privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

hosts/VEGAS: add monitoring service

Browse source
This commit is contained in:
Max Headroom 2022-05-15 00:34:09 +02:00
parent e3887d0573
commit 7c72acee59
4 changed files with 116 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

102
hosts/VEGAS/services/monitoring/default.nix Normal file
View file

@ -0,0 +1,102 @@
{ config, hosts, lib, tools, ... }:
let
inherit (tools.meta) domain;
inherit (config) ports portsStr;
toString' = v:
if v == true then "true" else
if v == false then "false" else
toString v;
mapPaths = lib.mapAttrsRecursive (
path: value: lib.nameValuePair
(lib.toUpper (lib.concatStringsSep "_" path))
(toString' value)
);
translateConfig = config: lib.listToAttrs (
lib.collect
(x: x ? name && x ? value)
(mapPaths config)
);
login = x: "https://login.${domain}/auth/realms/master/protocol/openid-connect/${x}";
filteredHosts = lib.filterAttrs (_: host: host ? hypr && host ? nixos) hosts;
in
{
age.secrets.grafana-secrets = {
file = ../../../../secrets/grafana-secrets.age;
};
reservePortsFor = [ "grafana" "prometheus" ];
services.grafana = {
enable = true;
port = ports.grafana;
rootUrl = "https://monitoring.${domain}/";
dataDir = "/srv/storage/private/grafana";
analytics.reporting.enable = false;
extraOptions = translateConfig {
auth.generic_oauth = {
enabled = true;
allow_sign_up = true;
client_id = "net.privatevoid.monitoring1";
auth_url = login "auth";
token_url = login "token";
api_url = login "userinfo";
scopes = [ "openid" "profile" "email" "roles" ];
role_attribute_strict = true;
role_attribute_path = "resource_access.monitoring.roles[0]";
};
security = {
cookie_secure = true;
disable_gravatar = true;
};
};
provision = {
enable = true;
datasources = [
{
name = "Prometheus";
url = "http://127.0.0.1:${portsStr.prometheus}";
type = "prometheus";
isDefault = true;
}
];
};
};
systemd.services.grafana.serviceConfig = {
EnvironmentFile = config.age.secrets.grafana-secrets.path;
};
services.nginx.virtualHosts."monitoring.${domain}" = tools.nginx.vhosts.proxy "http://127.0.0.1:${portsStr.grafana}";
services.prometheus = {
enable = true;
listenAddress = "127.0.0.1";
port = ports.prometheus;
globalConfig = {
scrape_interval = "60s";
};
scrapeConfigs = [
{
job_name = "node";
static_configs = lib.flip lib.mapAttrsToList filteredHosts (name: host: {
targets = [ "${host.hypr.addr}:9100" ];
labels.instance = name;
});
}
{
job_name = "jitsi";
static_configs = [
{
targets = [ "${hosts.prophet.hypr.addr}:9700" ];
labels.instance = "meet.${domain}";
}
];
}
];
};
}

1
hosts/VEGAS/system.nix
View file

@ -31,6 +31,7 @@
./services/mail
./services/matrix
./services/minecraft
./services/monitoring
./services/nix/binary-cache.nix
./services/nix/nar-serve.nix
./services/object-storage

12
secrets/grafana-secrets.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A 2qivuJRscNgO3c+hS8ZkTLdWGKsswTt8qmxM9Uhyixw
5JbWwwzRFK9uc/6BDgQyWo+6vinZ0E3jf3Bk8nao6Rk
-> ssh-ed25519 5/zT0w h4WIKhb3AU4FSLr0qLbhK0oLfk531cihqz0IVcXLbFU
weLZXuXV/A5II8ZP5hzCbhwN1IT0eAlBhKFHlCHaGks
-> ssh-ed25519 d3WGuA jejKXO17+U/JEdNZQW/0XfUOo3IxH3Di+5gUUCN4zAQ
5mwkp9+UzTiOWjE+X70egHPU13Iy4xoZS4t/vpO9cE4
-> C%-grease 6,+fR
0CJQ4acXn9gqgkyG9B6DG8+VotwqXw
--- TFou/6wFh0Fcs5KNETBdIKgVxN1EpLufRLADO6vEWyI
ôçNGDK™©¦¥²“™<E2809C>©§°@o¯nËBÄŠ¨/—Z³§CÜÇœsÅî3µ÷'·jzb§v¸ÓŨõÊ µZZžS<C5BE>"-p´<70>E-®¯<çÖ-¤UU)Y½½
y¾éØW¨iSN ‰

1
secrets/secrets.nix
View file

@ -14,6 +14,7 @@ in with hosts;
"gitlab-secret-jws.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-secret-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"hci-cache-config.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"hci-cache-credentials-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"hci-cache-credentials-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];