From 80509191ae7a998f7e8c78a4b87748667d7274ec Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Wed, 19 Mar 2025 23:13:43 +0100
Subject: [PATCH] more monitoring

---
 modules/alloy.nix                             | 27 +++++++++++++------
 systems/monitoring.noc.eh22.intern/mimir.nix  |  8 +++++-
 .../pve-exporter.nix                          | 21 ++++++---------
 3 files changed, 34 insertions(+), 22 deletions(-)

diff --git a/modules/alloy.nix b/modules/alloy.nix
index 74416c2..3a06fba 100644
--- a/modules/alloy.nix
+++ b/modules/alloy.nix
@@ -8,16 +8,16 @@
 {
   sops = {
     secrets."services/loki/basic_auth" = {
-      mode = "0444";
-      owner = "nobody";
-      group = "nobody";
+      mode = "0440";
+      owner = "alloy";
+      group = "alloy";
       restartUnits = [ "alloy.service" ];
       sopsFile = ../secrets/passwords.yaml;
     };
     secrets."services/mimir/basic_auth" = {
-      mode = "0444";
-      owner = "nobody";
-      group = "nobody";
+      mode = "0440";
+      owner = "alloy";
+      group = "alloy";
       restartUnits = [ "alloy.service" ];
       sopsFile = ../secrets/passwords.yaml;
     };
@@ -27,6 +27,18 @@
     enable = true;
   };
 
+  users = {
+    users.alloy = {
+      isSystemUser = true;
+      group = "alloy";
+    };
+    groups.alloy = { };
+  };
+
+  systemd.services."alloy".serviceConfig = {
+    DynamicUser = lib.mkForce false;
+  };
+
   environment.etc."alloy/config.alloy" = {
     text = ''
       prometheus.remote_write "default" {
@@ -81,8 +93,7 @@
       }
 
       logging {
-        level = "warn"
-        format = "logfmt"
+        level = "info"
       }
 
       prometheus.exporter.unix "local_system" { }
diff --git a/systems/monitoring.noc.eh22.intern/mimir.nix b/systems/monitoring.noc.eh22.intern/mimir.nix
index fb53919..4c51b85 100644
--- a/systems/monitoring.noc.eh22.intern/mimir.nix
+++ b/systems/monitoring.noc.eh22.intern/mimir.nix
@@ -62,13 +62,19 @@ in
           instance_addr = "127.0.0.1";
         };
       };
+      
+      ruler = {
+        ring = {
+          instance_addr = "127.0.0.1";
+        };
+      };
       ruler_storage = {
         backend = "local";
         local.directory = alerts;
       };
 
       memberlist = {
-        bind_addr = ["127.0.0.1"];
+        bind_addr = [ "127.0.0.1" ];
       };
     };
   };
diff --git a/systems/monitoring.noc.eh22.intern/pve-exporter.nix b/systems/monitoring.noc.eh22.intern/pve-exporter.nix
index 302813c..c660b73 100644
--- a/systems/monitoring.noc.eh22.intern/pve-exporter.nix
+++ b/systems/monitoring.noc.eh22.intern/pve-exporter.nix
@@ -30,29 +30,24 @@
 
   environment.etc."alloy/pve.alloy" = {
     text = ''
-      prometheus.scrape "example" {
-        // Collect metrics from the default listen address.
+      prometheus.scrape "noc_pve" {
         targets = [{
           __address__ = "127.0.0.1:9221",
           __scheme__ = "http",
-          __metrics_path__ = "pve",
-          __param_target__ = "94.45.255.1",
         }]
 
+        metrics_path = "/pve"
+        params = {
+          "target"  = ["94.45.255.1"],
+          "module"  = ["default"],
+        }
+
+        scrape_interval = "10s"
         forward_to = [prometheus.relabel.pve.receiver]
       }
 
       prometheus.relabel "pve" {
         forward_to = [prometheus.remote_write.default.receiver]
-
-        rule {
-          source_labels = [ "__param_target" ]
-          target_label = "instance"
-        }
-        rule { 
-          target_label = "__address__"
-          replacement = "pve-exporter"
-        }
       }
     '';
   };