feat(whitby): Enable Grafana at status.tvl.su

Enables a Grafana service pointing to whitby's local Prometheus instance, accessible at status.tvl.su. I've no idea how to configure Grafana and if it's possible to link it to CAS, but we'll see about that later. Notes: * the explicit fixpoint for whitby config has been removed as we have the `config` parameter available now * backups are enabled for the Grafana storage location Change-Id: If5ffe0c1a3378d1c88529129487c643642705fd2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2948 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-04-12 17:59:51 +02:00 · 2021-04-12 17:59:51 +02:00 · da5512f2e9
commit da5512f2e9
parent f520bd40ca
2 changed files with 47 additions and 4 deletions
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@ -4,7 +4,7 @@
 let
  inherit (builtins) listToAttrs;
  inherit (lib) range;
-in lib.fix(self: {
+in {
  imports = [
    "${depot.path}/ops/modules/clbot.nix"
    "${depot.path}/ops/modules/irccat.nix"
@ -22,6 +22,7 @@ in lib.fix(self: {
    "${depot.path}/ops/modules/www/code.tvl.fyi.nix"
    "${depot.path}/ops/modules/www/cs.tvl.fyi.nix"
    "${depot.path}/ops/modules/www/login.tvl.fyi.nix"
+    "${depot.path}/ops/modules/www/status.tvl.su.nix"
    "${depot.path}/ops/modules/www/tazj.in.nix"
    "${depot.path}/ops/modules/www/todo.tvl.fyi.nix"
    "${depot.path}/ops/modules/www/tvl.fyi.nix"
@ -140,7 +141,7 @@ in lib.fix(self: {
  # above (otherwise DHCP overwrites it):
  environment.etc."resolv.conf" = with lib; {
    source = pkgs.writeText "resolv.conf" ''
-      ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") self.networking.nameservers)}
+      ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") config.networking.nameservers)}
      options edns0
    '';
  };
@ -331,7 +332,7 @@ in lib.fix(self: {
  # Regularly back up whitby to Google Cloud Storage.
  systemd.services.restic = {
    description = "Backups to Google Cloud Storage";
-    script = "${pkgs.restic}/bin/restic backup /var/lib/gerrit /var/backup/postgresql";
+    script = "${pkgs.restic}/bin/restic backup /var/lib/gerrit /var/backup/postgresql /var/lib/grafana";

    environment = {
      GOOGLE_PROJECT_ID = "tazjins-infrastructure";
@ -380,6 +381,23 @@ in lib.fix(self: {
    }];
  };

+  services.grafana = {
+    enable = true;
+    port = 4723; # "graf" on phone keyboard
+    domain = "status.tvl.su";
+    rootUrl = "https://status.tvl.su";
+    analytics.reporting.enable = false;
+
+    provision = {
+      enable = true;
+      datasources = [{
+        name = "Prometheus";
+        type = "prometheus";
+        url = "http://localhost:9090";
+      }];
+    };
+  };
+
  security.sudo.extraRules = [
    {
      groups = ["wheel"];
@ -479,4 +497,4 @@ in lib.fix(self: {
  };

  system.stateVersion = "20.03";
-})
+}
--- a/ops/modules/www/status.tvl.su.nix
+++ b/ops/modules/www/status.tvl.su.nix
@ -0,0 +1,25 @@
+{ config, ... }:
+
+{
+  imports = [
+    ./base.nix
+  ];
+
+  config = {
+    services.nginx.virtualHosts."status-fyi" = {
+      serverName = "status.tvl.fyi";
+      enableACME = true;
+      extraConfig = "return 302 https://status.tvl.su$request_uri;";
+    };
+
+    services.nginx.virtualHosts.grafana = {
+      serverName = "status.tvl.su";
+      enableACME = true;
+      forceSSL = true;
+
+      locations."/" = {
+        proxyPass = "http://localhost:${toString config.services.grafana.port}";
+      };
+    };
+  };
+}