swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 17:17:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add provision in grafana

Browse source
This commit is contained in:
Swarsel 2024-10-18 23:05:52 +02:00
parent a9354c3959
commit 3e74316245
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
5 changed files with 205 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

111
SwarselSystems.org
View file

@ -5540,6 +5540,7 @@ Also, the system state version is set here. No need to touch it.
services.nginx = { services.nginx = {
enable = true; enable = true;
statusPage = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
@ -6173,7 +6174,11 @@ Also, the system state version is set here. No need to touch it.
{ {
config = lib.mkIf config.swarselsystems.server.nextcloud { config = lib.mkIf config.swarselsystems.server.nextcloud {
sops.secrets.nextcloudadminpass = { owner = "nextcloud"; }; sops.secrets.nextcloudadminpass = {
owner = "nextcloud";
group = "nextcloud";
mode = "0440";
};
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
@ -6577,7 +6582,15 @@ Also, the system state version is set here. No need to touch it.
grafanaadminpass = { grafanaadminpass = {
owner = "grafana"; owner = "grafana";
}; };
prometheusadminpass = {
owner = "grafana";
};
}; };
users.users.nextcloud-exporter = {
extraGroups = [ "nextcloud" ];
};
users.users.grafana = { users.users.grafana = {
extraGroups = [ "users" ]; extraGroups = [ "users" ];
}; };
@ -6585,12 +6598,41 @@ Also, the system state version is set here. No need to touch it.
services.grafana = { services.grafana = {
enable = true; enable = true;
dataDir = "/Vault/data/grafana"; dataDir = "/Vault/data/grafana";
provision = {
enable = true;
datasources.settings = {
datasources = [
{
name = "prometheus";
type = "prometheus";
url = "https://status.swarsel.win/prometheus";
editable = false;
access = "proxy";
basicAuth = true;
basicAuthUser = "admin";
jsonData = {
httpMethod = "POST";
manageAlerts = true;
prometheusType = "Prometheus";
prometheusVersion = "> 2.50.x";
cacheLevel = "High";
disableRecordingRules = false;
incrementalQueryOverlapWindow = "10m";
};
secureJsonData = {
basicAuthPassword = "$__file{/run/secrets/prometheusadminpass}";
};
}
];
};
};
settings = { settings = {
security.admin_password = "$__file{/run/secrets/grafanaadminpass}"; security.admin_password = "$__file{/run/secrets/grafanaadminpass}";
server = { server = {
http_port = 3000; http_port = 3000;
http_addr = "127.0.0.1"; http_addr = "127.0.0.1";
protocol = "https"; protocol = "http";
domain = "status.swarsel.win"; domain = "status.swarsel.win";
}; };
}; };
@ -6601,8 +6643,43 @@ Also, the system state version is set here. No need to touch it.
webExternalUrl = "https://status.swarsel.win/prometheus"; webExternalUrl = "https://status.swarsel.win/prometheus";
port = 9090; port = 9090;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
webConfigFile = /../../programs/server/prometheus/web.config; globalConfig = {
scrape_interval = "10s";
};
webConfigFile = ../../../programs/server/prometheus/web.config;
scrapeConfigs = [
{
job_name = "node";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
}];
}
{
job_name = "zfs";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.zfs.port}" ];
}];
}
{
job_name = "nginx";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ];
}];
}
{
job_name = "nextcloud";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.nextcloud.port}" ];
}];
}
];
exporters = { exporters = {
node = {
enable = true;
port = 9000;
enabledCollectors = [ "systemd" ];
extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ];
};
zfs = { zfs = {
enable = true; enable = true;
port = 9134; port = 9134;
@ -6610,9 +6687,27 @@ Also, the system state version is set here. No need to touch it.
"Vault" "Vault"
]; ];
}; };
restic = {
enable = false;
port = 9753;
};
nginx = {
enable = true;
port = 9113;
sslVerify = false;
scrapeUri = "http://localhost/nginx_status";
};
nextcloud = lib.mkIf config.swarselsystems.server.nextcloud {
enable = true;
port = 9205;
url = "https://stash.swarsel.win/ocs/v2.php/apps/serverinfo/api/v1/info";
username = "admin";
passwordFile = config.sops.secrets.nextcloudadminpass.path;
};
}; };
}; };
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
"status.swarsel.win" = { "status.swarsel.win" = {
@ -6620,17 +6715,17 @@ Also, the system state version is set here. No need to touch it.
forceSSL = true; forceSSL = true;
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/grafana" = { "/" = {
proxyPass = "http://localhost:3000"; proxyPass = "http://localhost:3000";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
"/prometheus" = { "/prometheus" = {
proxyPass = "http://localhost:9090"; proxyPass = "http://localhost:9090";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
}; };
}; };

96
profiles/server/common/monitoring.nix
View file

@ -6,7 +6,15 @@
grafanaadminpass = { grafanaadminpass = {
owner = "grafana"; owner = "grafana";
}; };
prometheusadminpass = {
owner = "grafana";
};
}; };
users.users.nextcloud-exporter = {
extraGroups = [ "nextcloud" ];
};
users.users.grafana = { users.users.grafana = {
extraGroups = [ "users" ]; extraGroups = [ "users" ];
}; };
@ -14,12 +22,41 @@
services.grafana = { services.grafana = {
enable = true; enable = true;
dataDir = "/Vault/data/grafana"; dataDir = "/Vault/data/grafana";
provision = {
enable = true;
datasources.settings = {
datasources = [
{
name = "prometheus";
type = "prometheus";
url = "https://status.swarsel.win/prometheus";
editable = false;
access = "proxy";
basicAuth = true;
basicAuthUser = "admin";
jsonData = {
httpMethod = "POST";
manageAlerts = true;
prometheusType = "Prometheus";
prometheusVersion = "> 2.50.x";
cacheLevel = "High";
disableRecordingRules = false;
incrementalQueryOverlapWindow = "10m";
};
secureJsonData = {
basicAuthPassword = "$__file{/run/secrets/prometheusadminpass}";
};
}
];
};
};
settings = { settings = {
security.admin_password = "$__file{/run/secrets/grafanaadminpass}"; security.admin_password = "$__file{/run/secrets/grafanaadminpass}";
server = { server = {
http_port = 3000; http_port = 3000;
http_addr = "127.0.0.1"; http_addr = "127.0.0.1";
protocol = "https"; protocol = "http";
domain = "status.swarsel.win"; domain = "status.swarsel.win";
}; };
}; };
@ -30,8 +67,43 @@
webExternalUrl = "https://status.swarsel.win/prometheus"; webExternalUrl = "https://status.swarsel.win/prometheus";
port = 9090; port = 9090;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
webConfigFile = /../../programs/server/prometheus/web.config; globalConfig = {
scrape_interval = "10s";
};
webConfigFile = ../../../programs/server/prometheus/web.config;
scrapeConfigs = [
{
job_name = "node";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
}];
}
{
job_name = "zfs";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.zfs.port}" ];
}];
}
{
job_name = "nginx";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ];
}];
}
{
job_name = "nextcloud";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.nextcloud.port}" ];
}];
}
];
exporters = { exporters = {
node = {
enable = true;
port = 9000;
enabledCollectors = [ "systemd" ];
extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ];
};
zfs = { zfs = {
enable = true; enable = true;
port = 9134; port = 9134;
@ -39,9 +111,27 @@
"Vault" "Vault"
]; ];
}; };
restic = {
enable = false;
port = 9753;
};
nginx = {
enable = true;
port = 9113;
sslVerify = false;
scrapeUri = "http://localhost/nginx_status";
};
nextcloud = lib.mkIf config.swarselsystems.server.nextcloud {
enable = true;
port = 9205;
url = "https://stash.swarsel.win/ocs/v2.php/apps/serverinfo/api/v1/info";
username = "admin";
passwordFile = config.sops.secrets.nextcloudadminpass.path;
};
}; };
}; };
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
"status.swarsel.win" = { "status.swarsel.win" = {
@ -49,7 +139,7 @@
forceSSL = true; forceSSL = true;
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/grafana" = { "/" = {
proxyPass = "http://localhost:3000"; proxyPass = "http://localhost:3000";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;

6
profiles/server/common/nextcloud.nix
View file

@ -2,7 +2,11 @@
{ {
config = lib.mkIf config.swarselsystems.server.nextcloud { config = lib.mkIf config.swarselsystems.server.nextcloud {
sops.secrets.nextcloudadminpass = { owner = "nextcloud"; }; sops.secrets.nextcloudadminpass = {
owner = "nextcloud";
group = "nextcloud";
mode = "0440";
};
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;

1
profiles/server/common/nginx.nix
View file

@ -24,6 +24,7 @@
services.nginx = { services.nginx = {
enable = true; enable = true;
statusPage = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;

5
secrets/server/winters/secrets.yaml
View file

@ -34,6 +34,7 @@ vpnloc: ENC[AES256_GCM,data:U8ModKho4vSHnMo9BOE978V6ZlMeQEoLaFW/,iv:Sw06YsWSZ4tG
swarseluser: ENC[AES256_GCM,data:XvmOHYFNhb/bAYAZ/kmUWbbmRy/WrxSYri/Y5k+SH4N7ZIjuZDHOkWk93ERFuTb77HvhbPX/NRQraUoJoFsxGGg5co/gJnyfRg==,iv:J50PeDcC4PM3+yQ/YQNb8TW4kubwi2kjjSFU0RVFM30=,tag:ydLYkz1YKyguGZZZD/JcLA==,type:str] swarseluser: ENC[AES256_GCM,data:XvmOHYFNhb/bAYAZ/kmUWbbmRy/WrxSYri/Y5k+SH4N7ZIjuZDHOkWk93ERFuTb77HvhbPX/NRQraUoJoFsxGGg5co/gJnyfRg==,iv:J50PeDcC4PM3+yQ/YQNb8TW4kubwi2kjjSFU0RVFM30=,tag:ydLYkz1YKyguGZZZD/JcLA==,type:str]
nextcloudadminpass: ENC[AES256_GCM,data:ZOCsu4/ijfheBfY9ZR5DBXSB,iv:bNlTLKQblnt2eYJqVgXwCaGAyAw2yhlb9Whsz0LBhm4=,tag:VQAWP/b8IghzXDFLJxXZ4Q==,type:str] nextcloudadminpass: ENC[AES256_GCM,data:ZOCsu4/ijfheBfY9ZR5DBXSB,iv:bNlTLKQblnt2eYJqVgXwCaGAyAw2yhlb9Whsz0LBhm4=,tag:VQAWP/b8IghzXDFLJxXZ4Q==,type:str]
grafanaadminpass: ENC[AES256_GCM,data:TBu0WOdvE+9CAH8EVm8=,iv:/usKOYscSXpo8tiSV/Las9eucBeYnpwG5DM9gJg8bfU=,tag:/LZqwuPWQyjSZURnsqq3hA==,type:str] grafanaadminpass: ENC[AES256_GCM,data:TBu0WOdvE+9CAH8EVm8=,iv:/usKOYscSXpo8tiSV/Las9eucBeYnpwG5DM9gJg8bfU=,tag:/LZqwuPWQyjSZURnsqq3hA==,type:str]
prometheusadminpass: ENC[AES256_GCM,data:NYUbSnAl0f3FUtvCjvJHFr2wMRsVsbVIeg==,iv:TP4NMwJsft8aEixxJBJCX/0I6BJVBnltFYJDKuXq1hM=,tag:yMY+KZsRjbn8ItgKgjzqSA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -49,8 +50,8 @@ sops:
SHJMUFJSeGRQcTIyU1U5RXkvQi9NMzQKm8SP9jQ4fuIuddzqP+m6EJg7+zkX53jz SHJMUFJSeGRQcTIyU1U5RXkvQi9NMzQKm8SP9jQ4fuIuddzqP+m6EJg7+zkX53jz
bHaMPuLTaIHaaSDlVYe5stpyPDlZQ0NSGWV+HaIXkLZNfNM71hWYBQ== bHaMPuLTaIHaaSDlVYe5stpyPDlZQ0NSGWV+HaIXkLZNfNM71hWYBQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-18T19:30:49Z" lastmodified: "2024-10-18T21:26:59Z"
mac: ENC[AES256_GCM,data:2/OKp8nGwnllhsSn1KOG5OzzBRFVWF2Wi4Of+SsDE2EI91xHNt5DqNKES6xWH3sZMG0eKw4s4KCvMFGmZLkaoCanGscWe6GmZO6vOsTqI5261vJxFdJD40PPB5D2PywgfEIVR9elNDOLuXysekhSMg7497K5TvtQoJi0MXIDpvk=,iv:gW0/qEZwO0kPN0JynB/b8TjZJRYzaN8Qj7S7UWh5M+Q=,tag:UPOdYR7jJzevW3GJTySIUg==,type:str] mac: ENC[AES256_GCM,data:wvK/aa9ninmY+S66u6f2sP0bWV3bUbuEPS4J80M8YCA2J1p9mU5ndFWL6DSmzCslhO99a6+Y/AalLhkjVJn1Ok8CcxhCgbaSbZ7zniGe7sY0pK/6pPdSEHEzljNzx0M6KCoHeD9/a4VY5kPeq1t+IjqdtIBV3xhP0/SMaeypk0M=,iv:jTGcGnDZln3KZc6G8x0ENk6m5Zwq3Z+CafyATL4WbIc=,tag:i0ii+jwnyDCLxS07K82oIg==,type:str]
pgp: pgp:
- created_at: "2024-09-23T20:03:08Z" - created_at: "2024-09-23T20:03:08Z"
enc: |- enc: |-