feat(vault01): Deploy victorialogs to prepare the collect of the AP logs

machines/nixos/vault01/_configuration.nix

@@ -12,6 +12,7 @@ lib.extra.mkConfig {
   enabledServices = [
     # List of services to enable
     "k-radius"
+    "monitoring"
     "networking"
     "ups"
     "ulogd"

machines/nixos/vault01/monitoring/default.nix

@@ -0,0 +1,9 @@
+# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+{
+  imports = [
+    ./victorialogs.nix
+  ];
+}

machines/nixos/vault01/monitoring/victorialogs.nix

@@ -0,0 +1,22 @@
+# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+let
+  port = 9428;
+in
+
+{
+  services.victorialogs = {
+    enable = true;
+
+    flags = {
+      retentionPeriod = "52w";
+      # FIXME: We need to listen so that we are available for both the APs and the grafana
+      httpListenAddr = "0.0.0.0:${builtins.toString port}";
+    };
+  };
+
+  # FIXME: @catvayor please do a nft rule to open the firewall on the AP-facing interfaces
+  networking.firewall.interfaces.wt0.allowedTCPPorts = [ port ];
+}