster {
+    encode zstd gzip
+
+    @wireguard-network remote_ip 10.24.1.0/24 
+    reverse_proxy @wireguard-network 10.24.1.4:6700
 }
\ No newline at end of file

From bf3dfc7b57ec6fad1d54d3e2d94d5a23284265c1 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 15:29:14 +0200
Subject: [PATCH 06/24] updated Caddyfile logic

---
 services/caddy/Caddyfile | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/services/caddy/Caddyfile b/services/caddy/Caddyfile
index cd231c6..bca825a 100644
--- a/services/caddy/Caddyfile
+++ b/services/caddy/Caddyfile
@@ -54,5 +54,11 @@ https://grf.collective-conciousness.monster {
     encode zstd gzip
 
     @wireguard-network remote_ip 10.24.1.0/24 
-    reverse_proxy @wireguard-network 10.24.1.4:6700
+
+    handle @wireguard-network {
+        reverse_proxy 10.24.1.4:6700
+    }
+    handle {
+        respond "no match. sorgy"
+    }
 }
\ No newline at end of file

From ec71077ddb8f438c013ad92f5b7f51949dd7a0c4 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 15:45:33 +0200
Subject: [PATCH 07/24] further improve caddyfile

---
 services/caddy/Caddyfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/caddy/Caddyfile b/services/caddy/Caddyfile
index bca825a..d456407 100644
--- a/services/caddy/Caddyfile
+++ b/services/caddy/Caddyfile
@@ -53,7 +53,7 @@ https://cache.collective-conciousness.monster {
 https://grf.collective-conciousness.monster {
     encode zstd gzip
 
-    @wireguard-network remote_ip 10.24.1.0/24 
+    @wireguard-network remote_ip 10.24.1.0/24 127.0.0.1/32
 
     handle @wireguard-network {
         reverse_proxy 10.24.1.4:6700

From 95d419d9e431042d96193be7768e4af75c1efbd1 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 16:10:19 +0200
Subject: [PATCH 08/24] added secret handling, so the wireguard network stuff
 is unnecessary

---
 secrets.yaml                        | 8 +++++---
 services/caddy/Caddyfile            | 8 +-------
 services/monitoring/grafana.mod.nix | 9 ++++++---
 sops.mod.nix                        | 4 ++++
 4 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/secrets.yaml b/secrets.yaml
index 1d7281d..83810de 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -22,6 +22,8 @@ murmur_welcome_message: ENC[AES256_GCM,data:k05ez0/raIbgBMu90NrAg5O1nkucDibQXdj8
 murmur_login_password: ENC[AES256_GCM,data:Fh6XjSxiLEP1jE56D9JRv0TokYOjEafeDkrh9/x5f+Rv4qgH18k54Le4dyl3EzNQ,iv:QbAPJx4xe2DT7AhXbOvQto4M6ICKVlJ/BXoP3ORjd4o=,tag:clHHTrQdi1bzA21gjY7mSg==,type:str]
 forgejo_runner_glucose_token: ENC[AES256_GCM,data:UWzKhDUojVrSWbS2sDyX8xdK9albNoHr9PACjbtd1YKhukfjC0W1ig==,iv:13gymOJQlwWrpz7CMweBf++BsLCJvq6XMv4CMdb32gk=,tag:tPgk6x8GLS9HH2VDuwPdvA==,type:str]
 forgejo_runner_fructose_token: ENC[AES256_GCM,data:vExgJdEHpqzn6DAsMVnE2e3EmgehZMFnPTAV/VYOGvl6kgTYqYoBhA==,iv:dja9VC4Pr9asl/I4ieg5c718V4Nq+pqvB8c7oQD5Qqc=,tag:ynFs2NQX466ECYnsmeUFzg==,type:str]
+grafana_admin_account: ENC[AES256_GCM,data:kDj9o2cpRLmpRVwONBI=,iv:cQfeFhBAVMSysP43J+eDVKAmn1NM+aUN9huraGgpRkY=,tag:AFIr0pwRvHj8ruDAqc2Lww==,type:str]
+grafana_admin_pass: ENC[AES256_GCM,data:AnuVrCJcfj1cHP5W2s5eDlRLaJTOc0T7W3sS2/flnA==,iv:EA0SGXxf9kF+ltmNgcd3rGE7Jmg8/+s3Gip0uByEF9o=,tag:Rm+eSe+H1uytm/MMxMuZpw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -37,8 +39,8 @@ sops:
             NHg3M2l5MWY2alpHdVhIbE5PQ3VxeW8Kr+o5K2EIrPSfIFBWK68mWl4lWJooZxF/
             vKsU99C2iIsbX/eTF2uNQqeDkOqy5egKCG42xikwycGFO/gbnCDIdw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-26T10:35:19Z"
-    mac: ENC[AES256_GCM,data:sP45NUFj0qRLYj3w1bZN2C5gzOef4O7GFtE7GOkDHm4IQ8YaDJW+rt3DHiAqGt34qAHcP4ahDKpsL9S1ZPs4fw+DFUEdWZROUFAMS1OsTurVQUPt08DzC8mi6t3SH4ud6YZw3l6M8eja80BK7KsEBMD4UfxoP4pgQB4oOSRoJn4=,iv:5WJq42Idwu7oMKBQBGuFp44+Bnh/Ncgkuhq0lPi+Rxc=,tag:9O45IrqkMWVtyXgXBv1bmg==,type:str]
+    lastmodified: "2024-12-20T14:08:54Z"
+    mac: ENC[AES256_GCM,data:U4WSALgavBjqt3b3lFXchxEvruG04IqtVikZnuQRyH40Z4f2PM4I5RdCaxyU3CaXPbb8/RQEYSWkLcQZ0HJvqqERLuKl25EqGFEMP5Wph3K5hSBEawk+eE6ep+tSN6bp9H4MIic1vcdn9+2JvBMnIFUEL+1zr0yvmBoz8RiavTc=,iv:rGsaWuvpGwCAWjbp1j2EZN5bQamxPisIsDfzF131HUc=,tag:f4dupyfCkN56ZikSCuHNWA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.1
+    version: 3.9.2
diff --git a/services/caddy/Caddyfile b/services/caddy/Caddyfile
index d456407..ddcd352 100644
--- a/services/caddy/Caddyfile
+++ b/services/caddy/Caddyfile
@@ -53,12 +53,6 @@ https://cache.collective-conciousness.monster {
 https://grf.collective-conciousness.monster {
     encode zstd gzip
 
-    @wireguard-network remote_ip 10.24.1.0/24 127.0.0.1/32
+    reverse_proxy 10.24.1.4:6700
 
-    handle @wireguard-network {
-        reverse_proxy 10.24.1.4:6700
-    }
-    handle {
-        respond "no match. sorgy"
-    }
 }
\ No newline at end of file
diff --git a/services/monitoring/grafana.mod.nix b/services/monitoring/grafana.mod.nix
index 82064c6..9d8dc07 100644
--- a/services/monitoring/grafana.mod.nix
+++ b/services/monitoring/grafana.mod.nix
@@ -1,6 +1,6 @@
 {
   glucose.modules = [
-    {
+    ({config, lib, ...}: {
       services.grafana = {
         enable = true;
         dataDir = "/var/services/grafana";
@@ -10,7 +10,10 @@
          # analytics = {};
          # database = {};
          # paths = {};
-         # security = {};
+          security = {
+            admin_user = "$__file" + "{${config.sops.secrets.grafana_admin_account.path}}";
+            admin_password = "$__file" + "{${config.sops.secrets.grafana_admin_pass.path}}";
+          };
           server = {
             root_url = "https://grf.collective-conciousness.monster";
             enable_gzip = true;
@@ -27,6 +30,6 @@
           datasources = {};
         };*/
       };
-    }
+    })
   ];
 }
\ No newline at end of file
diff --git a/sops.mod.nix b/sops.mod.nix
index 107fcc5..c9e2f47 100644
--- a/sops.mod.nix
+++ b/sops.mod.nix
@@ -54,6 +54,10 @@
         '';
       }
     )
+    ({config, ...}: {
+      sops.secrets.grafana_admin_pass = {};
+      sops.secrets.grafana_admin_account = {};
+    })
     (
       {config, ...}: {
         sops.secrets.murmur_login_password = {};

From 2697607f915bb19c904919f754e4bec3f152b242 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 16:19:33 +0200
Subject: [PATCH 09/24] changed secret owner and formatted files

---
 networking/firewall.mod.nix            |  2 +-
 services/monitoring/grafana.mod.nix    | 26 ++++++++++++++++----------
 services/monitoring/prometheus.mod.nix |  4 ++--
 sops.mod.nix                           |  2 ++
 4 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/networking/firewall.mod.nix b/networking/firewall.mod.nix
index e910880..9a383c6 100644
--- a/networking/firewall.mod.nix
+++ b/networking/firewall.mod.nix
@@ -42,7 +42,7 @@
         interfaces.eth0.allowedTCPPorts = [
           80 # http
           222 # forgejo ssh
-          443 # https 
+          443 # https
           64738 # murmur tcp
         ];
         interfaces.eth0.allowedUDPPorts = [
diff --git a/services/monitoring/grafana.mod.nix b/services/monitoring/grafana.mod.nix
index 9d8dc07..5e87dcf 100644
--- a/services/monitoring/grafana.mod.nix
+++ b/services/monitoring/grafana.mod.nix
@@ -1,15 +1,19 @@
 {
   glucose.modules = [
-    ({config, lib, ...}: {
+    ({
+      config,
+      lib,
+      ...
+    }: {
       services.grafana = {
         enable = true;
         dataDir = "/var/services/grafana";
         # declarativePlugins = null;
 
-        settings =  {
-         # analytics = {};
-         # database = {};
-         # paths = {};
+        settings = {
+          # analytics = {};
+          # database = {};
+          # paths = {};
           security = {
             admin_user = "$__file" + "{${config.sops.secrets.grafana_admin_account.path}}";
             admin_password = "$__file" + "{${config.sops.secrets.grafana_admin_pass.path}}";
@@ -20,16 +24,18 @@
             http_addr = "127.0.0.1";
             http_port = 6700;
           };
-         # smtp = {};
-         # users = {};
+          # smtp = {};
+          # users = {};
         };
 
-        /*provision = {
+        /*
+          provision = {
           alerting = {};
           dashboards = {};
           datasources = {};
-        };*/
+        };
+        */
       };
     })
   ];
-}
\ No newline at end of file
+}
diff --git a/services/monitoring/prometheus.mod.nix b/services/monitoring/prometheus.mod.nix
index e142759..bd595f2 100644
--- a/services/monitoring/prometheus.mod.nix
+++ b/services/monitoring/prometheus.mod.nix
@@ -5,8 +5,8 @@
         enable = true;
         port = 6750;
 
-        enableReload = true;  
+        enableReload = true;
       };
     }
   ];
-}
\ No newline at end of file
+}
diff --git a/sops.mod.nix b/sops.mod.nix
index c9e2f47..c4baf61 100644
--- a/sops.mod.nix
+++ b/sops.mod.nix
@@ -57,6 +57,8 @@
     ({config, ...}: {
       sops.secrets.grafana_admin_pass = {};
       sops.secrets.grafana_admin_account = {};
+      sops.secrets.grafana_admin_account.owner = "grafana";
+      sops.secrets.grafana_admin_pass.owner = "grafana";
     })
     (
       {config, ...}: {

From 22ac7dee6af4991e32368bfa051b528125d7d29f Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 16:23:54 +0200
Subject: [PATCH 10/24] changed http address, configured connection protocol
 for grafana

---
 services/monitoring/grafana.mod.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/services/monitoring/grafana.mod.nix b/services/monitoring/grafana.mod.nix
index 5e87dcf..08691ff 100644
--- a/services/monitoring/grafana.mod.nix
+++ b/services/monitoring/grafana.mod.nix
@@ -21,8 +21,9 @@
           server = {
             root_url = "https://grf.collective-conciousness.monster";
             enable_gzip = true;
-            http_addr = "127.0.0.1";
+            http_addr = "0.0.0.0";
             http_port = 6700;
+            protocol = "https";
           };
           # smtp = {};
           # users = {};

From 4e4b825e616915f05c9756b2d2a6dad2f925355b Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 16:27:14 +0200
Subject: [PATCH 11/24] testing, maybe that isn't needed

---
 services/monitoring/grafana.mod.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/services/monitoring/grafana.mod.nix b/services/monitoring/grafana.mod.nix
index 08691ff..37d49ee 100644
--- a/services/monitoring/grafana.mod.nix
+++ b/services/monitoring/grafana.mod.nix
@@ -23,7 +23,6 @@
             enable_gzip = true;
             http_addr = "0.0.0.0";
             http_port = 6700;
-            protocol = "https";
           };
           # smtp = {};
           # users = {};

From 4c1917ef245361fe8d17b9950a91fbf159b2b6a1 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 16:31:45 +0200
Subject: [PATCH 12/24] for some reason it defaulted to admin/admin. I Do Not
 want that, so i'm trying to change how it gets the path?

---
 services/monitoring/grafana.mod.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/services/monitoring/grafana.mod.nix b/services/monitoring/grafana.mod.nix
index 37d49ee..04471ba 100644
--- a/services/monitoring/grafana.mod.nix
+++ b/services/monitoring/grafana.mod.nix
@@ -15,8 +15,8 @@
           # database = {};
           # paths = {};
           security = {
-            admin_user = "$__file" + "{${config.sops.secrets.grafana_admin_account.path}}";
-            admin_password = "$__file" + "{${config.sops.secrets.grafana_admin_pass.path}}";
+            admin_user = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_account.path}}"];
+            admin_password = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_pass.path}}"];
           };
           server = {
             root_url = "https://grf.collective-conciousness.monster";

From 1fd04521c81e17b0e380467ee4a848c877cfaaf3 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 16:48:19 +0200
Subject: [PATCH 13/24] added postgres connection to grafana

---
 secrets.yaml                        |  5 +++--
 services/monitoring/grafana.mod.nix | 20 ++++++++++++++++----
 sops.mod.nix                        |  2 ++
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/secrets.yaml b/secrets.yaml
index 83810de..b17ac05 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -24,6 +24,7 @@ forgejo_runner_glucose_token: ENC[AES256_GCM,data:UWzKhDUojVrSWbS2sDyX8xdK9albNo
 forgejo_runner_fructose_token: ENC[AES256_GCM,data:vExgJdEHpqzn6DAsMVnE2e3EmgehZMFnPTAV/VYOGvl6kgTYqYoBhA==,iv:dja9VC4Pr9asl/I4ieg5c718V4Nq+pqvB8c7oQD5Qqc=,tag:ynFs2NQX466ECYnsmeUFzg==,type:str]
 grafana_admin_account: ENC[AES256_GCM,data:kDj9o2cpRLmpRVwONBI=,iv:cQfeFhBAVMSysP43J+eDVKAmn1NM+aUN9huraGgpRkY=,tag:AFIr0pwRvHj8ruDAqc2Lww==,type:str]
 grafana_admin_pass: ENC[AES256_GCM,data:AnuVrCJcfj1cHP5W2s5eDlRLaJTOc0T7W3sS2/flnA==,iv:EA0SGXxf9kF+ltmNgcd3rGE7Jmg8/+s3Gip0uByEF9o=,tag:Rm+eSe+H1uytm/MMxMuZpw==,type:str]
+grafana_db_pass: ENC[AES256_GCM,data:2yVNv62go7Bxgmhoqx6J5WU=,iv:4VGAsT4WR0J/aNKUjts+rUIK5UR8OyHjCln4NXnS0LA=,tag:0KtbBFX+3+5fp6ekDSKGrw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -39,8 +40,8 @@ sops:
             NHg3M2l5MWY2alpHdVhIbE5PQ3VxeW8Kr+o5K2EIrPSfIFBWK68mWl4lWJooZxF/
             vKsU99C2iIsbX/eTF2uNQqeDkOqy5egKCG42xikwycGFO/gbnCDIdw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-20T14:08:54Z"
-    mac: ENC[AES256_GCM,data:U4WSALgavBjqt3b3lFXchxEvruG04IqtVikZnuQRyH40Z4f2PM4I5RdCaxyU3CaXPbb8/RQEYSWkLcQZ0HJvqqERLuKl25EqGFEMP5Wph3K5hSBEawk+eE6ep+tSN6bp9H4MIic1vcdn9+2JvBMnIFUEL+1zr0yvmBoz8RiavTc=,iv:rGsaWuvpGwCAWjbp1j2EZN5bQamxPisIsDfzF131HUc=,tag:f4dupyfCkN56ZikSCuHNWA==,type:str]
+    lastmodified: "2024-12-20T14:41:58Z"
+    mac: ENC[AES256_GCM,data:+F5UEx3OsmIV7eOXGiwYY51NN/5MY4Zejr54OX51p42m1PBohEiR0DhGygiqyNKLwYfX7eyCKehDeSl7+z/kcqTlc7999Fh8qI7ur+BdxtbQsoH35NWWW6V/q4MTlw7hLoHXqSrt4jw8B9nhEKTYbtMCYNRvxH+k+/OYEy5gn3I=,iv:ydbOr/KAe/TW4OCzrDNipi++BT5X583Ux31Q4KaGMG0=,tag:+Wo6C1zbyCqH4OykGHiBDQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.2
diff --git a/services/monitoring/grafana.mod.nix b/services/monitoring/grafana.mod.nix
index 04471ba..6db275d 100644
--- a/services/monitoring/grafana.mod.nix
+++ b/services/monitoring/grafana.mod.nix
@@ -11,12 +11,24 @@
         # declarativePlugins = null;
 
         settings = {
-          # analytics = {};
-          # database = {};
+          analytics = {
+            check_for_plugin_updates = false;
+            check_for_updates = false;
+            feedback_links_enabled = false;
+            reporting_enabled = false;
+          };
+
+          database = {
+            host = "10.24.1.9:5432";
+            type = "postgres";
+            name = "grafanadb";
+            user = "grafana";
+            password = lib.mkForce builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_db_pass}}"];
+          };
           # paths = {};
           security = {
-            admin_user = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_account.path}}"];
-            admin_password = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_pass.path}}"];
+            admin_user = lib.mkForce builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_account.path}}"];
+            admin_password = lib.mkForce builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_pass.path}}"];
           };
           server = {
             root_url = "https://grf.collective-conciousness.monster";
diff --git a/sops.mod.nix b/sops.mod.nix
index c4baf61..1f6c55f 100644
--- a/sops.mod.nix
+++ b/sops.mod.nix
@@ -57,8 +57,10 @@
     ({config, ...}: {
       sops.secrets.grafana_admin_pass = {};
       sops.secrets.grafana_admin_account = {};
+      sops.secrets.grafana_db_pass = {};
       sops.secrets.grafana_admin_account.owner = "grafana";
       sops.secrets.grafana_admin_pass.owner = "grafana";
+      sops.secrets.grafana_db_pass.owner = "grafana";
     })
     (
       {config, ...}: {

From 2e8ac8030f88226145706eaedf42f2446b7e1228 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 16:57:36 +0200
Subject: [PATCH 14/24] minor spelling mistake

---
 services/monitoring/grafana.mod.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/monitoring/grafana.mod.nix b/services/monitoring/grafana.mod.nix
index 6db275d..9e3f027 100644
--- a/services/monitoring/grafana.mod.nix
+++ b/services/monitoring/grafana.mod.nix
@@ -23,7 +23,7 @@
             type = "postgres";
             name = "grafanadb";
             user = "grafana";
-            password = lib.mkForce builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_db_pass}}"];
+            password = lib.mkForce builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_db_pass.path}}"];
           };
           # paths = {};
           security = {

From 6892f2d1d65369e85032ff7d1b71ab3269dbe037 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 16:58:35 +0200
Subject: [PATCH 15/24] force is not needed?

---
 services/monitoring/grafana.mod.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/monitoring/grafana.mod.nix b/services/monitoring/grafana.mod.nix
index 9e3f027..6da4cb0 100644
--- a/services/monitoring/grafana.mod.nix
+++ b/services/monitoring/grafana.mod.nix
@@ -23,7 +23,7 @@
             type = "postgres";
             name = "grafanadb";
             user = "grafana";
-            password = lib.mkForce builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_db_pass.path}}"];
+            password = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_db_pass.path}}"];
           };
           # paths = {};
           security = {

From 172d3bd0a11b379a6fd874e36ea6188f4e25bc53 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 16:59:02 +0200
Subject: [PATCH 16/24] force is not needed.

---
 services/monitoring/grafana.mod.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/services/monitoring/grafana.mod.nix b/services/monitoring/grafana.mod.nix
index 6da4cb0..e76f118 100644
--- a/services/monitoring/grafana.mod.nix
+++ b/services/monitoring/grafana.mod.nix
@@ -27,8 +27,8 @@
           };
           # paths = {};
           security = {
-            admin_user = lib.mkForce builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_account.path}}"];
-            admin_password = lib.mkForce builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_pass.path}}"];
+            admin_user = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_account.path}}"];
+            admin_password = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_pass.path}}"];
           };
           server = {
             root_url = "https://grf.collective-conciousness.monster";

From 8bc83ebd0baa9d4aad0193b350962a3199261687 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 17:19:57 +0200
Subject: [PATCH 17/24] added secret key

---
 secrets.yaml                        | 5 +++--
 services/monitoring/grafana.mod.nix | 1 +
 sops.mod.nix                        | 2 ++
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/secrets.yaml b/secrets.yaml
index b17ac05..82e98c5 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -25,6 +25,7 @@ forgejo_runner_fructose_token: ENC[AES256_GCM,data:vExgJdEHpqzn6DAsMVnE2e3EmgehZ
 grafana_admin_account: ENC[AES256_GCM,data:kDj9o2cpRLmpRVwONBI=,iv:cQfeFhBAVMSysP43J+eDVKAmn1NM+aUN9huraGgpRkY=,tag:AFIr0pwRvHj8ruDAqc2Lww==,type:str]
 grafana_admin_pass: ENC[AES256_GCM,data:AnuVrCJcfj1cHP5W2s5eDlRLaJTOc0T7W3sS2/flnA==,iv:EA0SGXxf9kF+ltmNgcd3rGE7Jmg8/+s3Gip0uByEF9o=,tag:Rm+eSe+H1uytm/MMxMuZpw==,type:str]
 grafana_db_pass: ENC[AES256_GCM,data:2yVNv62go7Bxgmhoqx6J5WU=,iv:4VGAsT4WR0J/aNKUjts+rUIK5UR8OyHjCln4NXnS0LA=,tag:0KtbBFX+3+5fp6ekDSKGrw==,type:str]
+grafana_secret_key: ENC[AES256_GCM,data:w5wrktLlSo8iIfc+r4Rc+XGj5RuXLeRvtTc3iHeGBZclrl+PsjIKf70p,iv:b0NM55wvDCyAtuBebjBgu2Zxio9cPTkFSNusu7veC4o=,tag:3suBUO0tizxjepLgJ1e1mw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -40,8 +41,8 @@ sops:
             NHg3M2l5MWY2alpHdVhIbE5PQ3VxeW8Kr+o5K2EIrPSfIFBWK68mWl4lWJooZxF/
             vKsU99C2iIsbX/eTF2uNQqeDkOqy5egKCG42xikwycGFO/gbnCDIdw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-20T14:41:58Z"
-    mac: ENC[AES256_GCM,data:+F5UEx3OsmIV7eOXGiwYY51NN/5MY4Zejr54OX51p42m1PBohEiR0DhGygiqyNKLwYfX7eyCKehDeSl7+z/kcqTlc7999Fh8qI7ur+BdxtbQsoH35NWWW6V/q4MTlw7hLoHXqSrt4jw8B9nhEKTYbtMCYNRvxH+k+/OYEy5gn3I=,iv:ydbOr/KAe/TW4OCzrDNipi++BT5X583Ux31Q4KaGMG0=,tag:+Wo6C1zbyCqH4OykGHiBDQ==,type:str]
+    lastmodified: "2024-12-20T15:19:45Z"
+    mac: ENC[AES256_GCM,data:vDwQ9F9DgTAqdEjA5zDBR6v3ZCLM5VpZZoMpkrOC0baudVqPK7tt8IcyxgfESn9yJ/GGHwkHgmYvQSOSReEjwKtnMjoTjvAl41PBMwG1+5/c7nqliajk0Sx+znXxDoSIKac4XYlWp5J5myK+wln7pTwy0y7/CgKlsyhIOOxOKec=,iv:1hlEIE8rxk74mb6v8Z9wVel01mtF96eOwsPka2os5L8=,tag:PN4soo9Ko5PlUMbI9HeXow==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.2
diff --git a/services/monitoring/grafana.mod.nix b/services/monitoring/grafana.mod.nix
index e76f118..4778ed9 100644
--- a/services/monitoring/grafana.mod.nix
+++ b/services/monitoring/grafana.mod.nix
@@ -29,6 +29,7 @@
           security = {
             admin_user = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_account.path}}"];
             admin_password = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_pass.path}}"];
+            secret_key = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_secret_key.path}}"];
           };
           server = {
             root_url = "https://grf.collective-conciousness.monster";
diff --git a/sops.mod.nix b/sops.mod.nix
index 1f6c55f..e46ab03 100644
--- a/sops.mod.nix
+++ b/sops.mod.nix
@@ -58,9 +58,11 @@
       sops.secrets.grafana_admin_pass = {};
       sops.secrets.grafana_admin_account = {};
       sops.secrets.grafana_db_pass = {};
+      sops.secrets.grafana_secret_key = {};
       sops.secrets.grafana_admin_account.owner = "grafana";
       sops.secrets.grafana_admin_pass.owner = "grafana";
       sops.secrets.grafana_db_pass.owner = "grafana";
+      sops.secrets.grafana_secret_key.owner = "grafana";
     })
     (
       {config, ...}: {

From f93018a4cfafee7bea1891cfe81a14f8064a5e89 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 17:53:08 +0200
Subject: [PATCH 18/24] configure grafana further. set up prometheus node
 export.

---
 services/monitoring/grafana.mod.nix    |  8 ++++++-
 services/monitoring/prometheus.mod.nix | 32 +++++++++++++++++++++++++-
 2 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/services/monitoring/grafana.mod.nix b/services/monitoring/grafana.mod.nix
index 4778ed9..0fa7f40 100644
--- a/services/monitoring/grafana.mod.nix
+++ b/services/monitoring/grafana.mod.nix
@@ -30,6 +30,9 @@
             admin_user = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_account.path}}"];
             admin_password = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_pass.path}}"];
             secret_key = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_secret_key.path}}"];
+
+            disable_gravatar = true;
+            cookie_secure = true;
           };
           server = {
             root_url = "https://grf.collective-conciousness.monster";
@@ -38,7 +41,10 @@
             http_port = 6700;
           };
           # smtp = {};
-          # users = {};
+          users = {
+            allow_org_create = true;
+            default_theme = "system";
+          };
         };
 
         /*
diff --git a/services/monitoring/prometheus.mod.nix b/services/monitoring/prometheus.mod.nix
index bd595f2..9589a71 100644
--- a/services/monitoring/prometheus.mod.nix
+++ b/services/monitoring/prometheus.mod.nix
@@ -1,11 +1,41 @@
 {
+  universal.modules = [
+    {
+      services.prometheus.exporters = {
+        node = {
+          enable = true;
+          enabledCollectors = ["systemd"];
+          port = 6703;
+        };
+        varnish.enable = true;
+      };
+    }
+  ];
   glucose.modules = [
     {
+      lib,
+      molecules,
+      ...
+    }: let
+      ip = i: "10.24.1.${toString i}";
+      ips = builtins.mapAttrs (lib.const ip) molecules;
+      ips' = builtins.mapAttrs (name: ip: "${ip}:6703") ips;
+    in {
       services.prometheus = {
         enable = true;
         port = 6750;
-
         enableReload = true;
+
+        scrapeConfigs = [
+          {
+            job_name = "devices";
+            static_configs = [
+              {
+                targets = ips';
+              }
+            ];
+          }
+        ];
       };
     }
   ];

From c4a0f63369ba41238f1b9b83197b4923e2c6f563 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 17:54:52 +0200
Subject: [PATCH 19/24] syntax mishap

---
 services/monitoring/prometheus.mod.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/services/monitoring/prometheus.mod.nix b/services/monitoring/prometheus.mod.nix
index 9589a71..b1ffcdb 100644
--- a/services/monitoring/prometheus.mod.nix
+++ b/services/monitoring/prometheus.mod.nix
@@ -12,7 +12,7 @@
     }
   ];
   glucose.modules = [
-    {
+    ({
       lib,
       molecules,
       ...
@@ -37,6 +37,6 @@
           }
         ];
       };
-    }
+    })
   ];
 }

From fdb6de025b9d01d8aa3b9bc38fd4230dc87ba7d4 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 17:59:33 +0200
Subject: [PATCH 20/24] hmm ?

---
 services/monitoring/prometheus.mod.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/services/monitoring/prometheus.mod.nix b/services/monitoring/prometheus.mod.nix
index b1ffcdb..c84bf7c 100644
--- a/services/monitoring/prometheus.mod.nix
+++ b/services/monitoring/prometheus.mod.nix
@@ -13,13 +13,13 @@
   ];
   glucose.modules = [
     ({
-      lib,
+      nixpkgs,
       molecules,
       ...
     }: let
       ip = i: "10.24.1.${toString i}";
-      ips = builtins.mapAttrs (lib.const ip) molecules;
-      ips' = builtins.mapAttrs (name: ip: "${ip}:6703") ips;
+      ips = builtins.mapAttrs (nixpkgs.lib.const ip) molecules;
+      ips' = builtins.mapAttrs (ip: "${ip}:6703") ips;
     in {
       services.prometheus = {
         enable = true;

From 7c96e82f837d96613dee0ee9c8d06dad0995219f Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 18:01:32 +0200
Subject: [PATCH 21/24] uwu please

---
 services/monitoring/prometheus.mod.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/monitoring/prometheus.mod.nix b/services/monitoring/prometheus.mod.nix
index c84bf7c..c51ffdf 100644
--- a/services/monitoring/prometheus.mod.nix
+++ b/services/monitoring/prometheus.mod.nix
@@ -19,7 +19,7 @@
     }: let
       ip = i: "10.24.1.${toString i}";
       ips = builtins.mapAttrs (nixpkgs.lib.const ip) molecules;
-      ips' = builtins.mapAttrs (ip: "${ip}:6703") ips;
+      ips' = builtins.mapAttrs (name: ip: "${ip}:6703") ips;
     in {
       services.prometheus = {
         enable = true;

From 20ef619d75b1a67f1ee6d40b96506067e9b09ebb Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 18:04:47 +0200
Subject: [PATCH 22/24] if this works, it's very scuffed

---
 services/monitoring/prometheus.mod.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/monitoring/prometheus.mod.nix b/services/monitoring/prometheus.mod.nix
index c51ffdf..96a5089 100644
--- a/services/monitoring/prometheus.mod.nix
+++ b/services/monitoring/prometheus.mod.nix
@@ -1,4 +1,4 @@
-{
+{molecules, ...}:{
   universal.modules = [
     {
       services.prometheus.exporters = {

From 6c59595a11b23a4483f73352c549b98e00de92e0 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 18:07:15 +0200
Subject: [PATCH 23/24] fuck it, no more fancy stuff, just do it like this

---
 services/monitoring/prometheus.mod.nix | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/services/monitoring/prometheus.mod.nix b/services/monitoring/prometheus.mod.nix
index 96a5089..b31459e 100644
--- a/services/monitoring/prometheus.mod.nix
+++ b/services/monitoring/prometheus.mod.nix
@@ -1,4 +1,4 @@
-{molecules, ...}:{
+{
   universal.modules = [
     {
       services.prometheus.exporters = {
@@ -13,14 +13,6 @@
   ];
   glucose.modules = [
     ({
-      nixpkgs,
-      molecules,
-      ...
-    }: let
-      ip = i: "10.24.1.${toString i}";
-      ips = builtins.mapAttrs (nixpkgs.lib.const ip) molecules;
-      ips' = builtins.mapAttrs (name: ip: "${ip}:6703") ips;
-    in {
       services.prometheus = {
         enable = true;
         port = 6750;
@@ -31,7 +23,7 @@
             job_name = "devices";
             static_configs = [
               {
-                targets = ips';
+                targets = [ "10.24.1.4:6703" "10.24.1.9:6703" "10.24.1.16:6703" "10.24.1.225:6703" "10.24.1.196:6703" ];
               }
             ];
           }

From 883ed7fc12f7887652598d94cd0c53753ff4e920 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Fri, 20 Dec 2024 18:15:40 +0200
Subject: [PATCH 24/24] finish up monitoring branhc

---
 services/monitoring/prometheus.mod.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/services/monitoring/prometheus.mod.nix b/services/monitoring/prometheus.mod.nix
index b31459e..f862814 100644
--- a/services/monitoring/prometheus.mod.nix
+++ b/services/monitoring/prometheus.mod.nix
@@ -12,7 +12,7 @@
     }
   ];
   glucose.modules = [
-    ({
+    {
       services.prometheus = {
         enable = true;
         port = 6750;
@@ -23,12 +23,12 @@
             job_name = "devices";
             static_configs = [
               {
-                targets = [ "10.24.1.4:6703" "10.24.1.9:6703" "10.24.1.16:6703" "10.24.1.225:6703" "10.24.1.196:6703" ];
+                targets = ["10.24.1.4:6703" "10.24.1.9:6703" "10.24.1.16:6703" "10.24.1.225:6703" "10.24.1.196:6703"];
               }
             ];
           }
         ];
       };
-    })
+    }
   ];
 }