From 9e4dec4fc07629ab0aefd5a8283cace317407315 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Wed, 19 Feb 2025 21:45:01 +0100
Subject: [PATCH] feat(vault01): Deploy victorialogs to prepare the collect of
 the AP logs

---
 machines/nixos/vault01/_configuration.nix     |  1 +
 machines/nixos/vault01/monitoring/default.nix |  9 ++++++++
 .../nixos/vault01/monitoring/victorialogs.nix | 22 +++++++++++++++++++
 3 files changed, 32 insertions(+)
 create mode 100644 machines/nixos/vault01/monitoring/default.nix
 create mode 100644 machines/nixos/vault01/monitoring/victorialogs.nix

diff --git a/machines/nixos/vault01/_configuration.nix b/machines/nixos/vault01/_configuration.nix
index 675f96d..962f883 100644
--- a/machines/nixos/vault01/_configuration.nix
+++ b/machines/nixos/vault01/_configuration.nix
@@ -12,6 +12,7 @@ lib.extra.mkConfig {
   enabledServices = [
     # List of services to enable
     "k-radius"
+    "monitoring"
     "networking"
     "ups"
     "ulogd"
diff --git a/machines/nixos/vault01/monitoring/default.nix b/machines/nixos/vault01/monitoring/default.nix
new file mode 100644
index 0000000..aaebd14
--- /dev/null
+++ b/machines/nixos/vault01/monitoring/default.nix
@@ -0,0 +1,9 @@
+# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+{
+  imports = [
+    ./victorialogs.nix
+  ];
+}
diff --git a/machines/nixos/vault01/monitoring/victorialogs.nix b/machines/nixos/vault01/monitoring/victorialogs.nix
new file mode 100644
index 0000000..f945390
--- /dev/null
+++ b/machines/nixos/vault01/monitoring/victorialogs.nix
@@ -0,0 +1,22 @@
+# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+let
+  port = 9428;
+in
+
+{
+  services.victorialogs = {
+    enable = true;
+
+    flags = {
+      retentionPeriod = "52w";
+      # FIXME: We need to listen so that we are available for both the APs and the grafana
+      httpListenAddr = "0.0.0.0:${builtins.toString port}";
+    };
+  };
+
+  # FIXME: @catvayor please do a nft rule to open the firewall on the AP-facing interfaces
+  networking.firewall.interfaces.wt0.allowedTCPPorts = [ port ];
+}