uku/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(server): add remote host metrics

Browse source
This commit is contained in:
uku 2024-07-30 12:07:43 +02:00
parent 7efd6d5b84
commit bb0bbc15af
Signed by: uku
SSH key fingerprint: SHA256:4P0aN6M8ajKukNi6aPOaX0LacanGYtlfjmN+m/sHY/o
6 changed files with 118 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
configs/server.nix
View file

@ -1,5 +1,16 @@
{config, ...}: { {
imports = [./common.nix]; config,
_utils,
...
}: let
secrets = _utils.setupSharedSecrets config {
secrets = ["vmAuthToken"];
};
in {
imports = [
./common.nix
secrets.generate
];
_module.args.nixinate = { _module.args.nixinate = {
host = config.networking.hostName; host = config.networking.hostName;
@ -27,5 +38,29 @@
port = 9091; port = 9091;
enabledCollectors = ["systemd"]; enabledCollectors = ["systemd"];
}; };
vmagent = {
enable = true;
remoteWrite.url = "https://metrics.uku3lig.net/api/v1/write";
extraArgs = ["-remoteWrite.bearerToken $VM_AUTH_TOKEN"];
prometheusConfig = {
global.scrape_interval = "15s";
scrape_configs = [
{
job_name = "node";
static_configs = [{targets = ["localhost:${builtins.toString config.services.prometheus.exporters.node.port}"];}];
relabel_configs = [
{
target_label = "instance";
replacement = config.networking.hostName;
}
];
}
];
};
};
}; };
systemd.services.vmagent.serviceConfig.EnvironmentFile = secrets.get "vmAuthToken";
} }

23
flake.lock
View file

@ -299,6 +299,28 @@
"type": "github" "type": "github"
} }
}, },
"mystia": {
"inputs": {
"flake-compat": [],
"nix-update-soopy": [],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1722240118,
"narHash": "sha256-SkKJH1Qc2+rMQsas9YWtIfgWNv9Be788Mw6VvcubW4Y=",
"owner": "soopyc",
"repo": "mystia",
"rev": "f0020f82a83957ba6924e46907820f1e05fcf66c",
"type": "github"
},
"original": {
"owner": "soopyc",
"repo": "mystia",
"type": "github"
}
},
"nixinate": { "nixinate": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -401,6 +423,7 @@
"ghostty": "ghostty", "ghostty": "ghostty",
"home-manager": "home-manager", "home-manager": "home-manager",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"mystia": "mystia",
"nixinate": "nixinate", "nixinate": "nixinate",
"nixos-wsl": "nixos-wsl", "nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",

7
flake.nix
View file

@ -77,6 +77,13 @@
inputs.flake-compat.follows = ""; inputs.flake-compat.follows = "";
}; };
mystia = {
url = "github:soopyc/mystia";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nix-update-soopy.follows = "";
inputs.flake-compat.follows = "";
};
nixinate = { nixinate = {
url = "github:matthewcroughan/nixinate"; url = "github:matthewcroughan/nixinate";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";

3
secrets/secrets.nix
View file

@ -9,7 +9,8 @@ let
in { in {
"shared/userPassword.age".publicKeys = all; "shared/userPassword.age".publicKeys = all;
"shared/tailscaleKey.age".publicKeys = all; "shared/tailscaleKey.age".publicKeys = all;
"shared/frpToken.age".publicKeys = main ++ [etna vesuvio]; "shared/frpToken.age".publicKeys = all;
"shared/vmAuthToken.age".publicKeys = all;
"fuji/rootPassword.age".publicKeys = main; "fuji/rootPassword.age".publicKeys = main;
"fuji-wsl/rootPassword.age".publicKeys = main; "fuji-wsl/rootPassword.age".publicKeys = main;

17
secrets/shared/vmAuthToken.age Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCaTI0Qm9kL2VSZFlQdlla
bnJOVElDMGFFM0tDVHVpb0hZcDVKUDFmNndJClMyYytuc01yY0E1MGJncjRuNWRV
U2JsMzJtdWY2L2EyRjRHMk91em9ITzgKLT4gWDI1NTE5IDhEbGR2ZTFydmcrdE8y
V0p4V20yMXN0S250cDJFS2lYWnpRYWRwQk9oQjQKc2E4WHQ3OVdmdUE1TjJhU3Vn
ckJ5aXVNbmJ3WEh4U3VHMFpKVW9vYUIwWQotPiBYMjU1MTkgYXBJcGlOdmlXaHlR
bVlBazRyeUhMZ0NBNFl5UUM0SmhLNEZGd0RWNndnbwpIRFBsa1ZFMlNReEJIMWsz
OEFjQUoyR1M0NVpVRzdodlFNK2VRcm55a09BCi0+IFgyNTUxOSB4bDVGTERBaXRG
ZXo0V0ZkdmtMTlBhaWhvWDQ1UzVoRVZoeWlQYWlpWlhFCkVKNVFSOE0vMHMvNFBj
eUxSZk10UTZxSzN5OXVHVHpCUFRNYUVkbFlLaTgKLS0tIFVpa05XQmhWeGtEa0Nr
ZUYwMmg5cExiVndYcVppQlRIS0JNMGliTHQvREkKpwP8aD6RCqL/rKZ3YF4pG245
2jeBRoLLWP5uYMvBDURL27LvvfI4WdXtvDXAoWU4bpxQU+o6Vixc2MKE0cNeCrhX
vQt4x5csJXN+jqWqI5JEKasI2p1nSWv3TNS7yAS+K8fCXv+x2pUD2vLR+fcQqpkM
X/5deZFdMWa4zmGE5sPR4oaZjGu7gLvLEm6JBZrG+pU+Kabwk1HOekjuSelsW2Tg
cGn8nJ2yNSX7s2a+8tTFxnd+mor+TuKBr+czvjY6mhDLvCgQs79IfK5Id7K95i87
XC28zxHyHP0t
-----END AGE ENCRYPTED FILE-----

41
systems/etna/metrics.nix
View file

@ -1,8 +1,24 @@
{config, ...}: let {
config,
mystia,
_utils,
...
}: let
vmcfg = config.services.victoriametrics; vmcfg = config.services.victoriametrics;
pmcfg = config.services.prometheus; secrets = _utils.setupSharedSecrets config {secrets = ["vmAuthToken"];};
in { in {
cfTunnels."grafana.uku3lig.net" = "http://localhost:2432"; imports = [
mystia.nixosModules.vmauth
secrets.generate
];
cfTunnels = {
"grafana.uku3lig.net" = "http://localhost:2432";
"metrics.uku3lig.net" = {
service = "http://localhost:9089";
path = "/api/.*/write";
};
};
services.grafana = { services.grafana = {
enable = true; enable = true;
@ -22,16 +38,11 @@ in {
services.vmagent = { services.vmagent = {
enable = true; enable = true;
remoteWrite.url = "http://${vmcfg.listenAddress}/api/v1/write";
prometheusConfig = { prometheusConfig = {
global.scrape_interval = "15s"; global.scrape_interval = "15s";
# node scraping is sent to vm directly via vmauth
scrape_configs = [ scrape_configs = [
{
job_name = "node";
static_configs = [{targets = ["localhost:${builtins.toString pmcfg.exporters.node.port}"];}];
}
{ {
job_name = "victoriametrics"; job_name = "victoriametrics";
static_configs = [{targets = ["${builtins.toString vmcfg.listenAddress}"];}]; static_configs = [{targets = ["${builtins.toString vmcfg.listenAddress}"];}];
@ -44,4 +55,16 @@ in {
]; ];
}; };
}; };
services.vmauth = {
enable = true;
listenAddress = "127.0.0.1:9089";
environmentFile = secrets.get "vmAuthToken";
authConfig.users = [
{
bearer_token = "%{VM_AUTH_TOKEN}";
url_prefix = "http://${vmcfg.listenAddress}";
}
];
};
} }