From 65446c5a25ba11f2f2fca06aec29f9c84b00780a Mon Sep 17 00:00:00 2001 From: Patrick Stevens Date: Fri, 21 Jul 2023 23:14:12 +0100 Subject: [PATCH] Prometheus (#14) --- PulumiWebServer/Domain.fs | 3 + PulumiWebServer/Nix/configuration.nix | 13 ++-- .../Nix/{ => gitea}/gitea-config.nix | 2 +- PulumiWebServer/Nix/grafana/grafana.nix | 75 +++++++++++++++++++ .../Nix/{ => miniflux}/miniflux.nix | 0 .../Nix/{ => nginx}/nginx-config.nix | 1 + PulumiWebServer/Nix/prometheus/prometheus.nix | 46 ++++++++++++ .../Nix/{ => radicale}/radicale-config.nix | 2 +- PulumiWebServer/Nix/sops.nix | 2 + .../Nix/{ => woodpecker}/woodpecker.nix | 4 +- PulumiWebServer/PulumiWebServer.fsproj | 12 +-- 11 files changed, 146 insertions(+), 14 deletions(-) rename PulumiWebServer/Nix/{ => gitea}/gitea-config.nix (98%) create mode 100644 PulumiWebServer/Nix/grafana/grafana.nix rename PulumiWebServer/Nix/{ => miniflux}/miniflux.nix (100%) rename PulumiWebServer/Nix/{ => nginx}/nginx-config.nix (98%) create mode 100644 PulumiWebServer/Nix/prometheus/prometheus.nix rename PulumiWebServer/Nix/{ => radicale}/radicale-config.nix (94%) rename PulumiWebServer/Nix/{ => woodpecker}/woodpecker.nix (95%) diff --git a/PulumiWebServer/Domain.fs b/PulumiWebServer/Domain.fs index 0b557db..06e3a55 100644 --- a/PulumiWebServer/Domain.fs +++ b/PulumiWebServer/Domain.fs @@ -99,6 +99,7 @@ type WellKnownSubdomain = | Radicale | Rss | Woodpecker + | Grafana override this.ToString () = match this with @@ -106,6 +107,7 @@ type WellKnownSubdomain = | Gitea -> "gitea" | Radicale -> "calendar" | Rss -> "rss" + | Grafana -> "grafana" | Woodpecker -> "woodpecker" static member Parse (s : string) = @@ -115,6 +117,7 @@ type WellKnownSubdomain = | "calendar" -> WellKnownSubdomain.Radicale | "rss" -> WellKnownSubdomain.Rss | "woodpecker" -> WellKnownSubdomain.Woodpecker + | "grafana" -> WellKnownSubdomain.Grafana | _ -> failwith $"Failed to deserialise: {s}" diff --git a/PulumiWebServer/Nix/configuration.nix b/PulumiWebServer/Nix/configuration.nix index 43508e6..03410ef 100644 --- a/PulumiWebServer/Nix/configuration.nix +++ b/PulumiWebServer/Nix/configuration.nix @@ -5,12 +5,14 @@ in { imports = [ ./sops.nix - ./radicale-config.nix - ./gitea-config.nix - ./miniflux.nix + ./radicale/radicale-config.nix + ./gitea/gitea-config.nix + ./miniflux/miniflux.nix ./userconfig.nix - ./nginx-config.nix - ./woodpecker.nix + ./nginx/nginx-config.nix + ./woodpecker/woodpecker.nix + ./prometheus/prometheus.nix + ./grafana/grafana.nix # generated at runtime by nixos-infect and copied here ./hardware-configuration.nix ./networking.nix @@ -30,6 +32,7 @@ in { services.miniflux-config.subdomain = "rss"; services.miniflux-config.domain = userConfig.domain; services.woodpecker-config.domain = userConfig.domain; + services.grafana-config.domain = userConfig.domain; system.stateVersion = "23.05"; diff --git a/PulumiWebServer/Nix/gitea-config.nix b/PulumiWebServer/Nix/gitea/gitea-config.nix similarity index 98% rename from PulumiWebServer/Nix/gitea-config.nix rename to PulumiWebServer/Nix/gitea/gitea-config.nix index 230c3d3..cd85de1 100644 --- a/PulumiWebServer/Nix/gitea-config.nix +++ b/PulumiWebServer/Nix/gitea/gitea-config.nix @@ -92,7 +92,7 @@ description = "gitea-add-user"; wantedBy = ["multi-user.target"]; path = [pkgs.gitea]; - script = builtins.readFile ./gitea/add-user.sh; + script = builtins.readFile ./add-user.sh; serviceConfig = { Restart = "no"; Type = "oneshot"; diff --git a/PulumiWebServer/Nix/grafana/grafana.nix b/PulumiWebServer/Nix/grafana/grafana.nix new file mode 100644 index 0000000..93900e3 --- /dev/null +++ b/PulumiWebServer/Nix/grafana/grafana.nix @@ -0,0 +1,75 @@ +{ + config, + pkgs, + lib, + ... +}: { + options = { + services.grafana-config = { + domain = lib.mkOption { + type = lib.types.str; + example = "example.com"; + description = lib.mdDoc "Top-level domain to configure"; + }; + subdomain = lib.mkOption { + type = lib.types.str; + default = "grafana"; + description = lib.mdDoc "Subdomain in which to put Grafana"; + }; + port = lib.mkOption { + type = lib.types.port; + description = lib.mdDoc "Grafana localhost port"; + default = 2342; + }; + }; + }; + + config = { + services.nginx.virtualHosts."${config.services.grafana-config.subdomain}.${config.services.grafana-config.domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.grafana-config.port}/"; + proxyWebsockets = true; + }; + }; + + services.grafana = { + enable = true; + settings = { + server = { + domain = "${config.services.grafana-config.subdomain}.${config.services.grafana-config.domain}"; + http_port = config.services.grafana-config.port; + http_addr = "127.0.0.1"; + root_url = "https://${config.services.grafana-config.subdomain}.${config.services.grafana-config.domain}"; + }; + security = { + disable_initial_admin_creation = false; + admin_user = "admin"; + admin_password = "\$__file{/run/secrets/grafana_admin_password}"; + secret_key = "\$__file{/run/secrets/grafana_secret_key}"; + disable_gravatar = true; + cookie_secure = true; + }; + users = { + allow_sign_up = false; + }; + }; + provision = { + enable = true; + datasources = { + settings = { + datasources = [ + { + name = "prometheus ${config.services.grafana-config.domain}"; + type = "prometheus"; + url = "http://127.0.0.1:${toString config.services.prometheus-config.port}"; + access = "proxy"; + } + ]; + }; + }; + }; + }; + }; +} diff --git a/PulumiWebServer/Nix/miniflux.nix b/PulumiWebServer/Nix/miniflux/miniflux.nix similarity index 100% rename from PulumiWebServer/Nix/miniflux.nix rename to PulumiWebServer/Nix/miniflux/miniflux.nix diff --git a/PulumiWebServer/Nix/nginx-config.nix b/PulumiWebServer/Nix/nginx/nginx-config.nix similarity index 98% rename from PulumiWebServer/Nix/nginx-config.nix rename to PulumiWebServer/Nix/nginx/nginx-config.nix index 79d2fb4..b79a3c7 100644 --- a/PulumiWebServer/Nix/nginx-config.nix +++ b/PulumiWebServer/Nix/nginx/nginx-config.nix @@ -53,6 +53,7 @@ recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; + recommendedProxySettings = true; virtualHosts."${config.services.nginx-config.domain}" = { globalRedirect = "${config.services.nginx-config.webrootSubdomain}.${config.services.nginx-config.domain}"; diff --git a/PulumiWebServer/Nix/prometheus/prometheus.nix b/PulumiWebServer/Nix/prometheus/prometheus.nix new file mode 100644 index 0000000..c681d6b --- /dev/null +++ b/PulumiWebServer/Nix/prometheus/prometheus.nix @@ -0,0 +1,46 @@ +{ + config, + pkgs, + lib, + ... +}: { + options = { + services.prometheus-config = { + port = lib.mkOption { + type = lib.types.port; + description = lib.mdDoc "Prometheus localhost port"; + default = 9002; + }; + node-exporter-port = lib.mkOption { + type = lib.types.port; + description = lib.mdDoc "Localhost port for node exporter"; + default = 9003; + }; + }; + }; + + config = { + services.prometheus = { + enable = true; + port = config.services.prometheus-config.port; + exporters = { + node = { + enable = true; + enabledCollectors = ["systemd"]; + port = config.services.prometheus-config.node-exporter-port; + }; + }; + + scrapeConfigs = [ + { + job_name = "node"; + static_configs = [ + { + targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; + } + ]; + } + ]; + }; + }; +} diff --git a/PulumiWebServer/Nix/radicale-config.nix b/PulumiWebServer/Nix/radicale/radicale-config.nix similarity index 94% rename from PulumiWebServer/Nix/radicale-config.nix rename to PulumiWebServer/Nix/radicale/radicale-config.nix index 7dbc528..f4b0976 100644 --- a/PulumiWebServer/Nix/radicale-config.nix +++ b/PulumiWebServer/Nix/radicale/radicale-config.nix @@ -46,7 +46,7 @@ if config.services.radicale-config.enableGit then { filesystem_folder = filesystem_folder; - hook = "GIT=${pkgs.git}/bin/git GITIGNORE=${./radicale/.gitignore} /bin/sh ${./radicale/githook.sh}"; + hook = "GIT=${pkgs.git}/bin/git GITIGNORE=${./.gitignore} /bin/sh ${./githook.sh}"; } else {}; }; diff --git a/PulumiWebServer/Nix/sops.nix b/PulumiWebServer/Nix/sops.nix index 620a164..caadea2 100644 --- a/PulumiWebServer/Nix/sops.nix +++ b/PulumiWebServer/Nix/sops.nix @@ -16,5 +16,7 @@ "radicale_password" = {owner = "radicale";}; "radicale_git_email" = {owner = "radicale";}; "miniflux_admin_password" = {owner = "miniflux";}; + "grafana_admin_password" = {owner = "grafana";}; + "grafana_secret_key" = {owner = "grafana";}; }; } diff --git a/PulumiWebServer/Nix/woodpecker.nix b/PulumiWebServer/Nix/woodpecker/woodpecker.nix similarity index 95% rename from PulumiWebServer/Nix/woodpecker.nix rename to PulumiWebServer/Nix/woodpecker/woodpecker.nix index 4c61c5b..1a780d7 100644 --- a/PulumiWebServer/Nix/woodpecker.nix +++ b/PulumiWebServer/Nix/woodpecker/woodpecker.nix @@ -33,7 +33,7 @@ config.environment.etc = { "woodpecker.yaml" = { - text = builtins.replaceStrings ["%%WOODPECKER_PORT%%" "%%WOODPECKER_SUBDOMAIN%%" "%%WOODPECKER_DOMAIN%%" "%%GITEA_SUBDOMAIN%%"] [(toString config.services.woodpecker-config.port) config.services.woodpecker-config.subdomain config.services.woodpecker-config.domain config.services.gitea-config.subdomain] (builtins.readFile ./woodpecker/compose.yaml); + text = builtins.replaceStrings ["%%WOODPECKER_PORT%%" "%%WOODPECKER_SUBDOMAIN%%" "%%WOODPECKER_DOMAIN%%" "%%GITEA_SUBDOMAIN%%"] [(toString config.services.woodpecker-config.port) config.services.woodpecker-config.subdomain config.services.woodpecker-config.domain config.services.gitea-config.subdomain] (builtins.readFile ./compose.yaml); mode = "0440"; user = "woodpecker"; }; @@ -43,7 +43,7 @@ description = "start-woodpecker"; wantedBy = ["multi-user.target"]; path = [pkgs.docker]; - script = builtins.readFile ./woodpecker/start.sh; + script = builtins.readFile ./start.sh; serviceConfig = { Restart = "on-failure"; Type = "exec"; diff --git a/PulumiWebServer/PulumiWebServer.fsproj b/PulumiWebServer/PulumiWebServer.fsproj index a1c5632..f4865cc 100644 --- a/PulumiWebServer/PulumiWebServer.fsproj +++ b/PulumiWebServer/PulumiWebServer.fsproj @@ -29,10 +29,7 @@ - - - @@ -41,13 +38,18 @@ + + - - + + + + + PreserveNewest