swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: cleanup

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-07-14 01:08:22 +02:00
parent a8daed1d10
commit e9da090c2a
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
67 changed files with 4146 additions and 2727 deletions
Download patch file Download diff file Expand all files Collapse all files

148
modules/nixos/server/monitoring.nix
View file

@ -1,6 +1,5 @@
{ self, lib, config, globals, ... }:
let
servicePort = 3000;
serviceUser = "grafana";
serviceGroup = serviceUser;
@ -10,11 +9,12 @@ let
prometheusPort = 9090;
prometheusUser = "prometheus";
prometheusGroup = prometheusUser;
nextcloudUser = config.repo.secrets.local.nextcloud.adminuser;
grafanaUpstream = "grafana";
prometheusUpstream = "prometheus";
prometheusWebRoot = "prometheus";
kanidmDomain = globals.services.kanidm.domain;
inherit (config.swarselsystems) sopsFile;
in
{
options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -22,9 +22,9 @@ in
sops = {
secrets = {
grafanaadminpass = { owner = serviceUser; group = serviceGroup; mode = "0440"; };
prometheusadminpass = { owner = serviceUser; group = serviceGroup; mode = "0440"; };
kanidm-grafana-client = { owner = serviceUser; group = serviceGroup; mode = "0440"; };
grafana-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
prometheus-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
kanidm-grafana-client = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
prometheus-admin-hash = { sopsFile = self + /secrets/winters/secrets2.yaml; owner = prometheusUser; group = prometheusGroup; mode = "0440"; };
};
@ -84,7 +84,7 @@ in
incrementalQueryOverlapWindow = "10m";
};
secureJsonData = {
basicAuthPassword = "$__file{/run/secrets/prometheusadminpass}";
basicAuthPassword = "$__file{/run/secrets/prometheus-admin-pw}";
};
}
];
@ -95,7 +95,7 @@ in
analytics.reporting_enabled = false;
users.allow_sign_up = false;
security = {
admin_password = "$__file{/run/secrets/grafanaadminpass}";
admin_password = "$__file{/run/secrets/grafana-admin-pw}";
cookie_secure = true;
disable_gravatar = true;
};
@ -130,74 +130,78 @@ in
};
};
prometheus = {
enable = true;
webExternalUrl = "https://${serviceDomain}/${prometheusWebRoot}";
port = prometheusPort;
listenAddress = "0.0.0.0";
globalConfig = {
scrape_interval = "10s";
};
webConfigFile = config.sops.templates.web-config.path;
scrapeConfigs = [
{
job_name = "node";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
}];
}
{
job_name = "zfs";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.zfs.port}" ];
}];
}
{
job_name = "nginx";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ];
}];
}
{
job_name = "nextcloud";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.nextcloud.port}" ];
}];
}
];
exporters = {
node = {
enable = true;
port = 9000;
enabledCollectors = [ "systemd" ];
extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ];
prometheus =
let
nextcloudUser = config.repo.secrets.local.nextcloud.adminuser;
in
{
enable = true;
webExternalUrl = "https://${serviceDomain}/${prometheusWebRoot}";
port = prometheusPort;
listenAddress = "0.0.0.0";
globalConfig = {
scrape_interval = "10s";
};
zfs = {
enable = true;
port = 9134;
pools = [
"Vault"
];
};
restic = {
enable = false;
port = 9753;
};
nginx = {
enable = true;
port = 9113;
sslVerify = false;
scrapeUri = "http://localhost/nginx_status";
};
nextcloud = lib.mkIf config.swarselsystems.modules.server.nextcloud {
enable = true;
port = 9205;
url = "https://${serviceDomain}/ocs/v2.php/apps/serverinfo/api/v1/info";
username = nextcloudUser;
passwordFile = config.sops.secrets.nextcloudadminpass.path;
webConfigFile = config.sops.templates.web-config.path;
scrapeConfigs = [
{
job_name = "node";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
}];
}
{
job_name = "zfs";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.zfs.port}" ];
}];
}
{
job_name = "nginx";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ];
}];
}
{
job_name = "nextcloud";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.nextcloud.port}" ];
}];
}
];
exporters = {
node = {
enable = true;
port = 9000;
enabledCollectors = [ "systemd" ];
extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ];
};
zfs = {
enable = true;
port = 9134;
pools = [
"Vault"
];
};
restic = {
enable = false;
port = 9753;
};
nginx = {
enable = true;
port = 9113;
sslVerify = false;
scrapeUri = "http://localhost/nginx_status";
};
nextcloud = lib.mkIf config.swarselsystems.modules.server.nextcloud {
enable = true;
port = 9205;
url = "https://${serviceDomain}/ocs/v2.php/apps/serverinfo/api/v1/info";
username = nextcloudUser;
passwordFile = config.sops.secrets.nextcloud-admin-pw.path;
};
};
};
};
};