feat(server): add remote host metrics
This commit is contained in:
parent
7efd6d5b84
commit
bb0bbc15af
6 changed files with 118 additions and 12 deletions
|
@ -1,5 +1,16 @@
|
||||||
{config, ...}: {
|
{
|
||||||
imports = [./common.nix];
|
config,
|
||||||
|
_utils,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
secrets = _utils.setupSharedSecrets config {
|
||||||
|
secrets = ["vmAuthToken"];
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
./common.nix
|
||||||
|
secrets.generate
|
||||||
|
];
|
||||||
|
|
||||||
_module.args.nixinate = {
|
_module.args.nixinate = {
|
||||||
host = config.networking.hostName;
|
host = config.networking.hostName;
|
||||||
|
@ -27,5 +38,29 @@
|
||||||
port = 9091;
|
port = 9091;
|
||||||
enabledCollectors = ["systemd"];
|
enabledCollectors = ["systemd"];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
vmagent = {
|
||||||
|
enable = true;
|
||||||
|
remoteWrite.url = "https://metrics.uku3lig.net/api/v1/write";
|
||||||
|
extraArgs = ["-remoteWrite.bearerToken $VM_AUTH_TOKEN"];
|
||||||
|
prometheusConfig = {
|
||||||
|
global.scrape_interval = "15s";
|
||||||
|
|
||||||
|
scrape_configs = [
|
||||||
|
{
|
||||||
|
job_name = "node";
|
||||||
|
static_configs = [{targets = ["localhost:${builtins.toString config.services.prometheus.exporters.node.port}"];}];
|
||||||
|
relabel_configs = [
|
||||||
|
{
|
||||||
|
target_label = "instance";
|
||||||
|
replacement = config.networking.hostName;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.vmagent.serviceConfig.EnvironmentFile = secrets.get "vmAuthToken";
|
||||||
}
|
}
|
||||||
|
|
23
flake.lock
23
flake.lock
|
@ -299,6 +299,28 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"mystia": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-compat": [],
|
||||||
|
"nix-update-soopy": [],
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1722240118,
|
||||||
|
"narHash": "sha256-SkKJH1Qc2+rMQsas9YWtIfgWNv9Be788Mw6VvcubW4Y=",
|
||||||
|
"owner": "soopyc",
|
||||||
|
"repo": "mystia",
|
||||||
|
"rev": "f0020f82a83957ba6924e46907820f1e05fcf66c",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "soopyc",
|
||||||
|
"repo": "mystia",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixinate": {
|
"nixinate": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -401,6 +423,7 @@
|
||||||
"ghostty": "ghostty",
|
"ghostty": "ghostty",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"lanzaboote": "lanzaboote",
|
"lanzaboote": "lanzaboote",
|
||||||
|
"mystia": "mystia",
|
||||||
"nixinate": "nixinate",
|
"nixinate": "nixinate",
|
||||||
"nixos-wsl": "nixos-wsl",
|
"nixos-wsl": "nixos-wsl",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
|
|
|
@ -77,6 +77,13 @@
|
||||||
inputs.flake-compat.follows = "";
|
inputs.flake-compat.follows = "";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
mystia = {
|
||||||
|
url = "github:soopyc/mystia";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
inputs.nix-update-soopy.follows = "";
|
||||||
|
inputs.flake-compat.follows = "";
|
||||||
|
};
|
||||||
|
|
||||||
nixinate = {
|
nixinate = {
|
||||||
url = "github:matthewcroughan/nixinate";
|
url = "github:matthewcroughan/nixinate";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
|
@ -9,7 +9,8 @@ let
|
||||||
in {
|
in {
|
||||||
"shared/userPassword.age".publicKeys = all;
|
"shared/userPassword.age".publicKeys = all;
|
||||||
"shared/tailscaleKey.age".publicKeys = all;
|
"shared/tailscaleKey.age".publicKeys = all;
|
||||||
"shared/frpToken.age".publicKeys = main ++ [etna vesuvio];
|
"shared/frpToken.age".publicKeys = all;
|
||||||
|
"shared/vmAuthToken.age".publicKeys = all;
|
||||||
|
|
||||||
"fuji/rootPassword.age".publicKeys = main;
|
"fuji/rootPassword.age".publicKeys = main;
|
||||||
"fuji-wsl/rootPassword.age".publicKeys = main;
|
"fuji-wsl/rootPassword.age".publicKeys = main;
|
||||||
|
|
17
secrets/shared/vmAuthToken.age
Normal file
17
secrets/shared/vmAuthToken.age
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCaTI0Qm9kL2VSZFlQdlla
|
||||||
|
bnJOVElDMGFFM0tDVHVpb0hZcDVKUDFmNndJClMyYytuc01yY0E1MGJncjRuNWRV
|
||||||
|
U2JsMzJtdWY2L2EyRjRHMk91em9ITzgKLT4gWDI1NTE5IDhEbGR2ZTFydmcrdE8y
|
||||||
|
V0p4V20yMXN0S250cDJFS2lYWnpRYWRwQk9oQjQKc2E4WHQ3OVdmdUE1TjJhU3Vn
|
||||||
|
ckJ5aXVNbmJ3WEh4U3VHMFpKVW9vYUIwWQotPiBYMjU1MTkgYXBJcGlOdmlXaHlR
|
||||||
|
bVlBazRyeUhMZ0NBNFl5UUM0SmhLNEZGd0RWNndnbwpIRFBsa1ZFMlNReEJIMWsz
|
||||||
|
OEFjQUoyR1M0NVpVRzdodlFNK2VRcm55a09BCi0+IFgyNTUxOSB4bDVGTERBaXRG
|
||||||
|
ZXo0V0ZkdmtMTlBhaWhvWDQ1UzVoRVZoeWlQYWlpWlhFCkVKNVFSOE0vMHMvNFBj
|
||||||
|
eUxSZk10UTZxSzN5OXVHVHpCUFRNYUVkbFlLaTgKLS0tIFVpa05XQmhWeGtEa0Nr
|
||||||
|
ZUYwMmg5cExiVndYcVppQlRIS0JNMGliTHQvREkKpwP8aD6RCqL/rKZ3YF4pG245
|
||||||
|
2jeBRoLLWP5uYMvBDURL27LvvfI4WdXtvDXAoWU4bpxQU+o6Vixc2MKE0cNeCrhX
|
||||||
|
vQt4x5csJXN+jqWqI5JEKasI2p1nSWv3TNS7yAS+K8fCXv+x2pUD2vLR+fcQqpkM
|
||||||
|
X/5deZFdMWa4zmGE5sPR4oaZjGu7gLvLEm6JBZrG+pU+Kabwk1HOekjuSelsW2Tg
|
||||||
|
cGn8nJ2yNSX7s2a+8tTFxnd+mor+TuKBr+czvjY6mhDLvCgQs79IfK5Id7K95i87
|
||||||
|
XC28zxHyHP0t
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
|
@ -1,8 +1,24 @@
|
||||||
{config, ...}: let
|
{
|
||||||
|
config,
|
||||||
|
mystia,
|
||||||
|
_utils,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
vmcfg = config.services.victoriametrics;
|
vmcfg = config.services.victoriametrics;
|
||||||
pmcfg = config.services.prometheus;
|
secrets = _utils.setupSharedSecrets config {secrets = ["vmAuthToken"];};
|
||||||
in {
|
in {
|
||||||
cfTunnels."grafana.uku3lig.net" = "http://localhost:2432";
|
imports = [
|
||||||
|
mystia.nixosModules.vmauth
|
||||||
|
secrets.generate
|
||||||
|
];
|
||||||
|
|
||||||
|
cfTunnels = {
|
||||||
|
"grafana.uku3lig.net" = "http://localhost:2432";
|
||||||
|
"metrics.uku3lig.net" = {
|
||||||
|
service = "http://localhost:9089";
|
||||||
|
path = "/api/.*/write";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.grafana = {
|
services.grafana = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -22,16 +38,11 @@ in {
|
||||||
|
|
||||||
services.vmagent = {
|
services.vmagent = {
|
||||||
enable = true;
|
enable = true;
|
||||||
remoteWrite.url = "http://${vmcfg.listenAddress}/api/v1/write";
|
|
||||||
prometheusConfig = {
|
prometheusConfig = {
|
||||||
global.scrape_interval = "15s";
|
global.scrape_interval = "15s";
|
||||||
|
|
||||||
|
# node scraping is sent to vm directly via vmauth
|
||||||
scrape_configs = [
|
scrape_configs = [
|
||||||
{
|
|
||||||
job_name = "node";
|
|
||||||
static_configs = [{targets = ["localhost:${builtins.toString pmcfg.exporters.node.port}"];}];
|
|
||||||
}
|
|
||||||
|
|
||||||
{
|
{
|
||||||
job_name = "victoriametrics";
|
job_name = "victoriametrics";
|
||||||
static_configs = [{targets = ["${builtins.toString vmcfg.listenAddress}"];}];
|
static_configs = [{targets = ["${builtins.toString vmcfg.listenAddress}"];}];
|
||||||
|
@ -44,4 +55,16 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.vmauth = {
|
||||||
|
enable = true;
|
||||||
|
listenAddress = "127.0.0.1:9089";
|
||||||
|
environmentFile = secrets.get "vmAuthToken";
|
||||||
|
authConfig.users = [
|
||||||
|
{
|
||||||
|
bearer_token = "%{VM_AUTH_TOKEN}";
|
||||||
|
url_prefix = "http://${vmcfg.listenAddress}";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue