From 1b39cfb14b608f374208a9483db661ccd1a43230 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Thu, 16 Nov 2023 01:47:45 +0300 Subject: 2023-11-16 --- modules/nixos/git/default.nix | 2 +- modules/nixos/grafana.nix | 2 +- modules/nixos/ipfs.nix | 2 +- modules/nixos/loki.nix | 2 +- modules/nixos/monitoring/default.nix | 402 +++++++++++++++++------------------ modules/nixos/plausible.nix | 194 ++++++++--------- modules/nixos/podman.nix | 2 +- modules/nixos/prometheus.nix | 2 +- modules/nixos/radicale.nix | 2 +- modules/nixos/syncthing.nix | 2 +- modules/nixos/victoriametrics.nix | 2 +- 11 files changed, 301 insertions(+), 313 deletions(-) (limited to 'modules/nixos') diff --git a/modules/nixos/git/default.nix b/modules/nixos/git/default.nix index 67cc07b..cbe14bd 100644 --- a/modules/nixos/git/default.nix +++ b/modules/nixos/git/default.nix @@ -1,8 +1,8 @@ { config, + lib, libNginx, libPlausible, - lib, pkgs, ... }: diff --git a/modules/nixos/grafana.nix b/modules/nixos/grafana.nix index ae79d17..ddf7f67 100644 --- a/modules/nixos/grafana.nix +++ b/modules/nixos/grafana.nix @@ -1,8 +1,8 @@ { config, - libNginx, inputs, lib, + libNginx, ... }: with lib; let diff --git a/modules/nixos/ipfs.nix b/modules/nixos/ipfs.nix index bf93a3c..99ce6c9 100644 --- a/modules/nixos/ipfs.nix +++ b/modules/nixos/ipfs.nix @@ -1,7 +1,7 @@ { config, - libNginx, lib, + libNginx, this, ... }: diff --git a/modules/nixos/loki.nix b/modules/nixos/loki.nix index c5194e1..c213832 100644 --- a/modules/nixos/loki.nix +++ b/modules/nixos/loki.nix @@ -1,7 +1,7 @@ { config, - libNginx, lib, + libNginx, pkgs, ... }: diff --git a/modules/nixos/monitoring/default.nix b/modules/nixos/monitoring/default.nix index a09b7e7..57adf1c 100644 --- a/modules/nixos/monitoring/default.nix +++ b/modules/nixos/monitoring/default.nix @@ -6,223 +6,217 @@ }: with lib; let cfg = config.nixfiles.modules.monitoring; -in - { - options.nixfiles.modules.monitoring.enable = mkEnableOption '' - a glue to provision a monitoring stack - ''; +in { + options.nixfiles.modules.monitoring.enable = mkEnableOption '' + a glue to provision a monitoring stack + ''; - config = mkIf cfg.enable { - nixfiles.modules = { - alertmanager.enable = true; - grafana.enable = true; - loki.enable = true; - prometheus.enable = true; - }; + config = mkIf cfg.enable { + nixfiles.modules = { + alertmanager.enable = true; + grafana.enable = true; + loki.enable = true; + prometheus.enable = true; + }; - services = { - grafana = { - declarativePlugins = with pkgs.grafanaPlugins; [ - redis-app - redis-datasource - redis-explorer-app - ]; + services = { + grafana = { + declarativePlugins = with pkgs.grafanaPlugins; [ + redis-app + redis-datasource + redis-explorer-app + ]; - provision = { - enable = true; + provision = { + enable = true; - # https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources - datasources.settings.datasources = with config.nixfiles.modules; [ - { - name = "Alertmanager"; - type = "alertmanager"; - access = "proxy"; - jsonData.implementation = "prometheus"; - url = "https://${alertmanager.domain}"; - } - { - name = "Loki"; - type = "loki"; - access = "proxy"; - url = "https://${loki.domain}"; - isDefault = true; - } - { - name = "Prometheus"; - type = "prometheus"; - access = "proxy"; - url = "https://${prometheus.domain}"; - } - (mkIf config.nixfiles.modules.redis.enable { - name = "Redis"; - type = "redis-datasource"; - access = "proxy"; - url = with config.services.redis.servers.default; "redis://${bind}:${toString port}"; - jsonData.client = "standalone"; - }) - ]; - datasources.settings.deleteDatasources = [ - { - name = "PostgreSQL"; - orgId = 1; - } - ]; + # https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources + datasources.settings.datasources = with config.nixfiles.modules; [ + { + name = "Alertmanager"; + type = "alertmanager"; + access = "proxy"; + jsonData.implementation = "prometheus"; + url = "https://${alertmanager.domain}"; + } + { + name = "Loki"; + type = "loki"; + access = "proxy"; + url = "https://${loki.domain}"; + isDefault = true; + } + { + name = "Prometheus"; + type = "prometheus"; + access = "proxy"; + url = "https://${prometheus.domain}"; + } + (mkIf config.nixfiles.modules.redis.enable { + name = "Redis"; + type = "redis-datasource"; + access = "proxy"; + url = with config.services.redis.servers.default; "redis://${bind}:${toString port}"; + jsonData.client = "standalone"; + }) + ]; + datasources.settings.deleteDatasources = [ + { + name = "PostgreSQL"; + orgId = 1; + } + ]; - # https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards - dashboards.settings.providers = [ - { - name = "node"; - options.path = ./dashboards/node.json; - } - { - name = "ntfy"; - options.path = ./dashboards/ntfy.json; - } - { - name = "endlessh"; - options.path = ./dashboards/endlessh.json; - } - { - name = "unbound"; - options.path = ./dashboards/unbound.json; - } - { - name = "nginx"; - options.path = ./dashboards/nginx.json; - } - { - name = "postgersql"; - options.path = ./dashboards/postgresql.json; - } - { - name = "redis"; - options.path = ./dashboards/redis.json; - } - { - name = "redis-streaming"; - options.path = ./dashboards/redis-streaming.json; - } - ]; + # https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards + dashboards.settings.providers = [ + { + name = "node"; + options.path = ./dashboards/node.json; + } + { + name = "ntfy"; + options.path = ./dashboards/ntfy.json; + } + { + name = "endlessh"; + options.path = ./dashboards/endlessh.json; + } + { + name = "unbound"; + options.path = ./dashboards/unbound.json; + } + { + name = "nginx"; + options.path = ./dashboards/nginx.json; + } + { + name = "postgersql"; + options.path = ./dashboards/postgresql.json; + } + { + name = "redis"; + options.path = ./dashboards/redis.json; + } + { + name = "redis-streaming"; + options.path = ./dashboards/redis-streaming.json; + } + ]; - # https://grafana.com/docs/grafana/latest/administration/provisioning/#alerting - alerting.contactPoints.settings.contactPoints = [ - { - name = "Alertmanager"; - receivers = [ - { - uid = 1; - type = "prometheus-alertmanager"; - settings.url = "https://${config.nixfiles.modules.alertmanager.domain}"; - } - ]; - } - ]; - }; + # https://grafana.com/docs/grafana/latest/administration/provisioning/#alerting + alerting.contactPoints.settings.contactPoints = [ + { + name = "Alertmanager"; + receivers = [ + { + uid = 1; + type = "prometheus-alertmanager"; + settings.url = "https://${config.nixfiles.modules.alertmanager.domain}"; + } + ]; + } + ]; }; + }; - loki.configuration.ruler.alertmanager_url = "https://${config.nixfiles.modules.alertmanager.domain}"; + loki.configuration.ruler.alertmanager_url = "https://${config.nixfiles.modules.alertmanager.domain}"; - prometheus = { - scrapeConfigs = with my.configurations; - mapAttrsToList - ( - name: value: { - job_name = name; - static_configs = [ + prometheus = { + scrapeConfigs = with my.configurations; + mapAttrsToList + ( + name: value: { + job_name = name; + static_configs = [ + { + targets = with value; + map (host: + concatStringsSep ":" [ + ( + if isAttrs host + then host.hostname + else host + ) + (toString port) + ]) + hosts; + } + ]; + relabel_configs = + [ { - targets = with value; - map (host: - concatStringsSep ":" [ - ( - if isAttrs host - then host.hostname - else host - ) - (toString port) - ]) - hosts; + source_labels = ["__address__"]; + regex = "([^:]+):\\d+"; + target_label = "instance"; } - ]; - relabel_configs = - [ - { - source_labels = ["__address__"]; - regex = "([^:]+):\\d+"; - target_label = "instance"; - } - ] - ++ optionals (hasAttr "relabel" value) value.relabel; - } - ) - { - promtail = { - hosts = [manwe varda yavanna]; - inherit (config.nixfiles.modules.promtail) port; - }; - ntfy = { - hosts = [manwe]; - inherit (config.nixfiles.modules.ntfy.prometheus) port; - }; - soju = { - hosts = ["127.0.0.1"]; - inherit (config.nixfiles.modules.soju.prometheus) port; - }; - endlessh-go = { - hosts = [manwe varda yavanna]; - inherit (config.services.endlessh-go.prometheus) port; - }; - nginx = { - hosts = [manwe yavanna]; - inherit (config.services.prometheus.exporters.nginx) port; - }; - node = { - hosts = [manwe varda yavanna]; - inherit (config.services.prometheus.exporters.node) port; - }; - postgres = { - hosts = [manwe]; - inherit (config.services.prometheus.exporters.postgres) port; - }; - redis = { - hosts = [manwe]; - inherit (config.services.prometheus.exporters.redis) port; - }; - unbound = { - hosts = [manwe]; - inherit (config.services.prometheus.exporters.unbound) port; - }; - wireguard = { - hosts = [manwe]; - inherit (config.services.prometheus.exporters.wireguard) port; - }; - # TODO Wait for https://github.com/NixOS/nixpkgs/pull/265696 - exportarr-lidarr = { - hosts = [yavanna]; - port = 9708; - }; + ] + ++ optionals (hasAttr "relabel" value) value.relabel; + } + ) + { + promtail = { + hosts = [manwe varda yavanna]; + inherit (config.nixfiles.modules.promtail) port; + }; + ntfy = { + hosts = [manwe]; + inherit (config.nixfiles.modules.ntfy.prometheus) port; + }; + soju = { + hosts = ["127.0.0.1"]; + inherit (config.nixfiles.modules.soju.prometheus) port; + }; + endlessh-go = { + hosts = [manwe varda yavanna]; + inherit (config.services.endlessh-go.prometheus) port; }; + nginx = { + hosts = [manwe yavanna]; + inherit (config.services.prometheus.exporters.nginx) port; + }; + node = { + hosts = [manwe varda yavanna]; + inherit (config.services.prometheus.exporters.node) port; + }; + postgres = { + hosts = [manwe]; + inherit (config.services.prometheus.exporters.postgres) port; + }; + redis = { + hosts = [manwe]; + inherit (config.services.prometheus.exporters.redis) port; + }; + unbound = { + hosts = [manwe]; + inherit (config.services.prometheus.exporters.unbound) port; + }; + wireguard = { + hosts = [manwe]; + inherit (config.services.prometheus.exporters.wireguard) port; + }; + # TODO Wait for https://github.com/NixOS/nixpkgs/pull/265696 + exportarr-lidarr = { + hosts = [yavanna]; + port = 9708; + }; + }; - ruleFiles = [ - ./rules/nginx.yaml - ./rules/node.yaml - ./rules/postgres.yaml - ./rules/redis.yaml - ]; + ruleFiles = [ + ./rules/nginx.yaml + ./rules/node.yaml + ./rules/postgres.yaml + ./rules/redis.yaml + ]; - alertmanagers = [ - { - scheme = "https"; - static_configs = [ - {targets = [config.nixfiles.modules.alertmanager.domain];} - ]; - } - ]; - }; + alertmanagers = [ + { + scheme = "https"; + static_configs = [ + {targets = [config.nixfiles.modules.alertmanager.domain];} + ]; + } + ]; }; }; - } - # FIXME https://nixpk.gs/pr-tracker.html?pr=265696 - // lib.moduleFromRef - "services/monitoring/prometheus/exporters.nix" - "Stunkymonkey:nixos-exportarr" - "0c9n3dc8l64bshynpbzaplvxhi2f0ihh6wcslh42y9kilwjp2zjv" + }; +} diff --git a/modules/nixos/plausible.nix b/modules/nixos/plausible.nix index 172da3f..d346bde 100644 --- a/modules/nixos/plausible.nix +++ b/modules/nixos/plausible.nix @@ -6,125 +6,119 @@ }: with lib; let cfg = config.nixfiles.modules.plausible; -in - { - options.nixfiles.modules.plausible = { - enable = mkEnableOption "Plausible Analytics"; +in { + options.nixfiles.modules.plausible = { + enable = mkEnableOption "Plausible Analytics"; - port = mkOption { - description = "Port."; - type = with types; port; - default = 8000; - }; + port = mkOption { + description = "Port."; + type = with types; port; + default = 8000; + }; - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; nullOr str; - default = "plausible.${config.networking.domain}"; - }; + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; nullOr str; + default = "plausible.${config.networking.domain}"; }; + }; - config = let - db = "plausible"; - in - mkIf cfg.enable { - _module.args.libPlausible = { - htmlPlausibleScript = { - domain ? "$host", - src ? "https://${cfg.domain}/js/script.js", - }: ''''; - }; + config = let + db = "plausible"; + in + mkIf cfg.enable { + _module.args.libPlausible = { + htmlPlausibleScript = { + domain ? "$host", + src ? "https://${cfg.domain}/js/script.js", + }: ''''; + }; - secrets = { - plausible-key.file = "${inputs.self}/secrets/plausible-key"; - plausible-admin-password.file = "${inputs.self}/secrets/plausible-admin-password"; - plausible-smtp-password.file = "${inputs.self}/secrets/smtp-password"; - }; + secrets = { + plausible-key.file = "${inputs.self}/secrets/plausible-key"; + plausible-admin-password.file = "${inputs.self}/secrets/plausible-admin-password"; + plausible-smtp-password.file = "${inputs.self}/secrets/smtp-password"; + }; - nixfiles.modules = { - nginx = { - enable = true; - upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://plausible"; - proxyWebsockets = true; - }; - }; - postgresql = { - enable = true; - extraPostStart = [ - '' - $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' - $PSQL "${db}" -tAc 'CREATE EXTENSION IF NOT EXISTS citext' - '' - ]; + nixfiles.modules = { + nginx = { + enable = true; + upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {}; + virtualHosts.${cfg.domain}.locations."/" = { + proxyPass = "http://plausible"; + proxyWebsockets = true; }; - clickhouse.enable = true; }; - - services.postgresql = { - ensureDatabases = [db]; - ensureUsers = [ - { - name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; - } + postgresql = { + enable = true; + extraPostStart = [ + '' + $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' + $PSQL "${db}" -tAc 'CREATE EXTENSION IF NOT EXISTS citext' + '' ]; }; + clickhouse.enable = true; + }; - services.plausible = { - enable = true; + services.postgresql = { + ensureDatabases = [db]; + ensureUsers = [ + { + name = db; + ensurePermissions."DATABASE \"${db}\"" = "ALL"; + } + ]; + }; - adminUser = { - name = "admin"; - email = "admin@${my.domain.shire}"; - passwordFile = config.secrets.plausible-admin-password.path; - activate = false; - }; + services.plausible = { + enable = true; - mail = { - email = "admin+plausible@${my.domain.shire}"; - smtp = { - hostAddr = my.domain.shire; - hostPort = 465; - enableSSL = true; - user = "azahi@${my.domain.shire}"; - passwordFile = config.secrets.plausible-smtp-password.path; - }; - }; + adminUser = { + name = "admin"; + email = "admin@${my.domain.shire}"; + passwordFile = config.secrets.plausible-admin-password.path; + activate = false; + }; - database = { - clickhouse = { - setup = false; - url = "http://127.0.0.1:8123/default"; - }; + mail = { + email = "admin+plausible@${my.domain.shire}"; + smtp = { + hostAddr = my.domain.shire; + hostPort = 465; + enableSSL = true; + user = "azahi@${my.domain.shire}"; + passwordFile = config.secrets.plausible-smtp-password.path; + }; + }; - postgres = { - setup = true; - dbname = db; - }; + database = { + clickhouse = { + setup = false; + url = "http://127.0.0.1:8123/default"; }; - server = { - baseUrl = "https://${cfg.domain}"; - disableRegistration = true; - listenAddress = "127.0.0.1"; - inherit (cfg) port; - secretKeybaseFile = config.secrets.plausible-key.path; + postgres = { + setup = true; + dbname = db; }; }; - systemd.services.plausible = rec { - after = [ - "postgresql.service" - "clickhouse.service" - ]; - requires = after; + server = { + baseUrl = "https://${cfg.domain}"; + disableRegistration = true; + listenAddress = "127.0.0.1"; + inherit (cfg) port; + secretKeybaseFile = config.secrets.plausible-key.path; }; }; - } - # FIXME https://nixpk.gs/pr-tracker.html?pr=266702 - // lib.moduleFromRef - "services/web-apps/plausible.nix" - "nh2:plausible-listen-address-no-distributed-erlang" - "080c1rdz99xj8y876cw1p3zxmmaqq75jhrpf9f5z1da8v7yvs078" + + systemd.services.plausible = rec { + after = [ + "postgresql.service" + "clickhouse.service" + ]; + requires = after; + }; + }; +} diff --git a/modules/nixos/podman.nix b/modules/nixos/podman.nix index ceb748b..ec9b346 100644 --- a/modules/nixos/podman.nix +++ b/modules/nixos/podman.nix @@ -1,7 +1,7 @@ { config, - lib, inputs, + lib, pkgs, ... }: diff --git a/modules/nixos/prometheus.nix b/modules/nixos/prometheus.nix index 5e61e73..0320e82 100644 --- a/modules/nixos/prometheus.nix +++ b/modules/nixos/prometheus.nix @@ -1,7 +1,7 @@ { config, - libNginx, lib, + libNginx, ... }: with lib; let diff --git a/modules/nixos/radicale.nix b/modules/nixos/radicale.nix index 3c6a230..588ed51 100644 --- a/modules/nixos/radicale.nix +++ b/modules/nixos/radicale.nix @@ -1,8 +1,8 @@ { - libNginx, config, inputs, lib, + libNginx, ... }: with lib; let diff --git a/modules/nixos/syncthing.nix b/modules/nixos/syncthing.nix index 755e2db..39579f8 100644 --- a/modules/nixos/syncthing.nix +++ b/modules/nixos/syncthing.nix @@ -1,8 +1,8 @@ { config, - libNginx, inputs, lib, + libNginx, this, ... }: diff --git a/modules/nixos/victoriametrics.nix b/modules/nixos/victoriametrics.nix index 89d3ddb..6b037b9 100644 --- a/modules/nixos/victoriametrics.nix +++ b/modules/nixos/victoriametrics.nix @@ -1,7 +1,7 @@ { config, - libNginx, lib, + libNginx, ... }: with lib; let -- cgit 1.4.1