depot/cluster/services/monitoring/server.nix

102 lines
2.7 KiB
Nix
Raw Normal View History

2023-02-24 16:16:15 +02:00
{ cluster, config, depot, lib, tools, ... }:
2022-05-15 01:34:09 +03:00
let
inherit (tools.meta) domain;
2022-06-18 03:44:51 +03:00
inherit (config) links;
2022-05-15 01:34:09 +03:00
inherit (cluster.config.links) loki-ingest prometheus-ingest;
iniList = lib.concatStringsSep " ";
2022-05-15 01:34:09 +03:00
login = x: "https://login.${domain}/auth/realms/master/protocol/openid-connect/${x}";
in
{
age.secrets = {
grafana-db-credentials = {
file = ./secrets/grafana-db-credentials.age;
owner = "grafana";
};
grafana-secrets.file = ./secrets/grafana-secrets.age;
2022-05-15 01:34:09 +03:00
};
2022-06-18 03:44:51 +03:00
links = {
grafana.protocol = "http";
};
2022-05-15 01:34:09 +03:00
services.grafana = {
enable = true;
2023-02-24 16:16:15 +02:00
package = depot.packages.grafana;
2022-05-15 01:34:09 +03:00
dataDir = "/srv/storage/private/grafana";
settings = {
server = {
root_url = "https://monitoring.${domain}/";
http_port = links.grafana.port;
};
database = {
type = "postgres";
host = cluster.config.links.patroni-pg-access.tuple;
user = "grafana";
password = "$__file{${config.age.secrets.grafana-db-credentials.path}}";
};
analytics.reporting_enabled = false;
"auth.generic_oauth" = {
2022-05-15 01:34:09 +03:00
enabled = true;
allow_sign_up = true;
client_id = "net.privatevoid.monitoring1";
auth_url = login "auth";
token_url = login "token";
api_url = login "userinfo";
scopes = iniList [ "openid" "profile" "email" "roles" ];
2022-05-15 01:34:09 +03:00
role_attribute_strict = true;
role_attribute_path = "resource_access.monitoring.roles[0]";
};
security = {
cookie_secure = true;
disable_gravatar = true;
};
feature_toggles.enable = iniList [
"tempoSearch"
"tempoBackendSearch"
"tempoServiceGraph"
];
2022-05-15 01:34:09 +03:00
};
provision = {
enable = true;
datasources.settings.datasources = [
2022-05-15 01:34:09 +03:00
{
name = "Prometheus";
uid = "PBFA97CFB590B2093";
inherit (prometheus-ingest) url;
2022-05-15 01:34:09 +03:00
type = "prometheus";
isDefault = true;
}
2022-05-16 01:09:07 +03:00
{
name = "Loki";
uid = "P8E80F9AEF21F6940";
inherit (loki-ingest) url;
2022-05-16 01:09:07 +03:00
type = "loki";
}
2022-05-15 01:34:09 +03:00
];
};
};
systemd.services.grafana.serviceConfig = {
EnvironmentFile = config.age.secrets.grafana-secrets.path;
};
2022-06-18 03:44:51 +03:00
services.nginx.virtualHosts."monitoring.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy links.grafana.url) {
locations."/".proxyWebsockets = true;
};
2022-05-15 01:34:09 +03:00
services.prometheus = {
enable = true;
listenAddress = prometheus-ingest.ipv4;
inherit (prometheus-ingest) port;
extraFlags = [ "--enable-feature=remote-write-receiver" ];
2022-05-15 01:34:09 +03:00
globalConfig = {
scrape_interval = "60s";
};
scrapeConfigs = [ ];
2022-05-15 01:34:09 +03:00
};
2022-05-16 01:09:07 +03:00
2022-05-15 01:34:09 +03:00
}