From 1612f5e511aa23d3a7593fb6231d9d8be3db43e3 Mon Sep 17 00:00:00 2001 From: "Ricardo (XenGi) Band" Date: Sun, 30 Nov 2025 16:09:05 +0100 Subject: [PATCH] add metrics --- flake.nix | 29 +++++++++++ services/grafana.nix | 56 +++++++++++++++++++++ services/nginx.nix | 21 +++----- services/postgres.nix | 9 +--- services/prometheus.nix | 66 +++++++++++++++++++++++++ services/synapse.nix | 106 ++++++++++++++++++++++++++-------------- 6 files changed, 227 insertions(+), 60 deletions(-) create mode 100644 services/grafana.nix create mode 100644 services/prometheus.nix diff --git a/flake.nix b/flake.nix index 3edb18a..426fd4d 100644 --- a/flake.nix +++ b/flake.nix @@ -51,13 +51,42 @@ owner = "root"; group = "root"; }; + matrix_registration_shared_secret = { + file = ./secrets/matrix_registration_shared_secret.age; + mode = "440"; + owner = "matrix-synapse"; + group = "matrix-synapse"; + }; + matrix_signing_key = { + file = ./secrets/matrix_signing_key.age; + mode = "440"; + owner = "matrix-synapse"; + group = "matrix-synapse"; + }; + grafana_secret_key = { + file = ./secrets/grafana_secret_key.age; + mode = "440"; + owner = "grafana"; + group = "grafana"; + }; + grafana_admin_password = { + file = ./secrets/grafana_admin_password.age; + mode = "440"; + owner = "grafana"; + group = "grafana"; + }; }; } ./configuration.nix + ./services/nginx.nix ./services/postgres.nix + ./services/synapse.nix ./services/draupnir.nix + + ./services/prometheus.nix + ./services/grafana.nix ]; }; }; diff --git a/services/grafana.nix b/services/grafana.nix new file mode 100644 index 0000000..3f167da --- /dev/null +++ b/services/grafana.nix @@ -0,0 +1,56 @@ +{ ... }: + +{ + services = { + grafana = { + enable = true; + settings = { + server.http_addr = "::1"; + database = { + type = "postgres"; + name = "grafana"; + user = "grafana"; + host = "/run/postgresql"; + }; + security = { + secret_key = "$__file{${config.age.secrets.grafana_secret_key.path}}"; + admin_user = "xengi"; + admin_password = "$__file{${config.age.secrets.grafana_admin_password.path}}"; + admin_email = "grafana@xengi.de"; + }; + analytics = { + reporting_enabled = false; + feedback_links_enabled = false; + }; + }; + provision = { + enable = true; + datasources.settings.datasources = [ + { + name = "Prometheus"; + type = "prometheus"; + url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}"; + jsonData = { + httpMethod = "GET"; + prometheusType = "Prometheus"; + cacheLevel = "High"; + }; + } + ]; + }; + }; + + postgresql = { + ensureUsers = [ + { + name = config.services.grafana.settings.database.user; + ensureDBOwnership = true; + } + ]; + ensureDatabases = [ + config.services.grafana.settings.database.name + ]; + }; + }; +} + diff --git a/services/nginx.nix b/services/nginx.nix index 282b82c..98b2fb7 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -20,9 +20,9 @@ in kTLS = true; forceSSL = true; useACMEHost = fqdn; - #enableACME = true; locations = { - "/.well-known/matrix/client" = { + "/".return = "418 \"I'm a Teapot!\""; + "= /.well-known/matrix/client" = { return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.berlin.ccc.de\"}}'"; extraConfig = '' default_type application/json; @@ -31,25 +31,16 @@ in }; "~ ^(/_matrix|/_synapse/client)" { recommendedProxySettings = true; - proxyPass = "unix:/run/matrix-synapse.sock"; + proxyPass = "http://[::1]:8008"; extraConfig = '' + client_max_body_size 64M; proxy_set_header X-Request-ID $request_id; + proxy_http_version 1.1; ''; }; - "/" = { - return = "418 \"I'm a Teapot!\""; - }; - extraConfig = '' - client_max_body_size 64M; - ''; }; - extraConfig = '' - proxy_http_version 1.1; - ''; }; }; - security.acme.certs."${fqdn}" = { - reloadServices = ["nginx"]; - }; + security.acme.certs."${fqdn}".reloadServices = ["nginx"]; } diff --git a/services/postgres.nix b/services/postgres.nix index 2c78756..99a0b51 100644 --- a/services/postgres.nix +++ b/services/postgres.nix @@ -1,15 +1,8 @@ -{ config, ... }: +{ ... }: { services.postgresql = { enable = true; enableJIT = true; - ensureUsers = [ - { - name = config.services.matrix-synapse.settings.database.args.user; - ensureDBOwnership = true; - } - ]; - ensureDatabases = [ config.services.matrix-synapse.settings.database.args.database ]; }; } diff --git a/services/prometheus.nix b/services/prometheus.nix new file mode 100644 index 0000000..23f7be4 --- /dev/null +++ b/services/prometheus.nix @@ -0,0 +1,66 @@ +{ pkgs, ... }: + +{ + services.prometheus = { + enable = true; + retentionTime = "14d"; + listenAddress = "[::1]"; + exporters = { + #node = {}; + #nginx = {}; + #postgres = {}; + }; + scrapeConfigs = [ + { + job_name = "synapse"; + scrape_interval = "15s"; + static_configs = [ + { + targets = ["[::1]:9009"]; + } + ]; + } + ]; + ruleFiles = [ + # https://github.com/element-hq/synapse/tree/master/contrib/prometheus + (pkgs.writeText "prom-synapse-rules.yaml" '' + groups: + - name: synapse + rules: + - record: 'synapse_federation_client_sent' + labels: + type: "EDU" + expr: 'synapse_federation_client_sent_edus_total + 0' + - record: 'synapse_federation_client_sent' + labels: + type: "PDU" + expr: 'synapse_federation_client_sent_pdu_destinations_count_total + 0' + - record: 'synapse_federation_client_sent' + labels: + type: "Query" + expr: 'sum(synapse_federation_client_sent_queries) by (job)' + - record: 'synapse_federation_server_received' + labels: + type: "EDU" + expr: 'synapse_federation_server_received_edus_total + 0' + - record: 'synapse_federation_server_received' + labels: + type: "PDU" + expr: 'synapse_federation_server_received_pdus_total + 0' + - record: 'synapse_federation_server_received' + labels: + type: "Query" + expr: 'sum(synapse_federation_server_received_queries) by (job)' + - record: 'synapse_federation_transaction_queue_pending' + labels: + type: "EDU" + expr: 'synapse_federation_transaction_queue_pending_edus + 0' + - record: 'synapse_federation_transaction_queue_pending' + labels: + type: "PDU" + expr: 'synapse_federation_transaction_queue_pending_pdus + 0' + '') + ]; + }; +} + diff --git a/services/synapse.nix b/services/synapse.nix index 0fbec23..0d9c548 100644 --- a/services/synapse.nix +++ b/services/synapse.nix @@ -4,46 +4,78 @@ let domain = "berlin.ccc.de"; in { - services.matrix-synapse = { - enable = false; - settings = { - server_name = domain; - public_baseurl = "https://matrix.${domain}:443/"; - #signing_key_path = config.age.secrets.signing_key.path; # "/var/lib/matrix-synapse/homeserver.signing.key" - database.name = "psycopg2"; - listeners = [ - { - path = "/run/matrix-synapse.sock"; - x_forwarded = true; - request_id_header = "X-Request-ID"; - resources = [ - { + services = { + matrix-synapse = { + enable = true; + settings = { + server_name = domain; + public_baseurl = "https://matrix.${domain}:443/"; + #signing_key_path = config.age.secrets.signing_key.path; # "/var/lib/matrix-synapse/homeserver.signing.key" + database = { + name = "psycopg2"; + args = { + user = "matrix-synapse"; + database = "matrix-synapse"; + }; + }; + listeners = [ + { + type = "http"; + x_forwarded = true; + tls = false; + port = 8008; + bind_addresses = [ "::1" ]; + resources = [ + { + compress = false; + names = [ + "client" + "federation" + ]; + } + ]; + } + { + type = "metrics"; + port = 9009; + bind_addresses = [ "::1" ]; + resources = [{ compress = false; - names = [ - "client" - "federation" - ]; - } - ]; + names = [ "metrics" ]; + }]; + } + ]; + enable_metrics = true; + dynamic_thumbnails = true; + max_upload_size = "128M"; + max_image_pixels = "64M"; + + retention = { + enabled = true; + default_policy = { + min_lifetime = "1d"; + max_lifetime = "1y"; + }; + allowed_lifetime_min = "1d"; + allowed_lifetime_max = "1y"; + }; + }; + extraConfigFiles = [ + config.age.secrets.matrix-registration-shared-secret.path + ]; + enableRegistrationScript = true; + }; + + postgresql = { + ensureUsers = [ + { + name = config.services.matrix-synapse.settings.database.args.user; + ensureDBOwnership = true; } ]; - dynamic_thumbnails = true; - max_upload_size = "128M"; - max_image_pixels = "64M"; - - retention = { - enabled = true; - default_policy = { - min_lifetime = "1d"; - max_lifetime = "1y"; - }; - allowed_lifetime_min = "1d"; - allowed_lifetime_max = "1y"; - }; + ensureDatabases = [ + config.services.matrix-synapse.settings.database.args.database + ]; }; - extraConfigFiles = [ - config.age.secrets.matrix-registration-shared-secret.path - ]; - enableRegistrationScript = true; }; }