191 lines
5 KiB
Nix
191 lines
5 KiB
Nix
{ cluster, config, hosts, inputs, lib, pkgs, tools, ... }:
|
|
let
|
|
inherit (tools.meta) domain;
|
|
|
|
inherit (config) links;
|
|
|
|
inherit (cluster.config.links) loki-ingest;
|
|
|
|
cfg = { inherit (config.services) loki; };
|
|
|
|
toString' = v:
|
|
if v == true then "true" else
|
|
if v == false then "false" else
|
|
toString v;
|
|
|
|
mapPaths = lib.mapAttrsRecursive (
|
|
path: value: lib.nameValuePair
|
|
(lib.toUpper (lib.concatStringsSep "_" path))
|
|
(toString' value)
|
|
);
|
|
|
|
translateConfig = config: lib.listToAttrs (
|
|
lib.collect
|
|
(x: x ? name && x ? value)
|
|
(mapPaths config)
|
|
);
|
|
|
|
login = x: "https://login.${domain}/auth/realms/master/protocol/openid-connect/${x}";
|
|
in
|
|
{
|
|
imports = [
|
|
./tracing.nix
|
|
];
|
|
age.secrets.grafana-secrets = {
|
|
file = ../../../../secrets/grafana-secrets.age;
|
|
};
|
|
|
|
links = {
|
|
grafana.protocol = "http";
|
|
prometheus.protocol = "http";
|
|
loki-grpc = {
|
|
protocol = "grpc";
|
|
};
|
|
};
|
|
services.grafana = {
|
|
enable = true;
|
|
package = inputs.self.packages.${pkgs.system}.grafana;
|
|
inherit (links.grafana) port;
|
|
rootUrl = "https://monitoring.${domain}/";
|
|
dataDir = "/srv/storage/private/grafana";
|
|
analytics.reporting.enable = false;
|
|
extraOptions = translateConfig {
|
|
auth.generic_oauth = {
|
|
enabled = true;
|
|
allow_sign_up = true;
|
|
client_id = "net.privatevoid.monitoring1";
|
|
auth_url = login "auth";
|
|
token_url = login "token";
|
|
api_url = login "userinfo";
|
|
scopes = [ "openid" "profile" "email" "roles" ];
|
|
role_attribute_strict = true;
|
|
role_attribute_path = "resource_access.monitoring.roles[0]";
|
|
};
|
|
security = {
|
|
cookie_secure = true;
|
|
disable_gravatar = true;
|
|
};
|
|
feature_toggles.enable = [
|
|
"tempoSearch"
|
|
"tempoBackendSearch"
|
|
"tempoServiceGraph"
|
|
];
|
|
};
|
|
provision = {
|
|
enable = true;
|
|
datasources = [
|
|
{
|
|
name = "Prometheus";
|
|
# wait for https://github.com/NixOS/nixpkgs/pull/175330
|
|
# uid = "PBFA97CFB590B2093";
|
|
inherit (links.prometheus) url;
|
|
type = "prometheus";
|
|
isDefault = true;
|
|
}
|
|
{
|
|
name = "Loki";
|
|
# uid = "P8E80F9AEF21F6940";
|
|
inherit (loki-ingest) url;
|
|
type = "loki";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
systemd.services.grafana.serviceConfig = {
|
|
EnvironmentFile = config.age.secrets.grafana-secrets.path;
|
|
};
|
|
|
|
services.nginx.virtualHosts."monitoring.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy links.grafana.url) {
|
|
locations."/".proxyWebsockets = true;
|
|
};
|
|
|
|
services.prometheus = {
|
|
enable = true;
|
|
listenAddress = links.prometheus.ipv4;
|
|
inherit (links.prometheus) port;
|
|
extraFlags = [ "--enable-feature=remote-write-receiver" ];
|
|
globalConfig = {
|
|
scrape_interval = "60s";
|
|
};
|
|
scrapeConfigs = [
|
|
{
|
|
job_name = "node";
|
|
static_configs = lib.flip lib.mapAttrsToList cluster.config.vars.mesh (name: host: {
|
|
targets = [ "${host.meshIp}:9100" ];
|
|
labels.instance = name;
|
|
});
|
|
}
|
|
{
|
|
job_name = "jitsi";
|
|
static_configs = [
|
|
{
|
|
targets = [ "${cluster.config.vars.mesh.prophet.meshIp}:9700" ];
|
|
labels.instance = "meet.${domain}";
|
|
}
|
|
];
|
|
}
|
|
{
|
|
job_name = "ipfs";
|
|
scheme = "https";
|
|
metrics_path = "/debug/metrics/prometheus";
|
|
static_configs = [
|
|
{
|
|
targets = [ "ipfs.admin.${domain}" ];
|
|
labels.instance = "VEGAS";
|
|
}
|
|
];
|
|
}
|
|
];
|
|
};
|
|
|
|
systemd.services.loki.after = [ "wireguard-wgmesh.service" ];
|
|
services.loki = {
|
|
enable = true;
|
|
dataDir = "/srv/storage/private/loki";
|
|
configuration = {
|
|
auth_enabled = false;
|
|
server = {
|
|
log_level = "warn";
|
|
http_listen_address = loki-ingest.ipv4;
|
|
http_listen_port = loki-ingest.port;
|
|
grpc_listen_address = links.loki-grpc.ipv4;
|
|
grpc_listen_port = links.loki-grpc.port;
|
|
};
|
|
frontend_worker.frontend_address = links.loki-grpc.tuple;
|
|
ingester = {
|
|
lifecycler = {
|
|
address = "127.0.0.1";
|
|
ring = {
|
|
kvstore.store = "inmemory";
|
|
replication_factor = 1;
|
|
};
|
|
final_sleep = "0s";
|
|
};
|
|
chunk_idle_period = "5m";
|
|
chunk_retain_period = "30s";
|
|
};
|
|
schema_config.configs = [
|
|
{
|
|
from = "2022-05-14";
|
|
store = "boltdb";
|
|
object_store = "filesystem";
|
|
schema = "v11";
|
|
index = {
|
|
prefix = "index_";
|
|
period = "168h";
|
|
};
|
|
}
|
|
];
|
|
storage_config = {
|
|
boltdb.directory = "${cfg.loki.dataDir}/boltdb-index";
|
|
filesystem.directory = "${cfg.loki.dataDir}/storage-chunks";
|
|
};
|
|
limits_config = {
|
|
enforce_metric_name = false;
|
|
reject_old_samples = true;
|
|
reject_old_samples_max_age = "168h";
|
|
};
|
|
};
|
|
};
|
|
}
|