EH22/nox
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

monitoring: move alloy to nix module

Browse source
This commit is contained in:
chris 2025-03-14 19:36:54 +01:00
parent 9590463580
commit fa61e32fca
Signed by: c6ristian
SSH key fingerprint: SHA256:B3m+yzpaxGXSEcDBpPHfvza/DNC0wuX+CKMeGq8wgak
6 changed files with 103 additions and 54 deletions
modules
alloy.nix
secrets
passwords.yaml
systems
default.nix
monitoring.noc.eh22.intern
loki.nixmimir.nixsystem.nix

81
modules/alloy.nix Normal file
View file

@ -0,0 +1,81 @@
{
modulesPath,
config,
lib,
pkgs,
...
}:
{
sops = {
secrets."services/loki/basic_auth" = {
mode = "0440";
owner = "alloy";
group = "alloy";
restartUnits = [ "alloy.service" ];
sopsFile = ../secrets/passwords.yaml;
};
secrets."services/mimir/basic_auth" = {
mode = "0440";
owner = "alloy";
group = "alloy";
restartUnits = [ "alloy.service" ];
sopsFile = ../secrets/passwords.yaml;
};
};
services.alloy = {
enable = true;
configPath = "/etc/alloy/config.alloy";
};
environment.etc."alloy/config.alloy" = {
text = ''
prometheus.remote_write "default" {
endpoint {
url = "http://mimir.noc.eh22.intern/api/v1/push"
basic_auth {
username = "noc"
password_file = "${config.sops.secrets."services/mimir/basic_auth".path}"
}
}
}
loki.write "default" {
endpoint {
url = "http://loki.noc.eh22.intern/loki/api/v1/push"
basic_auth {
username = "noc"
password_file = "${config.sops.secrets."services/loki/basic_auth".path}"
}
}
}
loki.relabel "journal" {
forward_to = []
rule {
source_labels = ["__journal__systemd_unit"]
target_label = "unit"
}
}
loki.source.journal "read_journal" {
forward_to = [loki.write.default.receiver]
relabel_rules = loki.relabel.journal.rules
labels = {component = "loki.source.journal", host = "${config.networking.hostName}"}
}
logging {
level = "info"
format = "logfmt"
}
prometheus.exporter.unix "local_system" { }
prometheus.scrape "scrape_metrics" {
targets = prometheus.exporter.unix.local_system.targets
forward_to = [prometheus.remote_write.default.receiver]
scrape_interval = "10s"
}
'';
};
}

10
secrets/passwords.yaml
View file

@ -7,7 +7,11 @@ services:
grafana: grafana:
admin_password: ENC[AES256_GCM,data:EimHeXiWzrzDVHnqmfAs+6/jsNp0cyVRJQu8U7drsP4=,iv:WmpPZstgTru8AHg5VeKRhfFdc0r5J9OWhCHdCzw/g+E=,tag:uftQ1kgj8LAuFB+MLSqnJw==,type:str] admin_password: ENC[AES256_GCM,data:EimHeXiWzrzDVHnqmfAs+6/jsNp0cyVRJQu8U7drsP4=,iv:WmpPZstgTru8AHg5VeKRhfFdc0r5J9OWhCHdCzw/g+E=,tag:uftQ1kgj8LAuFB+MLSqnJw==,type:str]
loki: loki:
basic_auth: ENC[AES256_GCM,data:nr03H2jHSwn49EorFmapJ6MZ,iv:TNao6XZJPW+BXpeB0BOvV9Rty6N4sgpVWiwCDSKrVcQ=,tag:YmCkIUwfBCcASGIxlT4pGg==,type:str] basic_auth: ENC[AES256_GCM,data:EuzUz2HFgpj/qvwr70fjezYrck7VveZfq1AWgCrgqY8=,iv:JANdADgMSZ1VFdkT5SdEITy1aI7VNc9lrU7eL6VZAb0=,tag:Z8eiu3vBWn7+7LxIEsrRoA==,type:str]
nginx: ENC[AES256_GCM,data:dLfstf/UaUfM3pIRa5PPGA8K2VK42QvJArXkjUTFO0OeYn8lTtSx2M8=,iv:WuNZQ+bcY5UqZq9rpBk4yihIxEAoN4ReQ5SjBjBKfXg=,tag:7eeexb97Aye+4VZum8TSuA==,type:str]
mimir:
basic_auth: ENC[AES256_GCM,data:B0UHO6/oj2KQACanDKaGToVQ+d345IZDVXbDqL1JM2A=,iv:7nEMQXpZJO9iLCVjEQupQ6/fhfr5Q0IQNkGFeJxegYo=,tag:4hWLdPHKz2nvB2kPuW3JIA==,type:str]
nginx: ENC[AES256_GCM,data:1vQE9z+w6RGwFK8mOuhzW3NArwthEcY/c/yQzAA6IwXtsDuxu7AS11M=,iv:jMtkHRR/+DVX1FREGUVTSTVUUUzOpjrLbNabHnw8Dq0=,tag:HbtQyuLlW5AbYqYDrtrbJA==,type:str]
hardware: hardware:
proxmox_server: proxmox_server:
ipmi: ipmi:
@ -49,8 +53,8 @@ sops:
SHhiSU5PZmpUakZvQVNtYk5nUk1tZjAKyHND2LZuuBciy7toDLrAH47kyWcGAN7c SHhiSU5PZmpUakZvQVNtYk5nUk1tZjAKyHND2LZuuBciy7toDLrAH47kyWcGAN7c
ORrD03DBoEV7mjBY86Hl3SaLKHxlBXsB93OOWqeZrvHlbki+qn/OZA== ORrD03DBoEV7mjBY86Hl3SaLKHxlBXsB93OOWqeZrvHlbki+qn/OZA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-10T21:45:17Z" lastmodified: "2025-03-14T17:47:08Z"
mac: ENC[AES256_GCM,data:8Qa+pqO3pm2geqpTTvOUyR8QEMh1KS7YorGn3P+Zt+Ts9bD4Dn/HkuYnE+vjmtAotl8OnSdGf6gaGEMSC2O7mHz6pbplsYWrho45i6ZkpLh7gDG+UR7hp5pjC1K6oX3wIGzfr1z3VyGRt8dnAaEk01tTIztoP5dFSzZrFeliUis=,iv:mgjqoJfkChkUkpeBQgUxdonalmtfI6fzO+TttS8LShk=,tag:tT57gxysO4Np/BZaKUDVug==,type:str] mac: ENC[AES256_GCM,data:w6psg02RoJ4fxu/jMr8ld2z8soXqb0UQmyCspwCOI8Qj3UvAE7EePKFmgqj7GEkY9yJ0VtBTqrwRcA2VWJ2Xtq6NyCyUdHNqiNDLRnegkD7EG4izYGib2Z32YnX73azh0sT6ZrB0de7vyyqj9i8J/UHphBEVayvAe7RVMVvlSgw=,iv:uAV+FHTzf92MaFiqXlfxyZkZf7OHEkTXPrbiIV6UVV4=,tag:orZqw7CQlbp7tKS7ccmdfg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.4

1
systems/default.nix
View file

@ -21,6 +21,7 @@ let
../modules/base_system.nix ../modules/base_system.nix
../modules/user_account.nix ../modules/user_account.nix
../modules/alloy.nix
systemModule systemModule
( (

2
systems/monitoring.noc.eh22.intern/loki.nix
View file

@ -62,7 +62,7 @@
virtualHosts."loki.noc.eh22.intern" = { virtualHosts."loki.noc.eh22.intern" = {
locations."/loki/api/v1/push" = { locations."/loki/api/v1/push" = {
proxyPass = "http://loki"; proxyPass = "http://loki";
#basicAuthFile = config.sops.secrets."services/loki/basic_auth".path; basicAuthFile = config.sops.secrets."services/loki/nginx".path;
}; };
}; };
}; };

1
systems/monitoring.noc.eh22.intern/mimir.nix
View file

@ -40,6 +40,7 @@
virtualHosts."mimir.noc.eh22.intern" = { virtualHosts."mimir.noc.eh22.intern" = {
locations."/api/v1/push" = { locations."/api/v1/push" = {
proxyPass = "http://mimir"; proxyPass = "http://mimir";
basicAuthFile = config.sops.secrets."services/mimir/nginx".path;
}; };
}; };
}; };

62
systems/monitoring.noc.eh22.intern/system.nix
View file

@ -12,8 +12,17 @@
group = "grafana"; group = "grafana";
restartUnits = [ "grafana.service" ]; restartUnits = [ "grafana.service" ];
}; };
secrets."services/loki/basic_auth" = { secrets."services/loki/nginx" = {
mode = "0777"; mode = "0440";
owner = "nginx";
group = "nginx";
restartUnits = [ "nginx.service" ];
};
secrets."services/mimir/nginx" = {
mode = "0440";
owner = "nginx";
group = "nginx";
restartUnits = [ "nginx.service" ];
}; };
}; };
@ -26,60 +35,13 @@
matchConfig.MACAddress = "BC:24:11:FC:C2:26"; matchConfig.MACAddress = "BC:24:11:FC:C2:26";
address = [ "10.20.25.4/24" ]; address = [ "10.20.25.4/24" ];
gateway = [ "10.20.25.2" ]; gateway = [ "10.20.25.2" ];
dns = [ "10.20.25.5" ];
}; };
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 ]; networking.firewall.allowedTCPPorts = [ 80 ];
services.alloy = {
enable = true;
configPath = "/etc/alloy/config.alloy";
};
environment.etc."alloy/config.alloy" = {
text = ''
prometheus.remote_write "default" {
endpoint {
url = "http://127.0.0.1:9009/api/v1/push"
}
}
loki.write "default" {
endpoint {
url = "http://127.0.0.1:3100/loki/api/v1/push"
}
}
loki.relabel "journal" {
forward_to = []
rule {
source_labels = ["__journal__systemd_unit"]
target_label = "unit"
}
}
loki.source.journal "read_journal" {
forward_to = [loki.write.default.receiver]
relabel_rules = loki.relabel.journal.rules
labels = {component = "loki.source.journal", host = "${config.networking.hostName}"}
}
logging {
level = "info"
format = "logfmt"
}
prometheus.exporter.unix "local_system" { }
prometheus.scrape "scrape_metrics" {
targets = prometheus.exporter.unix.local_system.targets
forward_to = [prometheus.remote_write.default.receiver]
scrape_interval = "10s"
}
'';
};
imports = [ imports = [
./grafana.nix ./grafana.nix
./mimir.nix ./mimir.nix