Merge pull request 'dashboard/alerts' (#1) from dashboard/alerts into main

Reviewed-on: #1
2024-03-26 14:57:48 +01:00 · 2024-03-26 14:57:48 +01:00 · 27b2ea9120
parent 82dfea8f7c 3c830bc6c4
commit 27b2ea9120
7 changed files with 353 additions and 0 deletions
--- a/nixos/server/package-configs/dashboard/default.nix
+++ b/nixos/server/package-configs/dashboard/default.nix
@ -0,0 +1,14 @@
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./grafana
+    #./loki
+    ./prometheus
+  ];
+}
--- a/nixos/server/package-configs/dashboard/grafana/default.nix
+++ b/nixos/server/package-configs/dashboard/grafana/default.nix
@ -0,0 +1,48 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  # grafana configuration
+  services.grafana = {
+    enable = true;
+    settings.server = {
+      domain = "grafana.lillianviolet.dev";
+      http_port = 2342;
+      http_addr = "127.0.0.1";
+    };
+    provision = {
+      datasources.settings = {
+        apiVersion = 1;
+        datasources = [
+          {
+            name = "Prometheus";
+            type = "prometheus";
+            access = "proxy";
+            url = "http://localhost:${toString config.services.prometheus.port}";
+            isDefault = true;
+          }
+          # {
+          #   name = "Loki";
+          #   type = "loki";
+          #   access = "proxy";
+          #   url = "http://localhost:${config.services.loki.port}";
+          #   isDefault = true;
+          # }
+        ];
+      };
+    };
+  };
+
+  # nginx reverse proxy
+  services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = {
+    ## Force HTTP redirect to HTTPS
+    forceSSL = true;
+    ## LetsEncrypt
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
+      proxyWebsockets = true;
+    };
+  };
+}
--- a/nixos/server/package-configs/dashboard/loki/default.nix
+++ b/nixos/server/package-configs/dashboard/loki/default.nix
@ -0,0 +1,10 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services.loki = {
+    enable = true;
+    configFile = ./loki.yaml;
+  };
+}
--- a/nixos/server/package-configs/dashboard/loki/loki.yaml
+++ b/nixos/server/package-configs/dashboard/loki/loki.yaml
@ -0,0 +1,40 @@
+# Enables authentication through the X-Scope-OrgID header, which must be present
+# if true. If false, the OrgID will always be set to "fake".
+auth_enabled: false
+
+server:
+  http_listen_address: "0.0.0.0"
+  http_listen_port: 3100
+
+ingester:
+  lifecycler:
+    address: "127.0.0.1"
+    ring:
+      kvstore:
+        store: inmemory
+      replication_factor: 1
+    final_sleep: 0s
+  chunk_idle_period: 5m
+  chunk_retain_period: 30s
+
+schema_config:
+  configs:
+  - from: 2020-05-15
+    store: boltdb
+    object_store: filesystem
+    schema: v11
+    index:
+      prefix: index_
+      period: 168h
+
+storage_config:
+  boltdb:
+    directory: /tmp/loki/index
+
+  filesystem:
+    directory: /tmp/loki/chunks
+
+limits_config:
+  enforce_metric_name: false
+  reject_old_samples: true
+  reject_old_samples_max_age: 168h
--- a/nixos/server/package-configs/dashboard/prometheus/default.nix
+++ b/nixos/server/package-configs/dashboard/prometheus/default.nix
@ -0,0 +1,38 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services.prometheus = {
+    enable = true;
+    port = 9001;
+    # Export the current system metrics
+    exporters = {
+      node = {
+        enable = true;
+        enabledCollectors = ["systemd"];
+        port = 9002;
+      };
+    };
+    scrapeConfigs = [
+      # Scrape the current system
+      {
+        job_name = "GrafanaService system";
+        static_configs = [
+          {
+            targets = ["127.0.0.1:9002"];
+          }
+        ];
+      }
+      # Scrape the Loki service
+      # {
+      #   job_name = "Loki service";
+      #   static_configs = [
+      #     {
+      #       targets = ["127.0.0.1:3100"];
+      #     }
+      #   ];
+      # }
+    ];
+  };
+}
--- a/nixos/server/package-configs/default.nix
+++ b/nixos/server/package-configs/default.nix
@ -15,5 +15,6 @@
    ./postgres
    ./roundcube
    ./coturn
+    ./dashboard
  ];
 }
--- a/pkgs/fcast/default.nix
+++ b/pkgs/fcast/default.nix
@ -0,0 +1,202 @@
+{
+  lib,
+  buildNpmPackage,
+  cargo,
+  copyDesktopItems,
+  dbus,
+  electron_28,
+  fetchFromGitLab,
+  glib,
+  gnome,
+  gtk3,
+  jq,
+  libsecret,
+  makeDesktopItem,
+  makeWrapper,
+  moreutils,
+  napi-rs-cli,
+  nodejs_18,
+  patchutils_0_4_2,
+  pkg-config,
+  python3,
+  runCommand,
+  rustc,
+  rustPlatform,
+}: let
+  description = "A secure and free password manager for all of your devices";
+  icon = "bitwarden";
+  electron = electron_28;
+in
+  buildNpmPackage rec {
+    pname = "bitwarden-desktop";
+    version = "2024.3.0";
+
+    src = fetchFromGitLab {
+      owner = "videostreaming";
+      repo = "fcast";
+      rev = "b13d0f7e8150c279d377a78f89d338b7fc0f5539";
+      hash = "sha256-XEZB95GnfSy/wtTWpF8KlUQwyephUZmSLtbOwbcvd7g=";
+    };
+
+    patches = [
+      ./electron-builder-package-lock.patch
+    ];
+
+    # The nested package-lock.json from upstream is out-of-date, so copy the
+    # lock metadata from the root package-lock.json.
+    postPatch = ''
+      cat {,apps/desktop/src/}package-lock.json \
+        | ${lib.getExe jq} -s '
+          .[1].packages."".dependencies.argon2 = .[0].packages."".dependencies.argon2
+            | .[0].packages."" = .[1].packages.""
+            | .[1].packages = .[0].packages
+            | .[1]
+          ' \
+        | ${moreutils}/bin/sponge apps/desktop/src/package-lock.json
+    '';
+
+    nodejs = nodejs_18;
+
+    makeCacheWritable = true;
+    npmFlags = ["--legacy-peer-deps"];
+    npmWorkspace = "apps/desktop";
+    npmDepsHash = "sha256-EpZXA+GkmHl5eqwIPTGHJZqrpr6k8gXneJG+GXumlkc=";
+
+    cargoDeps = rustPlatform.fetchCargoTarball {
+      name = "${pname}-${version}";
+      inherit src;
+      patches =
+        map
+        (
+          patch:
+            runCommand
+            (builtins.baseNameOf patch)
+            {nativeBuildInputs = [patchutils_0_4_2];}
+            ''
+              < ${patch} filterdiff -p1 --include=${lib.escapeShellArg cargoRoot}'/*' > $out
+            ''
+        )
+        patches;
+      patchFlags = ["-p4"];
+      sourceRoot = "${src.name}/${cargoRoot}";
+      hash = "sha256-qAqEFlUzT28fw6kLB8d7U8yXWevAU+q03zjN2xWsGyI=";
+    };
+    cargoRoot = "apps/desktop/desktop_native";
+
+    env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1";
+
+    nativeBuildInputs = [
+      cargo
+      copyDesktopItems
+      jq
+      makeWrapper
+      moreutils
+      napi-rs-cli
+      pkg-config
+      python3
+      rustc
+      rustPlatform.cargoCheckHook
+      rustPlatform.cargoSetupHook
+    ];
+
+    buildInputs = [
+      glib
+      gtk3
+      libsecret
+    ];
+
+    preBuild = ''
+      if [[ $(jq --raw-output '.devDependencies.electron' < package.json | grep -E --only-matching '^[0-9]+') != ${lib.escapeShellArg (lib.versions.major electron.version)} ]]; then
+        echo 'ERROR: electron version mismatch'
+        exit 1
+      fi
+    '';
+
+    postBuild = ''
+      pushd apps/desktop
+
+      # desktop_native/index.js loads a file of that name regarldess of the libc being used
+      mv desktop_native/desktop_native.* desktop_native/desktop_native.linux-x64-musl.node
+
+      npm exec electron-builder -- \
+        --dir \
+        -c.electronDist=${electron}/libexec/electron \
+        -c.electronVersion=${electron.version}
+
+      popd
+    '';
+
+    doCheck = true;
+
+    nativeCheckInputs = [
+      dbus
+      (gnome.gnome-keyring.override {useWrappedDaemon = false;})
+    ];
+
+    checkFlags = [
+      "--skip=password::password::tests::test"
+    ];
+
+    checkPhase = ''
+      runHook preCheck
+
+      pushd ${cargoRoot}
+      export HOME=$(mktemp -d)
+      export -f cargoCheckHook runHook _eval _callImplicitHook
+      export cargoCheckType=release
+      dbus-run-session \
+        --config-file=${dbus}/share/dbus-1/session.conf \
+        -- bash -e -c cargoCheckHook
+      popd
+
+      runHook postCheck
+    '';
+
+    installPhase = ''
+      runHook preInstall
+
+      mkdir $out
+
+      pushd apps/desktop/dist/linux-unpacked
+      mkdir -p $out/opt/Bitwarden
+      cp -r locales resources{,.pak} $out/opt/Bitwarden
+      popd
+
+      makeWrapper '${electron}/bin/electron' "$out/bin/bitwarden" \
+        --add-flags $out/opt/Bitwarden/resources/app.asar \
+        --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
+        --set-default ELECTRON_IS_DEV 0 \
+        --inherit-argv0
+
+      pushd apps/desktop/resources/icons
+      for icon in *.png; do
+        dir=$out/share/icons/hicolor/"''${icon%.png}"/apps
+        mkdir -p "$dir"
+        cp "$icon" "$dir"/${icon}.png
+      done
+      popd
+
+      runHook postInstall
+    '';
+
+    desktopItems = [
+      (makeDesktopItem {
+        name = "bitwarden";
+        exec = "bitwarden %U";
+        inherit icon;
+        comment = description;
+        desktopName = "Bitwarden";
+        categories = ["Utility"];
+      })
+    ];
+
+    meta = {
+      changelog = "https://github.com/bitwarden/clients/releases/tag/${src.rev}";
+      inherit description;
+      homepage = "https://bitwarden.com";
+      license = lib.licenses.gpl3;
+      maintainers = with lib.maintainers; [amarshall kiwi];
+      platforms = ["x86_64-linux"];
+      mainProgram = "bitwarden";
+    };
+  }