xengi/infra
0
1
Fork 0
Code Pull requests Activity Actions

improve all the things

Browse source
This commit is contained in:
XenGi 2026-02-08 12:38:34 +01:00
parent 7cbd49fe42
commit 0357003655
Signed by: xengi
SSH key fingerprint: SHA256:dM+fLZGsDvyv6kunjE8bGduL24VsCFB4LEOSdmRHdG0
10 changed files with 171 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/common.nix
View file

@ -8,6 +8,7 @@
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
../../services/node-exporter.nix
];
systemd.suppressedSystemUnits = [

41
hosts/monitoring/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ ... }:
{
imports = [
../common.nix
../../services/openssh.nix
../../services/nginx.nix
./nginx.nix
./prometheus.nix
./grafana.nix
];
networking = {
hostName = "monitoring";
firewall = {
allowedTCPPorts = [
80 # HTTP/1
443 # HTTP/2
];
allowedUDPPorts = [
443 # HTTP/3
];
};
};
services = {
openssh.banner = ''
__
__/\ \__ __
___ ___ ___ ___ /\_\ \ ,_\ ___ _ __ /\_\ ___ __
/' __` __`\ / __`\ /' _ `\/\ \ \ \/ / __`\/\`'__\/\ \ /' _ `\ /'_ `\
/\ \/\ \/\ \/\ \L\ \/\ \/\ \ \ \ \ \_/\ \L\ \ \ \/ \ \ \/\ \/\ \/\ \L\ \
\ \_\ \_\ \_\ \____/\ \_\ \_\ \_\ \__\ \____/\ \_\ \ \_\ \_\ \_\ \____ \
\/_/\/_/\/_/\/___/ \/_/\/_/\/_/\/__/\/___/ \/_/ \/_/\/_/\/_/\/___L\ \
/\____/
\_/__/
'';
};
system.stateVersion = "25.11";
}

47
hosts/monitoring/grafana.nix Normal file
View file

@ -0,0 +1,47 @@
{ config, ... }:
# Dashboards:
# - Synapse: https://github.com/element-hq/synapse/tree/master/contrib/grafana
{
services = {
grafana = {
enable = true;
settings = {
server.http_addr = "::1";
database = {
type = "postgres";
host = "sql.berlin.ccc.de";
name = "grafana";
user = "grafana";
password = "$__file{${config.age.secrets.postgres_grafana.path}}";
};
security = {
secret_key = "$__file{${config.age.secrets.grafana_secret_key.path}}";
admin_user = "xengi";
admin_password = "$__file{${config.age.secrets.grafana_admin_password.path}}";
admin_email = "grafana@xengi.de";
};
analytics = {
reporting_enabled = false;
feedback_links_enabled = false;
};
};
provision = {
enable = true;
datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}";
jsonData = {
httpMethod = "GET";
prometheusType = "Prometheus";
cacheLevel = "High";
};
}
];
};
};
};
}

29
hosts/monitoring/nginx.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, pkgs, ... }:
{
services.nginx = {
upstreams.grafana.servers."localhost:3000" = {};
virtualHosts."${config.networking.hostName}.${config.networking.domain}" = {
default = true;
quic = true;
kTLS = true;
forceSSL = true;
enableACME = true;
#auth_basic "Administrators Area";
#auth_basic_user_file ${config.age.secrets.grafana-basic-auth.path};
locations = {
#"/.well-known/acme-challenge".root = config.security.acme.defaults.webroot;
"/" = {
recommendedProxySettings = true;
proxyPass = "http://grafana";
};
"/api/live/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
proxyPass = "http://grafana";
};
};
};
};
}

88
hosts/monitoring/prometheus.nix Normal file
View file

@ -0,0 +1,88 @@
{ config, pkgs, lib, ... }:
{
services.prometheus = {
enable = true;
retentionTime = "14d";
listenAddress = "[::1]";
scrapeConfigs = [
{
job_name = "hedgedoc";
scrape_interval = "15s";
scheme = "https";
static_configs = [{ targets = ["md.berlin.ccc.de:443"]; }];
}
{
job_name = "synapse";
scrape_interval = "15s";
static_configs = [{ targets = ["matrix.berlin.ccc.de:9009"]; }];
}
{
job_name = "node";
scrape_interval = "15s";
static_configs = [
{
targets = [
"matrix.${config.networking.domain}:${toString config.services.prometheus.exporters.node.port}"
"md.${config.networking.domain}:${toString config.services.prometheus.exporters.node.port}"
"postgres.${config.networking.domain}:${toString config.services.prometheus.exporters.node.port}"
"monitoring:${toString config.services.prometheus.exporters.node.port}"
];
}
];
}
{
job_name = "nginx";
scrape_interval = "15s";
static_configs = [
{
targets = [
"monitoring:${toString config.services.prometheus.exporters.nginx.port}"
"matrix:${toString config.services.prometheus.exporters.nginx.port}"
];
}
];
}
];
ruleFiles = [
# https://github.com/element-hq/synapse/tree/master/contrib/prometheus
(pkgs.writeText "prom-synapse-rules.yaml" ''
groups:
- name: synapse
rules:
- record: 'synapse_federation_client_sent'
labels:
type: "EDU"
expr: 'synapse_federation_client_sent_edus_total + 0'
- record: 'synapse_federation_client_sent'
labels:
type: "PDU"
expr: 'synapse_federation_client_sent_pdu_destinations_count_total + 0'
- record: 'synapse_federation_client_sent'
labels:
type: "Query"
expr: 'sum(synapse_federation_client_sent_queries) by (job)'
- record: 'synapse_federation_server_received'
labels:
type: "EDU"
expr: 'synapse_federation_server_received_edus_total + 0'
- record: 'synapse_federation_server_received'
labels:
type: "PDU"
expr: 'synapse_federation_server_received_pdus_total + 0'
- record: 'synapse_federation_server_received'
labels:
type: "Query"
expr: 'sum(synapse_federation_server_received_queries) by (job)'
- record: 'synapse_federation_transaction_queue_pending'
labels:
type: "EDU"
expr: 'synapse_federation_transaction_queue_pending_edus + 0'
- record: 'synapse_federation_transaction_queue_pending'
labels:
type: "PDU"
expr: 'synapse_federation_transaction_queue_pending_pdus + 0'
'')
];
};
}