machines/nixos/vault01/_configuration.nix

@@ -12,6 +12,7 @@ lib.extra.mkConfig {
   enabledServices = [
     # List of services to enable
     "k-radius"
+    "monitoring"
     "networking"
     "ups"
     "ulogd"

machines/nixos/vault01/monitoring/default.nix

@@ -0,0 +1,9 @@
+# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+{
+  imports = [
+    ./victorialogs.nix
+  ];
+}

machines/nixos/vault01/monitoring/victorialogs.nix

@@ -0,0 +1,37 @@
+# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+{ meta, ... }:
+
+let
+  port = 9428;
+in
+
+{
+  services = {
+    nginx = {
+      enable = true;
+      streamConfig = ''
+        server {
+          listen 10.0.253.1:${toString port};
+          listen ${meta.network.vault01.netbirdIp}:${toString port};
+          proxy_pass 127.0.0.1:${toString port};
+        }
+      '';
+    };
+    victorialogs = {
+      enable = true;
+
+      flags = {
+        retentionPeriod = "52w";
+        httpListenAddr = "127.0.0.1:${builtins.toString port}";
+      };
+    };
+  };
+
+  networking.firewall.interfaces = {
+    wt0.allowedTCPPorts = [ port ];
+    vlan-admin-ap.allowedTCPPorts = [ port ];
+  };
+}