feat(gs/mugwump): Add prometheus+grafana
Add config for prometheus+grafana to mugwump, served at metrics.gws.fyi with an Acme SSL cert. Change-Id: Icc22b5079a24edbc4469233e938f926d92f63eb3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2024 Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
This commit is contained in:
parent
bc8bac74d7
commit
ca4d698cb0
1 changed files with 77 additions and 2 deletions
|
@ -1,9 +1,10 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../modules/common.nix
|
../modules/common.nix
|
||||||
../modules/tvl.nix
|
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -52,7 +53,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.enable = true;
|
networking.firewall.enable = true;
|
||||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
|
||||||
|
|
||||||
security.sudo.extraRules = [{
|
security.sudo.extraRules = [{
|
||||||
groups = ["wheel"];
|
groups = ["wheel"];
|
||||||
|
@ -71,4 +72,78 @@
|
||||||
passwordAuthentication = false;
|
passwordAuthentication = false;
|
||||||
permitRootLogin = "no";
|
permitRootLogin = "no";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.grafana = {
|
||||||
|
enable = true;
|
||||||
|
port = 3000;
|
||||||
|
domain = "metrics.gws.fyi";
|
||||||
|
rootUrl = "https://metrics.gws.fyi";
|
||||||
|
dataDir = "/var/lib/grafana";
|
||||||
|
analytics.reporting.enable = false;
|
||||||
|
|
||||||
|
provision = {
|
||||||
|
enable = true;
|
||||||
|
datasources = [{
|
||||||
|
name = "Prometheus";
|
||||||
|
type = "prometheus";
|
||||||
|
url = "localhost:9090";
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
security.acme.email = "root@gws.fyi";
|
||||||
|
security.acme.acceptTerms = true;
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
|
||||||
|
virtualHosts = {
|
||||||
|
"metrics.gws.fyi" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://localhost:${toString config.services.grafana.port}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.prometheus = {
|
||||||
|
enable = true;
|
||||||
|
exporters = {
|
||||||
|
node = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = false;
|
||||||
|
|
||||||
|
enabledCollectors = [
|
||||||
|
"processes"
|
||||||
|
"systemd"
|
||||||
|
"tcpstat"
|
||||||
|
"wifi"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
nginx = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
scrapeConfigs = [{
|
||||||
|
job_name = "node";
|
||||||
|
scrape_interval = "5s";
|
||||||
|
static_configs = [{
|
||||||
|
targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"];
|
||||||
|
}];
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
|
||||||
|
security.acme.certs."metrics.gws.fyi" = {
|
||||||
|
dnsProvider = "namecheap";
|
||||||
|
credentialsFile = "/etc/secrets/namecheap.env";
|
||||||
|
webroot = mkForce null;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue