From 228d0d334b9ba9af82b6e8f90917d7820591a08d Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Sat, 19 Aug 2023 01:27:34 +0200
Subject: [PATCH] add default database to grafana

---
 hosts/web-01.cloonar.com/modules/grafana.nix | 10 ++++++++++
 hosts/web-01.cloonar.com/modules/loki.nix    |  3 ---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/hosts/web-01.cloonar.com/modules/grafana.nix b/hosts/web-01.cloonar.com/modules/grafana.nix
index a06defc..4f711d7 100644
--- a/hosts/web-01.cloonar.com/modules/grafana.nix
+++ b/hosts/web-01.cloonar.com/modules/grafana.nix
@@ -69,6 +69,16 @@ in
     locations."/".extraConfig = "proxy_pass http://localhost:3001;";
   };
 
+  services.postgresql.ensureUsers = [
+    {
+      name = "grafana";
+      ensurePermissions = {
+        "DATABASE \"grafana\"" = "ALL PRIVILEGES";
+        "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
+      };
+    }
+  ];
+  services.postgresql.ensureDatabases = [ "grafana" ];
   services.postgresqlBackup.databases = [ "grafana" ];
 
   sops.secrets = {
diff --git a/hosts/web-01.cloonar.com/modules/loki.nix b/hosts/web-01.cloonar.com/modules/loki.nix
index 4d7fa08..d248f61 100644
--- a/hosts/web-01.cloonar.com/modules/loki.nix
+++ b/hosts/web-01.cloonar.com/modules/loki.nix
@@ -100,7 +100,6 @@ in
 
   sops.secrets.promtail-nginx-password.owner = "nginx";
 
-  security.acme.certs."loki.r".server = config.retiolum.ca.acmeURL;
   services.nginx.virtualHosts."loki.cloonar.com" = {
     forceSSL = true;
     enableACME = true;
@@ -128,6 +127,4 @@ in
       '';
     };
   };
-
-  networking.firewall.interfaces."tinc.retiolum".allowedTCPPorts = [ 80 ];
 }