xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-configs/modules/services/monitoring.nix
Lucy Hochkamp f7afa33a13
Some checks failed
ci/woodpecker/push/build-cache Pipeline failed
Details
ci/woodpecker/cron/dependency-pr Pipeline was successful
Details
update
2025-10-23 16:38:51 +02:00

91 lines
3.3 KiB
Nix
Raw Blame History

{
pkgs,
lib,
config,
otherNodes,
...
}:
with lib;
let
cfg = config.xyno.services.monitoring;
firstInstanceWithPromServer = if cfg.prometheusServer then config.networking.hostName else (builtins.head (
attrValues (filterAttrs (n: v: v.config.xyno.services.monitoring.prometheusServer) (otherNodes))
)).config.networking.hostName;
vmBasicAuthUsername = "xyno-monitoring";
in
{
options.xyno.services.monitoring.enable =
mkEnableOption "enables monitoring (prometheus exporters and stuff)";
options.xyno.services.monitoring.remoteWriteUrl = mkOption {
type = types.str;
default = "http://${firstInstanceWithPromServer}.${config.xyno.services.wireguard.monHostsDomain}:8428/api/v1/write";
description = "where prometheus metrics should be pushed to";
};
options.xyno.services.monitoring.prometheusServer = mkOption {
type = types.bool;
default = false;
};
options.xyno.services.monitoring.exporters = mkOption {
type = types.attrsOf (types.either types.int types.str);
description = "names of exporters and their ports (to open fw and generate prometheus config)";
example = ''
{
node = 9100;
postgres = "unix:///run/postgres-exporter.sock";
}
'';
};
config = mkMerge [
(mkIf cfg.enable {
services.prometheus.exporters.node = {
enable = true;
enabledCollectors = [ "systemd" ];
};
xyno.services.monitoring.exporters.node = config.services.prometheus.exporters.node.port;
services.vmagent = {
remoteWrite.url = cfg.remoteWriteUrl;
remoteWrite.basicAuthUsername = vmBasicAuthUsername;
remoteWrite.basicAuthPasswordFile = config.sops.secrets."victoriametrics/basicAuthPassword".path;
prometheusConfig.scrape_configs = mapAttrsToList (name: value: {
job_name = "${name}-exporter";
metrics_path = "/metrics";
staticConfigs = [
{
targets = [ (if ((builtins.typeOf value) == "string") then value else "[::1]:${toString value}") ];
labels.type = name;
labels.host = config.networking.hostName;
}
];
}) cfg.exporters;
};
sops.secrets."victoriametrics/basicAuthPassword" = {
reloadUnits = [ "vmagent.service" ];
};
})
(mkIf (cfg.enable && cfg.prometheusServer) {
xyno.impermanence.directories = [ "/var/lib/${config.services.victoriametrics.stateDir}" ];
sops.secrets."victoriametrics/basicAuthPassword" = {
reloadUnits = [ "victoriametrics.service" ];
};
networking.firewall.extraInputRules = ''tcp dport 8428 ip6 daddr ${config.xyno.services.wireguard.monIp6}/128 accept comment "victoriametrics-http"'';
systemd.services.victoriametrics.serviceConfig.LoadCredential = [
"basic_auth_pw:${config.sops.secrets."victoriametrics/basicAuthPassword".path}"
];
services.victoriametrics = {
enable = true;
listenAddress = "${config.xyno.services.wireguard.monIp6}:8428";
extraOptions = [
"-httpAuth.username=${vmBasicAuthUsername}"
"-httpAuth.password=file://\${CREDENTIALS_DIRECTORY}/basic_auth_pw"
];
};
services.grafana.declarativePlugins = with pkgs.grafanaPlugins; [ victoriametrics-metrics-datasource ];
})
];
}
Reference in a new issue View git blame Copy permalink