Prometheus (#14)

2025-10-06 00:58:39 +00:00 · 2023-07-21 23:14:12 +01:00
parent 8218d37a15
commit 65446c5a25
11 changed files with 146 additions and 14 deletions
--- a/PulumiWebServer/Nix/configuration.nix
+++ b/PulumiWebServer/Nix/configuration.nix
@@ -5,12 +5,14 @@
 in {
  imports = [
    ./sops.nix
-    ./radicale-config.nix
-    ./gitea-config.nix
-    ./miniflux.nix
+    ./radicale/radicale-config.nix
+    ./gitea/gitea-config.nix
+    ./miniflux/miniflux.nix
    ./userconfig.nix
-    ./nginx-config.nix
-    ./woodpecker.nix
+    ./nginx/nginx-config.nix
+    ./woodpecker/woodpecker.nix
+    ./prometheus/prometheus.nix
+    ./grafana/grafana.nix
    # generated at runtime by nixos-infect and copied here
    ./hardware-configuration.nix
    ./networking.nix
@@ -30,6 +32,7 @@ in {
  services.miniflux-config.subdomain = "rss";
  services.miniflux-config.domain = userConfig.domain;
  services.woodpecker-config.domain = userConfig.domain;
+  services.grafana-config.domain = userConfig.domain;

  system.stateVersion = "23.05";

--- a/PulumiWebServer/Nix/gitea/gitea-config.nix
+++ b/PulumiWebServer/Nix/gitea/gitea-config.nix
@@ -92,7 +92,7 @@
      description = "gitea-add-user";
      wantedBy = ["multi-user.target"];
      path = [pkgs.gitea];
-      script = builtins.readFile ./gitea/add-user.sh;
+      script = builtins.readFile ./add-user.sh;
      serviceConfig = {
        Restart = "no";
        Type = "oneshot";
--- a/PulumiWebServer/Nix/grafana/grafana.nix
+++ b/PulumiWebServer/Nix/grafana/grafana.nix
@@ -0,0 +1,75 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  options = {
+    services.grafana-config = {
+      domain = lib.mkOption {
+        type = lib.types.str;
+        example = "example.com";
+        description = lib.mdDoc "Top-level domain to configure";
+      };
+      subdomain = lib.mkOption {
+        type = lib.types.str;
+        default = "grafana";
+        description = lib.mdDoc "Subdomain in which to put Grafana";
+      };
+      port = lib.mkOption {
+        type = lib.types.port;
+        description = lib.mdDoc "Grafana localhost port";
+        default = 2342;
+      };
+    };
+  };
+
+  config = {
+    services.nginx.virtualHosts."${config.services.grafana-config.subdomain}.${config.services.grafana-config.domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString config.services.grafana-config.port}/";
+        proxyWebsockets = true;
+      };
+    };
+
+    services.grafana = {
+      enable = true;
+      settings = {
+        server = {
+          domain = "${config.services.grafana-config.subdomain}.${config.services.grafana-config.domain}";
+          http_port = config.services.grafana-config.port;
+          http_addr = "127.0.0.1";
+          root_url = "https://${config.services.grafana-config.subdomain}.${config.services.grafana-config.domain}";
+        };
+        security = {
+          disable_initial_admin_creation = false;
+          admin_user = "admin";
+          admin_password = "\$__file{/run/secrets/grafana_admin_password}";
+          secret_key = "\$__file{/run/secrets/grafana_secret_key}";
+          disable_gravatar = true;
+          cookie_secure = true;
+        };
+        users = {
+          allow_sign_up = false;
+        };
+      };
+      provision = {
+        enable = true;
+        datasources = {
+          settings = {
+            datasources = [
+              {
+                name = "prometheus ${config.services.grafana-config.domain}";
+                type = "prometheus";
+                url = "http://127.0.0.1:${toString config.services.prometheus-config.port}";
+                access = "proxy";
+              }
+            ];
+          };
+        };
+      };
+    };
+  };
+}
--- a/PulumiWebServer/Nix/miniflux/miniflux.nix
+++ b/PulumiWebServer/Nix/miniflux/miniflux.nix
--- a/PulumiWebServer/Nix/nginx/nginx-config.nix
+++ b/PulumiWebServer/Nix/nginx/nginx-config.nix
@@ -53,6 +53,7 @@
      recommendedTlsSettings = true;
      recommendedOptimisation = true;
      recommendedGzipSettings = true;
+      recommendedProxySettings = true;

      virtualHosts."${config.services.nginx-config.domain}" = {
        globalRedirect = "${config.services.nginx-config.webrootSubdomain}.${config.services.nginx-config.domain}";
--- a/PulumiWebServer/Nix/prometheus/prometheus.nix
+++ b/PulumiWebServer/Nix/prometheus/prometheus.nix
@@ -0,0 +1,46 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  options = {
+    services.prometheus-config = {
+      port = lib.mkOption {
+        type = lib.types.port;
+        description = lib.mdDoc "Prometheus localhost port";
+        default = 9002;
+      };
+      node-exporter-port = lib.mkOption {
+        type = lib.types.port;
+        description = lib.mdDoc "Localhost port for node exporter";
+        default = 9003;
+      };
+    };
+  };
+
+  config = {
+    services.prometheus = {
+      enable = true;
+      port = config.services.prometheus-config.port;
+      exporters = {
+        node = {
+          enable = true;
+          enabledCollectors = ["systemd"];
+          port = config.services.prometheus-config.node-exporter-port;
+        };
+      };
+
+      scrapeConfigs = [
+        {
+          job_name = "node";
+          static_configs = [
+            {
+              targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"];
+            }
+          ];
+        }
+      ];
+    };
+  };
+}
--- a/PulumiWebServer/Nix/radicale/radicale-config.nix
+++ b/PulumiWebServer/Nix/radicale/radicale-config.nix
@@ -46,7 +46,7 @@
          if config.services.radicale-config.enableGit
          then {
            filesystem_folder = filesystem_folder;
-            hook = "GIT=${pkgs.git}/bin/git GITIGNORE=${./radicale/.gitignore} /bin/sh ${./radicale/githook.sh}";
+            hook = "GIT=${pkgs.git}/bin/git GITIGNORE=${./.gitignore} /bin/sh ${./githook.sh}";
          }
          else {};
      };
--- a/PulumiWebServer/Nix/sops.nix
+++ b/PulumiWebServer/Nix/sops.nix
@@ -16,5 +16,7 @@
    "radicale_password" = {owner = "radicale";};
    "radicale_git_email" = {owner = "radicale";};
    "miniflux_admin_password" = {owner = "miniflux";};
+    "grafana_admin_password" = {owner = "grafana";};
+    "grafana_secret_key" = {owner = "grafana";};
  };
 }
--- a/PulumiWebServer/Nix/woodpecker/woodpecker.nix
+++ b/PulumiWebServer/Nix/woodpecker/woodpecker.nix
@@ -33,7 +33,7 @@

  config.environment.etc = {
    "woodpecker.yaml" = {
-      text = builtins.replaceStrings ["%%WOODPECKER_PORT%%" "%%WOODPECKER_SUBDOMAIN%%" "%%WOODPECKER_DOMAIN%%" "%%GITEA_SUBDOMAIN%%"] [(toString config.services.woodpecker-config.port) config.services.woodpecker-config.subdomain config.services.woodpecker-config.domain config.services.gitea-config.subdomain] (builtins.readFile ./woodpecker/compose.yaml);
+      text = builtins.replaceStrings ["%%WOODPECKER_PORT%%" "%%WOODPECKER_SUBDOMAIN%%" "%%WOODPECKER_DOMAIN%%" "%%GITEA_SUBDOMAIN%%"] [(toString config.services.woodpecker-config.port) config.services.woodpecker-config.subdomain config.services.woodpecker-config.domain config.services.gitea-config.subdomain] (builtins.readFile ./compose.yaml);
      mode = "0440";
      user = "woodpecker";
    };
@@ -43,7 +43,7 @@
    description = "start-woodpecker";
    wantedBy = ["multi-user.target"];
    path = [pkgs.docker];
-    script = builtins.readFile ./woodpecker/start.sh;
+    script = builtins.readFile ./start.sh;
    serviceConfig = {
      Restart = "on-failure";
      Type = "exec";