sivizius/nixfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixfiles/services/monitoring/default.nix
Sebastian Walz 860d31cee1
Tohu vaBohu
2023-04-21 00:22:52 +02:00

170 lines
5.8 KiB
Nix
Raw Permalink Blame History

{ enableACME, forceSSL, ... }:
Service "Monitoring with grafana and prometheus"
{
configuration
= { core, network, secret, ... }:
let
inherit(core) string;
inherit(network) domain hostName ips tcp;
inherit(tcp) ports;
hostDomain = "${hostName}.${domain}";
allowedIPs
= string.concatMappedLines
(ip: "allow ${ip};")
ips;
extraConfig
= ''
${allowedIPs}
deny all;
'';
nginxConfigHost
= {
inherit enableACME extraConfig forceSSL;
locations
= {
"/metrics/nginx"
= {
inherit extraConfig;
proxyPass = "http://localhost:${string ports.exporters.nginx}/metrics";
};
"/metrics/node"
= {
inherit extraConfig;
proxyPass = "http://localhost:${string ports.exporters.node}/metrics";
};
};
};
nginxConfigGrafana
= {
inherit enableACME forceSSL;
locations."/"
= {
proxyPass = "http://localhost:${string ports.grafana}/";
};
};
nginxConfigPrometheus
= {
inherit enableACME extraConfig forceSSL;
locations."/"
= {
inherit extraConfig;
proxyPass = "http://localhost:${string ports.prometheus}/";
proxyWebsockets = true;
};
};
settings
= {
"auth.anonymous"
= {
enabled = true;
};
security
= {
admin_user = "admin";
admin_password = secret.decryptGrafanaSecret' ./admin.asc;
};
server
= {
domain = "grafana.${domain}";
http_port = ports.grafana;
root_url = "https://grafana.${domain}/";
};
};
in
{
grafana
= {
enable = true;
provision
= {
enable = true;
dashboards
= {
path = ./dashboards;
};
datasources.settings.datasources
= [
{
isDefault
= true;
name = "Prometheus";
type = "prometheus";
url = "https://prometheus.${domain}/";
}
];
};
inherit settings;
};
journald.extraConfig
= ''
MaxFileSec="6h"
MaxRetentionSec="3day"
'';
nginx.virtualHosts
= {
${hostDomain} = nginxConfigHost;
"grafana.${domain}" = nginxConfigGrafana;
"prometheus.${domain}"= nginxConfigPrometheus;
};
prometheus
= {
checkConfig = "syntax-only";
enable = true;
exporters
= {
nginx
= {
enable = true;
port = ports.exporters.nginx;
};
node
= {
enable = true;
port = ports.exporters.node;
};
};
scrapeConfigs
= [
{
job_name = "nginx";
metrics_path = "/metrics/nginx";
scheme = "https";
scrape_interval
= "30s";
static_configs
= [
{
targets
= [ hostDomain ];
}
];
}
{
job_name = "node";
metrics_path = "/metrics/node";
scheme = "https";
scrape_interval
= "30s";
static_configs
= [
{
targets
= [ hostDomain ];
}
];
}
];
};
vnstat.enable = true;
};
}
Reference in New Issue View Git Blame Copy Permalink