6 files changed, 87 insertions, 0 deletions

diff --git a/modules/certbot/manifests/init.pp b/modules/certbot/manifests/init.pp
index a62161f..b2059a4 100644
--- a/modules/certbot/manifests/init.pp
+++ b/modules/certbot/manifests/init.pp
@@ -17,6 +17,7 @@ class certbot($config_dir=undef) {
     "metabase.tozt.net",
     "bitwarden.tozt.net",
     "prometheus.tozt.net",
+    "grafana.tozt.net",
   ]
 
   package {
diff --git a/modules/grafana/manifests/init.pp b/modules/grafana/manifests/init.pp
new file mode 100644
index 0000000..3ea2543
--- /dev/null
+++ b/modules/grafana/manifests/init.pp
@@ -0,0 +1,14 @@
+class grafana {
+  package { "grafana":
+    ensure => installed;
+  }
+
+  service { "grafana":
+    ensure => running,
+    enabled => true,
+    subscribe => [
+      Package["grafana"],
+      File["/etc/grafana.ini"],
+    ];
+  }
+}
diff --git a/modules/tozt/files/grafana.ini b/modules/tozt/files/grafana.ini
new file mode 100644
index 0000000..0c13f1c
--- /dev/null
+++ b/modules/tozt/files/grafana.ini
@@ -0,0 +1,13 @@
+[server]
+http_port = 3001
+domain = grafana.tozt.net
+root_url = https://grafana.tozt.net/
+
+[database]
+type = postgres
+host = 127.0.0.1:5432
+name = grafana
+user = grafana
+
+[users]
+allow_sign_up = false
diff --git a/modules/tozt/files/nginx/grafana-tls.conf b/modules/tozt/files/nginx/grafana-tls.conf
new file mode 100644
index 0000000..5fc5de4
--- /dev/null
+++ b/modules/tozt/files/nginx/grafana-tls.conf
@@ -0,0 +1,14 @@
+server {
+    listen       443 ssl;
+    server_name  grafana.tozt.net;
+
+    access_log  /var/log/nginx/grafana.access.log;
+    error_log   /var/log/nginx/grafana.error.log;
+
+    include ssl;
+
+    location / {
+        proxy_pass http://127.0.0.1:3001/;
+    }
+}
+# vim:ft=nginx
diff --git a/modules/tozt/files/nginx/grafana.conf b/modules/tozt/files/nginx/grafana.conf
new file mode 100644
index 0000000..3d5aca8
--- /dev/null
+++ b/modules/tozt/files/nginx/grafana.conf
@@ -0,0 +1,10 @@
+server {
+    listen       80;
+    server_name  grafana.tozt.net;
+
+    access_log   /var/log/nginx/grafana.access.log;
+    error_log    /var/log/nginx/grafana.error.log;
+
+    rewrite      ^(.*) https://$host$1 permanent;
+}
+# vim:ft=nginx
diff --git a/modules/tozt/manifests/prometheus.pp b/modules/tozt/manifests/prometheus.pp
index 444ac67..8120cdc 100644
--- a/modules/tozt/manifests/prometheus.pp
+++ b/modules/tozt/manifests/prometheus.pp
@@ -1,5 +1,7 @@
 class tozt::prometheus {
+  include postgres;
   include prometheus
+  include grafana
 
   file { "/media/persistent/prometheus":
     ensure => directory,
@@ -15,11 +17,44 @@ class tozt::prometheus {
     source => 'puppet:///modules/tozt/prometheus-override.conf';
   }
 
+  file { "/etc/grafana.ini":
+    source => "puppet:///modules/tozt/grafana.ini",
+    require => Package["grafana"];
+  }
+
+  exec { "create grafana db user":
+    provider => shell,
+    command => "createuser -d grafana",
+    user => 'postgres',
+    unless => "psql -Atc 'select usename from pg_catalog.pg_user' | grep -F grafana",
+    require => [
+      Package["postgresql"],
+      Service["postgresql"],
+    ];
+  }
+
+  exec { "create grafana db":
+    provider => shell,
+    command => "createdb -U grafana grafana",
+    user => 'postgres',
+    unless => "psql -Atc 'select datname from pg_catalog.pg_database' | grep -F grafana",
+    require => [
+      Exec["create grafana db user"],
+      Package["postgresql"],
+      Service["postgresql"],
+    ];
+  }
+
   nginx::site {
     "prometheus-tls":
       source => 'puppet:///modules/tozt/nginx/prometheus-tls.conf',
       require => Class['certbot'];
     "prometheus":
       source => 'puppet:///modules/tozt/nginx/prometheus.conf';
+    "grafana-tls":
+      source => 'puppet:///modules/tozt/nginx/grafana-tls.conf',
+      require => Class['certbot'];
+    "grafana":
+      source => 'puppet:///modules/tozt/nginx/grafana.conf';
   }
 }