start refactoring shared code into modules, update the lock, do some other minor fixes

2026-03-12 14:26:14 +01:00 · 2026-03-12 14:26:14 +01:00 · 5527f50a3b
commit 5527f50a3b
parent c2780184c2
43 changed files with 2348 additions and 51 deletions
--- a/modules/nixos/shared-packages/server-settings/dashboard/default.nix
+++ b/modules/nixos/shared-packages/server-settings/dashboard/default.nix
@ -0,0 +1,8 @@
+{...}: {
+  imports = [
+    ./grafana
+    #./loki
+    ./prometheus
+    ./telegraf
+  ];
+}
--- a/modules/nixos/shared-packages/server-settings/dashboard/grafana/default.nix
+++ b/modules/nixos/shared-packages/server-settings/dashboard/grafana/default.nix
@ -0,0 +1,44 @@
+{config, ...}: {
+  # grafana configuration
+  services.grafana = {
+    enable = true;
+    settings.server = {
+      domain = "grafana.lillianviolet.dev";
+      http_port = 2342;
+      http_addr = "127.0.0.1";
+    };
+    provision = {
+      datasources.settings = {
+        apiVersion = 1;
+        datasources = [
+          {
+            name = "Prometheus";
+            type = "prometheus";
+            access = "proxy";
+            url = "http://localhost:${toString config.services.prometheus.port}";
+            isDefault = true;
+          }
+          {
+            name = "Loki";
+            type = "loki";
+            access = "proxy";
+            url = "http://localhost:3100";
+            isDefault = true;
+          }
+        ];
+      };
+    };
+  };
+
+  # nginx reverse proxy
+  services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = {
+    ## Force HTTP redirect to HTTPS
+    forceSSL = true;
+    ## LetsEncrypt
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
+      proxyWebsockets = true;
+    };
+  };
+}
--- a/modules/nixos/shared-packages/server-settings/dashboard/loki/default.nix
+++ b/modules/nixos/shared-packages/server-settings/dashboard/loki/default.nix
@ -0,0 +1,6 @@
+{...}: {
+  services.loki = {
+    enable = true;
+    configFile = ./loki.yaml;
+  };
+}
--- a/modules/nixos/shared-packages/server-settings/dashboard/loki/loki.yaml
+++ b/modules/nixos/shared-packages/server-settings/dashboard/loki/loki.yaml
@ -0,0 +1,40 @@
+# Enables authentication through the X-Scope-OrgID header, which must be present
+# if true. If false, the OrgID will always be set to "fake".
+auth_enabled: false
+
+server:
+  http_listen_address: "0.0.0.0"
+  http_listen_port: 3100
+
+ingester:
+  lifecycler:
+    address: "127.0.0.1"
+    ring:
+      kvstore:
+        store: inmemory
+      replication_factor: 1
+    final_sleep: 0s
+  chunk_idle_period: 5m
+  chunk_retain_period: 30s
+
+schema_config:
+  configs:
+  - from: 2020-05-15
+    store: boltdb
+    object_store: filesystem
+    schema: v11
+    index:
+      prefix: index_
+      period: 168h
+
+storage_config:
+  boltdb:
+    directory: /tmp/loki/index
+
+  filesystem:
+    directory: /tmp/loki/chunks
+
+limits_config:
+  enforce_metric_name: false
+  reject_old_samples: true
+  reject_old_samples_max_age: 168h
--- a/modules/nixos/shared-packages/server-settings/dashboard/prometheus/default.nix
+++ b/modules/nixos/shared-packages/server-settings/dashboard/prometheus/default.nix
@ -0,0 +1,34 @@
+{config, ...}: {
+  services.prometheus = {
+    enable = true;
+    port = 9001;
+    # Export the current system metrics
+    exporters = {
+      node = {
+        enable = true;
+        enabledCollectors = ["systemd"];
+        port = 9002;
+      };
+    };
+    scrapeConfigs = [
+      # Scrape the current system
+      {
+        job_name = "GrafanaService system";
+        static_configs = [
+          {
+            targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"];
+          }
+        ];
+      }
+      # Scrape the Loki service
+      {
+        job_name = "Loki service";
+        static_configs = [
+          {
+            targets = ["127.0.0.1:3100"];
+          }
+        ];
+      }
+    ];
+  };
+}
--- a/modules/nixos/shared-packages/server-settings/dashboard/telegraf/default.nix
+++ b/modules/nixos/shared-packages/server-settings/dashboard/telegraf/default.nix
@ -0,0 +1,49 @@
+{config, ...}: {
+  sops.secrets."grafana-telegraf-key".mode = "0440";
+  sops.secrets."grafana-telegraf-key".owner = config.users.users.telegraf.name;
+  services.telegraf = {
+    enable = true;
+    extraConfig = {
+      agent = {
+        interval = "10s";
+        round_interval = true;
+        metric_batch_size = 1000;
+        metric_buffer_limit = 10000;
+        collection_jitter = "0s";
+        flush_interval = "10s";
+        flush_jitter = "0s";
+        precision = "";
+        debug = false;
+        quiet = false;
+        logfile = "";
+        hostname = "queen";
+        omit_hostname = false;
+      };
+      inputs = {
+        cpu = {
+          percpu = true;
+          totalcpu = true;
+          collect_cpu_time = false;
+          report_active = false;
+          core_tags = false;
+        };
+        disk = {
+          ignore_fs = ["tmpfs" "devtmpfs" "devfs" "overlay" "aufs" "squashfs"];
+        };
+        diskio = {};
+        kernel = {};
+        mem = {};
+        system = {};
+      };
+      outputs = {
+        websocket = {
+          url = "ws://localhost:${toString config.services.prometheus.port}/api/live/push/telegraf";
+          data_format = "influx";
+          headers = {
+            Authorisation = "Bearer glsa_lqpcKV34Pp0d7eIhKN79E2HTwzWWwN4m_fe64e398";
+          };
+        };
+      };
+    };
+  };
+}