summaryrefslogtreecommitdiff
path: root/modules/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos')
-rw-r--r--modules/nixos/default.nix2
-rw-r--r--modules/nixos/monitoring/default.nix154
-rw-r--r--modules/nixos/nsd.nix3
-rw-r--r--modules/nixos/ntfy.nix57
-rw-r--r--modules/nixos/redis.nix36
-rw-r--r--modules/nixos/unbound.nix39
-rw-r--r--modules/nixos/victoriametrics.nix46
7 files changed, 233 insertions, 104 deletions
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 269ce39..3c4192d 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -36,6 +36,7 @@ _: {
./nginx.nix
./node-exporter.nix
./nsd.nix
+ ./ntfy.nix
./nullmailer.nix
./openssh.nix
./podman.nix
@@ -46,6 +47,7 @@ _: {
./psd.nix
./radarr.nix
./radicale.nix
+ ./redis.nix
./rss-bridge.nix
./rtorrent.nix
./searx.nix
diff --git a/modules/nixos/monitoring/default.nix b/modules/nixos/monitoring/default.nix
index 1108be6..6cdc2c9 100644
--- a/modules/nixos/monitoring/default.nix
+++ b/modules/nixos/monitoring/default.nix
@@ -1,78 +1,93 @@
{
config,
lib,
+ pkgs,
...
}:
with lib; let
cfg = config.nixfiles.modules.monitoring;
in {
options.nixfiles.modules.monitoring.enable = mkEnableOption ''
- a custom monitoring stack bas on the Grafana Labs toolkit
+ a glue to provision a monitoring stack
'';
config = mkIf cfg.enable {
nixfiles.modules = {
+ alertmanager.enable = true;
grafana.enable = true;
loki.enable = true;
prometheus.enable = true;
- alertmanager.enable = true;
};
services = {
- grafana.provision = {
- enable = true;
-
- # https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources
- datasources.settings.datasources = with config.nixfiles.modules; [
- {
- name = "Prometheus";
- type = "prometheus";
- access = "proxy";
- url = "https://${prometheus.domain}";
- isDefault = true;
- }
- {
- name = "Loki";
- type = "loki";
- access = "proxy";
- url = "https://${loki.domain}";
- }
- {
- name = "Alertmanager";
- type = "alertmanager";
- access = "proxy";
- jsonData.implementation = "prometheus";
- url = "https://${alertmanager.domain}";
- }
+ grafana = {
+ declarativePlugins = with pkgs.grafanaPlugins; [
+ redis-app
+ redis-datasource
+ redis-explorer-app
];
- # https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards
- dashboards.settings.providers = [
- # System dashboard is imported manually from here[1]. Too bad
- # provisioned dashboards cannot properly integrate dynamic datasources
- # yet.
- #
- # [1]: https://grafana.com/grafana/dashboards/1860-node-exporter-full
- {
- name = "endlessh";
- options.path = ./dashboards/endlessh.json;
- }
- {
- name = "unbound";
- options.path = ./dashboards/unbound.json;
- }
- {
- name = "nginx";
- options.path = ./dashboards/nginx.json;
- }
- {
- name = "postgersql";
- options.path = ./dashboards/postgresql.json;
- }
- ];
+ provision = {
+ enable = true;
- alerting = {
- contactPoints.settings.contactPoints = [
+ # https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources
+ datasources.settings.datasources = with config.nixfiles.modules; [
+ {
+ name = "Alertmanager";
+ type = "alertmanager";
+ access = "proxy";
+ jsonData.implementation = "prometheus";
+ url = "https://${alertmanager.domain}";
+ }
+ {
+ name = "Loki";
+ type = "loki";
+ access = "proxy";
+ url = "https://${loki.domain}";
+ isDefault = true;
+ }
+ {
+ name = "Prometheus";
+ type = "prometheus";
+ access = "proxy";
+ url = "https://${prometheus.domain}";
+ }
+ (mkIf config.nixfiles.modules.redis.enable {
+ name = "Redis";
+ type = "redis-datasource";
+ access = "proxy";
+ url = with config.services.redis.servers.default; "redis://${bind}:${toString port}";
+ jsonData.client = "standalone";
+ })
+ ];
+
+ # https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards
+ dashboards.settings.providers = [
+ # The System dashboard is imported manually from here[1]. Too bad
+ # provisioned dashboards cannot properly integrate dynamic datasources
+ # yet.
+ #
+ # [1]: https://grafana.com/grafana/dashboards/1860-node-exporter-full
+ {
+ name = "endlessh";
+ options.path = ./dashboards/endlessh.json;
+ }
+ {
+ name = "unbound";
+ options.path = ./dashboards/unbound.json;
+ }
+ {
+ name = "nginx";
+ options.path = ./dashboards/nginx.json;
+ }
+ {
+ name = "postgersql";
+ options.path = ./dashboards/postgresql.json;
+ }
+ ];
+
+ # https://grafana.com/docs/grafana/latest/administration/provisioning/#alerting
+ alerting.contactPoints.settings.contactPoints = [
{
name = "Alertmanager";
receivers = [
@@ -84,25 +99,6 @@ in {
];
}
];
- muteTimings.settings.muteTimes = [
- {
- name = "Sleep";
- time_intervals = [
- {
- times = [
- {
- start_time = "23:00";
- end_time = "24:00";
- }
- {
- start_time = "00:00";
- end_time = "09:00";
- }
- ];
- }
- ];
- }
- ];
};
};
@@ -139,7 +135,6 @@ in {
mkTargets
[
manwe
- varda
yavanna
]
nginx.port;
@@ -175,6 +170,19 @@ in {
];
}
{
+ job_name = "redis";
+ static_configs = [
+ {
+ targets =
+ mkTargets
+ [
+ manwe
+ ]
+ redis.port;
+ }
+ ];
+ }
+ {
job_name = "unbound";
static_configs = [
{
diff --git a/modules/nixos/nsd.nix b/modules/nixos/nsd.nix
index 0dade8f..d2ab117 100644
--- a/modules/nixos/nsd.nix
+++ b/modules/nixos/nsd.nix
@@ -112,13 +112,12 @@ in {
gotify = manwe;
grafana = manwe;
loki = manwe;
+ ntfy = manwe;
prometheus = manwe;
radicale = manwe;
rss-bridge = manwe;
vaultwarden = manwe;
- minecraft = varda;
-
flood = yavanna;
};
}
diff --git a/modules/nixos/ntfy.nix b/modules/nixos/ntfy.nix
new file mode 100644
index 0000000..2fd3234
--- /dev/null
+++ b/modules/nixos/ntfy.nix
@@ -0,0 +1,57 @@
+{
+ config,
+ lib,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.ntfy;
+in {
+ options.nixfiles.modules.ntfy = {
+ enable = mkEnableOption "ntfy";
+
+ port = mkOption {
+ description = "Port.";
+ type = types.port;
+ default = 2586;
+ };
+
+ domain = mkOption {
+ description = "Domain name sans protocol scheme.";
+ type = with types; str;
+ default = "ntfy.${config.networking.domain}";
+ };
+ };
+
+ config = mkIf cfg.enable {
+ nixfiles.modules.nginx = {
+ enable = true;
+ upstreams.ntfy.servers.${config.services.ntfy-sh.settings.listen-http} = {};
+ virtualHosts.${cfg.domain} = {
+ locations."/" = {
+ proxyPass = "http://ntfy";
+ proxyWebsockets = true;
+ };
+ extraConfig = nginxInternalOnly;
+ };
+ };
+
+ services.ntfy-sh = {
+ enable = true;
+ settings = {
+ listen-http = "127.0.0.1:${toString cfg.port}";
+ base-url = "https://${cfg.domain}";
+ cache-file = "/var/cache/ntfy/cache.db";
+ behind-proxy = true;
+ attachment-cache-dir = "/var/cache/ntfy/attachments";
+ auth-file = "/var/lib/ntfy/user.db";
+ auth-default-access = "deny-all";
+ };
+ };
+
+ systemd.tmpfiles.rules = with config.services.ntfy-sh; [
+ "d /var/lib/ntfy 0700 ${user} ${group} - -"
+ "d /var/cache/ntfy 0700 ${user} ${group} - -"
+ "d /var/cache/ntfy/attachments 0700 ${user} ${group} - -"
+ ];
+ };
+}
diff --git a/modules/nixos/redis.nix b/modules/nixos/redis.nix
new file mode 100644
index 0000000..166407e
--- /dev/null
+++ b/modules/nixos/redis.nix
@@ -0,0 +1,36 @@
+{
+ config,
+ lib,
+ this,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.redis;
+in {
+ options.nixfiles.modules.redis.enable = mkEnableOption "Redis";
+
+ config = mkIf cfg.enable {
+ services = {
+ redis = {
+ servers.default = {
+ enable = true;
+ bind = "127.0.0.1";
+ port = 6379;
+ };
+ vmOverCommit = true;
+ };
+
+ prometheus.exporters = {
+ redis = {
+ enable = true;
+ listenAddress = mkDefault this.wireguard.ipv4.address;
+ port = mkDefault 9121;
+ extraFlags = with config.services.redis.servers.default; [
+ "--redis.addr=redis://${bind}:${toString port}"
+ "--redis.user=${user}"
+ ];
+ };
+ };
+ };
+ };
+}
diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix
index 103e375..2291cc7 100644
--- a/modules/nixos/unbound.nix
+++ b/modules/nixos/unbound.nix
@@ -22,6 +22,8 @@ in {
adblock-conf = "${config.services.unbound.stateDir}/adblock.conf";
in
mkIf cfg.enable {
+ nixfiles.modules.redis.enable = true;
+
services = {
unbound = {
enable = true;
@@ -114,7 +116,7 @@ in {
}
];
- cachedb = with config.services.redis.servers.unbound; {
+ cachedb = with config.services.redis.servers.default; {
backend = "redis";
redis-server-host = bind;
redis-server-port = port;
@@ -124,34 +126,13 @@ in {
localControlSocketPath = "/run/unbound/unbound.socket";
};
- redis = {
- servers.unbound = {
- enable = true;
- bind = "127.0.0.1";
- port = 6379;
- };
- vmOverCommit = mkForce true;
- };
-
- prometheus.exporters = {
- unbound = {
- enable = true;
- listenAddress = mkDefault this.wireguard.ipv4.address;
- port = 9167;
- fetchType = "uds";
- controlInterface = config.services.unbound.localControlSocketPath;
- inherit (config.services.unbound) group user;
- };
-
- redis = {
- enable = true;
- listenAddress = mkDefault this.wireguard.ipv4.address;
- port = mkDefault 9121;
- extraFlags = with config.services.redis.servers.unbound; [
- "--redis.addr=redis://${bind}:${toString port}"
- "--redis.user=${user}"
- ];
- };
+ prometheus.exporters.unbound = {
+ enable = true;
+ listenAddress = mkDefault this.wireguard.ipv4.address;
+ port = 9167;
+ fetchType = "uds";
+ controlInterface = config.services.unbound.localControlSocketPath;
+ inherit (config.services.unbound) group user;
};
};
diff --git a/modules/nixos/victoriametrics.nix b/modules/nixos/victoriametrics.nix
new file mode 100644
index 0000000..509ee17
--- /dev/null
+++ b/modules/nixos/victoriametrics.nix
@@ -0,0 +1,46 @@
+{
+ config,
+ lib,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.prometheus;
+in {
+ options.nixfiles.modules.prometheus = {
+ enable = mkEnableOption "VictoriaMetrics";
+
+ port = mkOption {
+ description = "Port.";
+ type = with types; port;
+ default = 30113;
+ };
+
+ domain = mkOption {
+ description = "Domain name sans protocol scheme.";
+ type = with types; str;
+ default = "victoriametrics.${config.networking.domain}";
+ };
+ };
+
+ config = mkIf cfg.enable {
+ nixfiles.modules.nginx = with cfg; {
+ enable = true;
+ upstreams.victoriametrics.servers."127.0.0.1:${toString cfg.port}" = {};
+ virtualHosts.${domain} = {
+ locations."/".proxyPass = "http://victoriametrics";
+ extraConfig = nginxInternalOnly;
+ };
+ };
+
+ services.victoriametrics = {
+ enable = true;
+
+ listenAddress = "127.0.0.1:${toString cfg.port}";
+
+ extraOptions = [
+ "-loggerLevel=WARN"
+ # TODO scrape_config
+ ];
+ };
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 07:36:28 +0000