xengi/infra
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add metrics

Browse source
This commit is contained in:
XenGi 2025-11-30 16:09:05 +01:00
parent 79c5c57629
commit 1612f5e511
Signed by: xengi
SSH key fingerprint: SHA256:dM+fLZGsDvyv6kunjE8bGduL24VsCFB4LEOSdmRHdG0
6 changed files with 227 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

29
flake.nix
View file

@ -51,13 +51,42 @@
owner = "root"; owner = "root";
group = "root"; group = "root";
}; };
matrix_registration_shared_secret = {
file = ./secrets/matrix_registration_shared_secret.age;
mode = "440";
owner = "matrix-synapse";
group = "matrix-synapse";
};
matrix_signing_key = {
file = ./secrets/matrix_signing_key.age;
mode = "440";
owner = "matrix-synapse";
group = "matrix-synapse";
};
grafana_secret_key = {
file = ./secrets/grafana_secret_key.age;
mode = "440";
owner = "grafana";
group = "grafana";
};
grafana_admin_password = {
file = ./secrets/grafana_admin_password.age;
mode = "440";
owner = "grafana";
group = "grafana";
};
}; };
} }
./configuration.nix ./configuration.nix
./services/nginx.nix ./services/nginx.nix
./services/postgres.nix ./services/postgres.nix
./services/synapse.nix ./services/synapse.nix
./services/draupnir.nix ./services/draupnir.nix
./services/prometheus.nix
./services/grafana.nix
]; ];
}; };
}; };

56
services/grafana.nix Normal file
View file

@ -0,0 +1,56 @@
{ ... }:
{
services = {
grafana = {
enable = true;
settings = {
server.http_addr = "::1";
database = {
type = "postgres";
name = "grafana";
user = "grafana";
host = "/run/postgresql";
};
security = {
secret_key = "$__file{${config.age.secrets.grafana_secret_key.path}}";
admin_user = "xengi";
admin_password = "$__file{${config.age.secrets.grafana_admin_password.path}}";
admin_email = "grafana@xengi.de";
};
analytics = {
reporting_enabled = false;
feedback_links_enabled = false;
};
};
provision = {
enable = true;
datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}";
jsonData = {
httpMethod = "GET";
prometheusType = "Prometheus";
cacheLevel = "High";
};
}
];
};
};
postgresql = {
ensureUsers = [
{
name = config.services.grafana.settings.database.user;
ensureDBOwnership = true;
}
];
ensureDatabases = [
config.services.grafana.settings.database.name
];
};
};
}

21
services/nginx.nix
View file

@ -20,9 +20,9 @@ in
kTLS = true; kTLS = true;
forceSSL = true; forceSSL = true;
useACMEHost = fqdn; useACMEHost = fqdn;
#enableACME = true;
locations = { locations = {
"/.well-known/matrix/client" = { "/".return = "418 \"I'm a Teapot!\"";
"= /.well-known/matrix/client" = {
return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.berlin.ccc.de\"}}'"; return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.berlin.ccc.de\"}}'";
extraConfig = '' extraConfig = ''
default_type application/json; default_type application/json;
@ -31,25 +31,16 @@ in
}; };
"~ ^(/_matrix|/_synapse/client)" { "~ ^(/_matrix|/_synapse/client)" {
recommendedProxySettings = true; recommendedProxySettings = true;
proxyPass = "unix:/run/matrix-synapse.sock"; proxyPass = "http://[::1]:8008";
extraConfig = '' extraConfig = ''
client_max_body_size 64M;
proxy_set_header X-Request-ID $request_id; proxy_set_header X-Request-ID $request_id;
proxy_http_version 1.1;
''; '';
}; };
"/" = {
return = "418 \"I'm a Teapot!\"";
};
extraConfig = ''
client_max_body_size 64M;
'';
}; };
extraConfig = ''
proxy_http_version 1.1;
'';
}; };
}; };
security.acme.certs."${fqdn}" = { security.acme.certs."${fqdn}".reloadServices = ["nginx"];
reloadServices = ["nginx"];
};
} }

9
services/postgres.nix
View file

@ -1,15 +1,8 @@
{ config, ... }: { ... }:
{ {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
enableJIT = true; enableJIT = true;
ensureUsers = [
{
name = config.services.matrix-synapse.settings.database.args.user;
ensureDBOwnership = true;
}
];
ensureDatabases = [ config.services.matrix-synapse.settings.database.args.database ];
}; };
} }

66
services/prometheus.nix Normal file
View file

@ -0,0 +1,66 @@
{ pkgs, ... }:
{
services.prometheus = {
enable = true;
retentionTime = "14d";
listenAddress = "[::1]";
exporters = {
#node = {};
#nginx = {};
#postgres = {};
};
scrapeConfigs = [
{
job_name = "synapse";
scrape_interval = "15s";
static_configs = [
{
targets = ["[::1]:9009"];
}
];
}
];
ruleFiles = [
# https://github.com/element-hq/synapse/tree/master/contrib/prometheus
(pkgs.writeText "prom-synapse-rules.yaml" ''
groups:
- name: synapse
rules:
- record: 'synapse_federation_client_sent'
labels:
type: "EDU"
expr: 'synapse_federation_client_sent_edus_total + 0'
- record: 'synapse_federation_client_sent'
labels:
type: "PDU"
expr: 'synapse_federation_client_sent_pdu_destinations_count_total + 0'
- record: 'synapse_federation_client_sent'
labels:
type: "Query"
expr: 'sum(synapse_federation_client_sent_queries) by (job)'
- record: 'synapse_federation_server_received'
labels:
type: "EDU"
expr: 'synapse_federation_server_received_edus_total + 0'
- record: 'synapse_federation_server_received'
labels:
type: "PDU"
expr: 'synapse_federation_server_received_pdus_total + 0'
- record: 'synapse_federation_server_received'
labels:
type: "Query"
expr: 'sum(synapse_federation_server_received_queries) by (job)'
- record: 'synapse_federation_transaction_queue_pending'
labels:
type: "EDU"
expr: 'synapse_federation_transaction_queue_pending_edus + 0'
- record: 'synapse_federation_transaction_queue_pending'
labels:
type: "PDU"
expr: 'synapse_federation_transaction_queue_pending_pdus + 0'
'')
];
};
}

106
services/synapse.nix
View file

@ -4,46 +4,78 @@ let
domain = "berlin.ccc.de"; domain = "berlin.ccc.de";
in in
{ {
services.matrix-synapse = { services = {
enable = false; matrix-synapse = {
settings = { enable = true;
server_name = domain; settings = {
public_baseurl = "https://matrix.${domain}:443/"; server_name = domain;
#signing_key_path = config.age.secrets.signing_key.path; # "/var/lib/matrix-synapse/homeserver.signing.key" public_baseurl = "https://matrix.${domain}:443/";
database.name = "psycopg2"; #signing_key_path = config.age.secrets.signing_key.path; # "/var/lib/matrix-synapse/homeserver.signing.key"
listeners = [ database = {
{ name = "psycopg2";
path = "/run/matrix-synapse.sock"; args = {
x_forwarded = true; user = "matrix-synapse";
request_id_header = "X-Request-ID"; database = "matrix-synapse";
resources = [ };
{ };
listeners = [
{
type = "http";
x_forwarded = true;
tls = false;
port = 8008;
bind_addresses = [ "::1" ];
resources = [
{
compress = false;
names = [
"client"
"federation"
];
}
];
}
{
type = "metrics";
port = 9009;
bind_addresses = [ "::1" ];
resources = [{
compress = false; compress = false;
names = [ names = [ "metrics" ];
"client" }];
"federation" }
]; ];
} enable_metrics = true;
]; dynamic_thumbnails = true;
max_upload_size = "128M";
max_image_pixels = "64M";
retention = {
enabled = true;
default_policy = {
min_lifetime = "1d";
max_lifetime = "1y";
};
allowed_lifetime_min = "1d";
allowed_lifetime_max = "1y";
};
};
extraConfigFiles = [
config.age.secrets.matrix-registration-shared-secret.path
];
enableRegistrationScript = true;
};
postgresql = {
ensureUsers = [
{
name = config.services.matrix-synapse.settings.database.args.user;
ensureDBOwnership = true;
} }
]; ];
dynamic_thumbnails = true; ensureDatabases = [
max_upload_size = "128M"; config.services.matrix-synapse.settings.database.args.database
max_image_pixels = "64M"; ];
retention = {
enabled = true;
default_policy = {
min_lifetime = "1d";
max_lifetime = "1y";
};
allowed_lifetime_min = "1d";
allowed_lifetime_max = "1y";
};
}; };
extraConfigFiles = [
config.age.secrets.matrix-registration-shared-secret.path
];
enableRegistrationScript = true;
}; };
} }