70 lines
1.5 KiB
Nix
70 lines
1.5 KiB
Nix
{
|
|
config,
|
|
mystia,
|
|
_utils,
|
|
...
|
|
}: let
|
|
vmcfg = config.services.victoriametrics;
|
|
secrets = _utils.setupSharedSecrets config {secrets = ["vmAuthToken"];};
|
|
in {
|
|
imports = [
|
|
mystia.nixosModules.vmauth
|
|
secrets.generate
|
|
];
|
|
|
|
cfTunnels = {
|
|
"grafana.uku3lig.net" = "http://localhost:2432";
|
|
"metrics.uku3lig.net" = {
|
|
service = "http://localhost:9089";
|
|
path = "/api/.*/write";
|
|
};
|
|
};
|
|
|
|
services.grafana = {
|
|
enable = true;
|
|
settings = {
|
|
server = {
|
|
http_port = 2432;
|
|
root_url = "https://grafana.uku3lig.net";
|
|
};
|
|
};
|
|
};
|
|
|
|
services.victoriametrics = {
|
|
enable = true;
|
|
listenAddress = "127.0.0.1:9090";
|
|
retentionPeriod = 5 * 12; # 5 years !!!!
|
|
};
|
|
|
|
services.vmagent = {
|
|
enable = true;
|
|
prometheusConfig = {
|
|
global.scrape_interval = "15s";
|
|
|
|
# node scraping is sent to vm directly via vmauth
|
|
scrape_configs = [
|
|
{
|
|
job_name = "victoriametrics";
|
|
static_configs = [{targets = ["${builtins.toString vmcfg.listenAddress}"];}];
|
|
}
|
|
|
|
{
|
|
job_name = "api-rs";
|
|
static_configs = [{targets = ["localhost:5001"];}];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
services.vmauth = {
|
|
enable = true;
|
|
listenAddress = "127.0.0.1:9089";
|
|
environmentFile = secrets.get "vmAuthToken";
|
|
authConfig.users = [
|
|
{
|
|
bearer_token = "%{VM_AUTH_TOKEN}";
|
|
url_prefix = "http://${vmcfg.listenAddress}";
|
|
}
|
|
];
|
|
};
|
|
}
|