xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

modules/prometheus: refactor

Browse source
This commit is contained in:
xinyangli 2024-11-30 11:25:35 +08:00
parent ebf69d94dd
commit ec63c8b6cc
Signed by: xin
SSH key fingerprint: SHA256:UU5pRTl7NiLFJbWJZa+snLylZSXIz5rgHmwjzv8v4oE
26 changed files with 579 additions and 407 deletions
Download patch file Download diff file Expand all files Collapse all files

54
machines/thorite/default.nix
View file

@ -1,29 +1,41 @@
{ ... }:
{
imports = [
./hardware-configurations.nix
./monitoring.nix
];
networking.hostName = "thorite";
networking.useNetworkd = true;
systemd.network.enable = true;
systemd.network.networks."10-wan" = {
matchConfig.MACAddress = "00:51:d3:21:f3:28";
networkConfig = {
DHCP = "no";
Gateway = "23.165.200.1";
config = {
networking.hostName = "thorite";
networking.useNetworkd = true;
systemd.network.enable = true;
systemd.network.networks."10-wan" = {
matchConfig.MACAddress = "00:51:d3:21:f3:28";
networkConfig = {
DHCP = "no";
Gateway = "23.165.200.1";
DNSSEC = true;
DNSOverTLS = true;
DNS = [
"8.8.8.8#dns.google"
"8.8.4.4#dns.google"
];
};
address = [ "23.165.200.99/24" ];
};
address = [ "23.165.200.99/24" ];
networking.firewall.allowedTCPPorts = [
80
443
];
commonSettings = {
auth.enable = true;
autoupgrade.enable = true;
};
nixpkgs.system = "x86_64-linux";
system.stateVersion = "24.11";
users.users.root.hashedPassword = "$y$j9T$NToEZWJBONjSgRnMd9Ur9/$o6n7a9b8eUILQz4d37oiHCCVnDJ8hZTZt.c.37zFfU.";
};
nixpkgs.system = "x86_64-linux";
system.stateVersion = "24.11";
commonSettings = {
auth.enable = true;
autoupgrade.enable = true;
};
users.users.root.hashedPassword = "$y$j9T$NToEZWJBONjSgRnMd9Ur9/$o6n7a9b8eUILQz4d37oiHCCVnDJ8hZTZt.c.37zFfU.";
}

100
machines/thorite/monitoring.nix Normal file
View file

@ -0,0 +1,100 @@
{ config, my-lib, ... }:
with my-lib;
{
config = {
sops = {
defaultSopsFile = ./secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets = {
"grafana/oauth_secret" = {
owner = "grafana";
};
};
};
custom.monitoring = {
grafana.enable = true;
};
services.caddy.virtualHosts."https://grafana.xinyang.life".extraConfig =
with config.services.grafana.settings.server; ''
reverse_proxy http://${http_addr}:${toString http_port}
'';
custom.prometheus = {
enable = true;
exporters = {
enable = true;
blackbox.enable = true;
node.enable = true;
};
ruleModules = (mkCaddyRules [ { host = "thorite"; } ]) ++ (mkNodeRules [ { host = "thorite"; } ]);
};
services.prometheus.scrapeConfigs =
let
probeList = [
"la-00.video.namely.icu:8080"
"fre-00.video.namely.icu:8080"
"hk-00.video.namely.icu:8080"
"49.13.13.122:443"
"45.142.178.32:22"
"home.xinyang.life:8000"
];
in
(mkScrapes [
{
name = "immich";
scheme = "http";
address = "weilite.coho-tet.ts.net";
port = 8082;
}
{
name = "gotosocial";
address = "xinyang.life";
}
{
name = "miniflux";
address = "rss.xinyang.life";
}
{
name = "ntfy";
address = "ntfy.xinyang.life";
}
{
name = "grafana-eu";
address = "grafana.xinyang.life";
}
])
++ (mkCaddyScrapes [
{ address = "thorite.coho-tet.ts.net"; }
])
++ (mkNodeScrapes [
{ address = "thorite.coho-tet.ts.net"; }
{ address = "massicot.coho-tet.ts.net"; }
{ address = "weilite.coho-tet.ts.net"; }
{ address = "hk-00.coho-tet.ts.net"; }
{ address = "la-00.coho-tet.ts.net"; }
{ address = "fra-00.coho-tet.ts.net"; }
])
++ (mkBlackboxScrapes [
{
hostAddress = "thorite.coho-tet.ts.net";
targetAddresses = probeList;
}
{
hostAddress = "massicot.coho-tet.ts.net";
targetAddresses = probeList;
}
{
hostAddress = "weilite.coho-tet.ts.net";
targetAddresses = [
"la-00.video.namely.icu:8080"
"fre-00.video.namely.icu:8080"
"hk-00.video.namely.icu:8080"
];
}
]);
};
}

31
machines/thorite/secrets.yaml Normal file
View file

@ -0,0 +1,31 @@
grafana:
oauth_secret: ENC[AES256_GCM,data:angZR3sl8vGcbAXyKFBvCSm+YhF5OooCcxRiSxR2zBoXMz5wv5/uMJFynwOTRVI6,iv:hVpOlM89lNbK6AsGf4Is/tLv3xPfg/XdtA8vuEK52L8=,tag:zCER+IdRnTcG2WHQ/AhxZA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoTXRtTlRES3V4MGhZaGdr
aXJ4UFNDT0Nrb0ZuWEkxUEFDU2orbzNBSVhVCkh2VitqMGwwOVdhMFJIeWU1eTgw
UVdxY0tLVDJNVnRnQmMyS0FPYS9LVmMKLS0tIEZaMTdIMU5SQUkxL2NFK2Jtbm9v
YVR3RHpDR3F2aFlCWGd5TjNOV2p4YzgK8OKpwcvTK/0j+kQCo0+8n6sQ5Pu9t9xZ
lPWeUGk1BudsyCqgIZWF5iXfu1pJnYq1XEAM0ttJl402xKeqIovM0Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age12ng08vjx5jde5ncqutwkd5vm4ygfwy33mzhzwe0lkxzglulgpqusc89r96
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYk1NTlhsYW8xbFppNTBE
WlJmNzhnclBoVENXa1cvcHY5NGdRZVAzV0FJClpsTHpTeG9CK3J2ZFEreG1BTWpG
WjdaYzlLQnU0LzJLSDBZZ2pvOWdvSEkKLS0tIExRT0p1aCttZG5MMW14emJmRk5w
M2pqMUJoMGlBZnpBaVBUTFFRZUMzb2sKrlWy26Cv55/8XQEl9hee8P29uj582sIx
mUjaYE0U2qOP9bklXUQyyzQjfkBLWTLc1PTX9BjqOOsqXwkRQIYppA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-28T17:02:03Z"
mac: ENC[AES256_GCM,data:14FOUXuKP+8+sad1UlhBW37fWzmutpyn6d4q2qKtBiOyT5ivHunFHJfHrtX83X2fLDmUfiD42bXf+rYfdtKzVUmQ6vutCUQk+Hal8NElhjcq5Ns5kT4VZRKG7/ya9+eNEEkajtq/7OFEM5KOQKTKjyOBqBq/AdYQ+ni9r45c1sM=,iv:WrdWSfrZrGalZO4WGk3JpgACY7W0odt3vP+pRkMXHfA=,tag:jeRBfR2QYjLBylOLHxU3hQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1