add metrics

flake.nix

@@ -51,13 +51,42 @@
                 owner = "root";
                 group = "root";
               };
+              matrix_registration_shared_secret = {
+                file = ./secrets/matrix_registration_shared_secret.age;
+                mode = "440";
+                owner = "matrix-synapse";
+                group = "matrix-synapse";
+              };
+              matrix_signing_key = {
+                file = ./secrets/matrix_signing_key.age;
+                mode = "440";
+                owner = "matrix-synapse";
+                group = "matrix-synapse";
+              };
+              grafana_secret_key = {
+                file = ./secrets/grafana_secret_key.age;
+                mode = "440";
+                owner = "grafana";
+                group = "grafana";
+              };
+              grafana_admin_password = {
+                file = ./secrets/grafana_admin_password.age;
+                mode = "440";
+                owner = "grafana";
+                group = "grafana";
+              };
             };
           }
           ./configuration.nix
+
           ./services/nginx.nix
           ./services/postgres.nix
+
           ./services/synapse.nix
           ./services/draupnir.nix
+
+          ./services/prometheus.nix
+          ./services/grafana.nix
         ];
       };
     };

services/grafana.nix

@@ -0,0 +1,56 @@
+{ ... }:
+
+{
+  services = {
+    grafana = {
+      enable = true;
+      settings = {
+        server.http_addr = "::1";
+        database = {
+          type = "postgres";
+          name = "grafana";
+          user = "grafana";
+          host = "/run/postgresql";
+        };
+        security = {
+          secret_key = "$__file{${config.age.secrets.grafana_secret_key.path}}";
+          admin_user = "xengi";
+          admin_password = "$__file{${config.age.secrets.grafana_admin_password.path}}";
+          admin_email = "grafana@xengi.de";
+        };
+        analytics = {
+          reporting_enabled = false;
+          feedback_links_enabled = false;
+        };
+      };
+      provision = {
+        enable = true;
+        datasources.settings.datasources = [
+          {
+            name = "Prometheus";
+            type = "prometheus";
+            url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}";
+            jsonData = {
+              httpMethod = "GET";
+              prometheusType = "Prometheus";
+              cacheLevel = "High";
+            };
+          }
+        ];
+      };
+    };
+
+    postgresql = {
+      ensureUsers = [
+        {
+          name = config.services.grafana.settings.database.user;
+          ensureDBOwnership = true;
+        }
+      ];
+      ensureDatabases = [
+        config.services.grafana.settings.database.name
+      ];
+    };
+  };
+}
+

services/nginx.nix

@@ -20,9 +20,9 @@ in
       kTLS = true;
       forceSSL = true;
       useACMEHost = fqdn;
-      #enableACME = true;
       locations = {
-        "/.well-known/matrix/client" = {
+        "/".return = "418 \"I'm a Teapot!\"";
+        "= /.well-known/matrix/client" = {
           return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.berlin.ccc.de\"}}'";
           extraConfig = ''
             default_type application/json;
@@ -31,25 +31,16 @@ in
         };
         "~ ^(/_matrix|/_synapse/client)" {
           recommendedProxySettings = true;
-          proxyPass = "unix:/run/matrix-synapse.sock";
+          proxyPass = "http://[::1]:8008";
-          extraConfig = ''
-            proxy_set_header X-Request-ID $request_id;
-          '';
-        };
-        "/" = {
-          return = "418 \"I'm a Teapot!\"";
-        };
           extraConfig = ''
             client_max_body_size 64M;
-        '';
+            proxy_set_header X-Request-ID $request_id;
-      };
-      extraConfig = ''
             proxy_http_version 1.1;
           '';
         };
       };
-
-  security.acme.certs."${fqdn}" = {
-    reloadServices = ["nginx"];
     };
+  };
+
+  security.acme.certs."${fqdn}".reloadServices = ["nginx"];
 }

services/postgres.nix

@@ -1,15 +1,8 @@
-{ config, ... }:
+{ ... }:
 
 {
   services.postgresql = {
     enable = true;
     enableJIT = true;
-    ensureUsers = [
-      {
-        name = config.services.matrix-synapse.settings.database.args.user;
-        ensureDBOwnership = true;
-      }
-    ];
-    ensureDatabases = [ config.services.matrix-synapse.settings.database.args.database ];
   };
 }

services/prometheus.nix

@@ -0,0 +1,66 @@
+{ pkgs, ... }:
+
+{
+  services.prometheus = {
+    enable = true;
+    retentionTime = "14d";
+    listenAddress = "[::1]";
+    exporters = {
+      #node = {};
+      #nginx = {};
+      #postgres = {};
+    };
+    scrapeConfigs = [
+      {
+         job_name = "synapse";
+        scrape_interval = "15s";
+        static_configs = [
+          {
+            targets = ["[::1]:9009"];
+          }
+        ];
+      }
+    ];
+    ruleFiles = [
+      # https://github.com/element-hq/synapse/tree/master/contrib/prometheus
+      (pkgs.writeText "prom-synapse-rules.yaml" ''
+        groups:
+        - name: synapse
+          rules:
+          - record: 'synapse_federation_client_sent'
+            labels:
+              type: "EDU"
+            expr: 'synapse_federation_client_sent_edus_total + 0'
+          - record: 'synapse_federation_client_sent'
+            labels:
+              type: "PDU"
+            expr: 'synapse_federation_client_sent_pdu_destinations_count_total + 0'
+          - record: 'synapse_federation_client_sent'
+            labels:
+              type: "Query"
+            expr: 'sum(synapse_federation_client_sent_queries) by (job)'
+          - record: 'synapse_federation_server_received'
+            labels:
+              type: "EDU"
+            expr: 'synapse_federation_server_received_edus_total + 0'
+          - record: 'synapse_federation_server_received'
+            labels:
+              type: "PDU"
+            expr: 'synapse_federation_server_received_pdus_total + 0'
+          - record: 'synapse_federation_server_received'
+            labels:
+              type: "Query"
+            expr: 'sum(synapse_federation_server_received_queries) by (job)'
+          - record: 'synapse_federation_transaction_queue_pending'
+            labels:
+              type: "EDU"
+            expr: 'synapse_federation_transaction_queue_pending_edus + 0'
+          - record: 'synapse_federation_transaction_queue_pending'
+            labels:
+              type: "PDU"
+            expr: 'synapse_federation_transaction_queue_pending_pdus + 0'
+      '')
+    ];
+  };
+}
+

services/synapse.nix

@@ -4,18 +4,27 @@ let
   domain = "berlin.ccc.de";
 in
 {
-  services.matrix-synapse = {
+  services = {
-    enable = false;
+    matrix-synapse = {
+      enable = true;
       settings = {
         server_name = domain;
         public_baseurl = "https://matrix.${domain}:443/";
         #signing_key_path = config.age.secrets.signing_key.path; # "/var/lib/matrix-synapse/homeserver.signing.key"
-      database.name = "psycopg2";
+        database = {
+          name = "psycopg2";
+          args = {
+            user = "matrix-synapse";
+            database = "matrix-synapse";
+          };
+        };
         listeners = [
           {
-          path = "/run/matrix-synapse.sock";
+            type = "http";
             x_forwarded = true;
-          request_id_header = "X-Request-ID";
+            tls = false;
+            port = 8008;
+            bind_addresses = [ "::1" ];
             resources = [
               {
                 compress = false;
@@ -26,7 +35,17 @@ in
               }
             ];
           }
+          {
+            type = "metrics";
+            port = 9009;
+            bind_addresses = [ "::1" ];
+            resources = [{
+              compress = false;
+              names = [ "metrics" ];
+            }];
+          }
         ];
+        enable_metrics = true;
         dynamic_thumbnails = true;
         max_upload_size = "128M";
         max_image_pixels = "64M";
@@ -46,4 +65,17 @@ in
       ];
       enableRegistrationScript = true;
     };
+
+    postgresql = {
+      ensureUsers = [
+        {
+          name = config.services.matrix-synapse.settings.database.args.user;
+          ensureDBOwnership = true;
+        }
+      ];
+      ensureDatabases = [
+        config.services.matrix-synapse.settings.database.args.database
+      ];
+    };
+  };
 }