phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move Grafana to hel1

Browse source
This commit is contained in:
Paul-Henri Froidmont 2024-12-11 05:02:44 +01:00
parent f18644f8a1
commit e7caa4e487
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
6 changed files with 241 additions and 242 deletions
Download patch file Download diff file Expand all files Collapse all files

285
modules/grafana.nix
View file

@ -1,7 +1,11 @@
{ config, lib, ... }: { config, lib, ... }:
let cfg = config.custom.services.grafana; let
in { cfg = config.custom.services.grafana;
options.custom.services.grafana = { enable = lib.mkEnableOption "grafana"; }; in
{
options.custom.services.grafana = {
enable = lib.mkEnableOption "grafana";
};
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
sops.secrets = { sops.secrets = {
@ -11,172 +15,171 @@ in {
}; };
}; };
services.grafana = { services = {
enable = true; grafana = {
dataDir = "/nix/var/data/grafana";
settings = {
server = { domain = "grafana.${config.networking.domain}"; };
security.admin_password =
"$__file{${config.sops.secrets.grafanaAdminPassword.path}}";
};
provision = {
enable = true; enable = true;
datasources.settings = { dataDir = "/nix/var/data/grafana";
datasources = [ settings = {
server = {
domain = "grafana.${config.networking.domain}";
};
security.admin_password = "$__file{${config.sops.secrets.grafanaAdminPassword.path}}";
};
provision = {
enable = true;
datasources.settings = {
datasources = [
{
name = "Prometheus";
type = "prometheus";
url = "http://127.0.0.1:${toString config.services.prometheus.port}";
isDefault = true;
}
{
name = "Loki";
type = "loki";
access = "proxy";
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}";
}
];
};
dashboards.settings.providers = [
{ {
name = "Prometheus"; name = "Config";
type = "prometheus"; options.path = ./dashboards;
url =
"http://127.0.0.1:${toString config.services.prometheus.port}";
isDefault = true;
}
{
name = "Loki";
type = "loki";
access = "proxy";
url = "http://127.0.0.1:${
toString
config.services.loki.configuration.server.http_listen_port
}";
} }
]; ];
}; };
dashboards.settings.providers = [{
name = "Config";
options.path = ./dashboards;
}];
}; };
};
services.nginx = { nginx = {
virtualHosts = { virtualHosts = {
"${config.services.grafana.settings.server.domain}" = { "${config.services.grafana.settings.server.domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${ proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
toString config.services.grafana.settings.server.http_port proxyWebsockets = true;
}"; };
proxyWebsockets = true;
}; };
}; };
}; };
};
services.prometheus = { prometheus = {
enable = true; enable = true;
scrapeConfigs = [
scrapeConfigs = [ {
{ job_name = "node";
job_name = "node"; static_configs = [
static_configs = [{ {
targets = [ targets = [
"10.0.2.3:${ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
toString config.services.prometheus.exporters.node.port ];
}" }
"10.0.1.1:${
toString config.services.prometheus.exporters.node.port
}"
"10.0.1.11:${
toString config.services.prometheus.exporters.node.port
}"
]; ];
}]; }
} {
{ job_name = "synapse";
job_name = "synapse"; scrape_interval = "15s";
scrape_interval = "15s"; metrics_path = "/_synapse/metrics";
metrics_path = "/_synapse/metrics"; static_configs = [ { targets = [ "127.0.0.1:9000" ]; } ];
static_configs = [{ targets = [ "10.0.1.1:9000" ]; }]; }
} {
{ job_name = "dmarc";
job_name = "dmarc"; scrape_interval = "15s";
scrape_interval = "15s"; static_configs = [
static_configs = [{ {
targets = [ targets = [
"10.0.2.3:${ "127.0.0.1:${toString config.services.prometheus.exporters.dmarc.port}"
toString config.services.prometheus.exporters.dmarc.port ];
}" }
]; ];
}]; }
} ];
]; };
};
services.loki = { loki = {
enable = true; enable = true;
dataDir = "/nix/var/data/loki"; configuration = {
server.http_listen_port = 3100;
auth_enabled = false;
configuration = { ingester = {
server.http_listen_port = 3100; lifecycler = {
auth_enabled = false; address = "127.0.0.1";
ring = {
kvstore = {
store = "inmemory";
};
replication_factor = 1;
};
};
chunk_idle_period = "1h";
max_chunk_age = "1h";
chunk_target_size = 999999;
chunk_retain_period = "30s";
};
ingester = { limits_config = {
lifecycler = { ingestion_rate_mb = 16;
address = "127.0.0.1"; allow_structured_metadata = false;
ring = { };
kvstore = { store = "inmemory"; };
replication_factor = 1; schema_config = {
configs = [
{
from = "2022-09-15";
store = "boltdb-shipper";
object_store = "filesystem";
schema = "v11";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
storage_config = {
boltdb_shipper = {
active_index_directory = "${config.services.loki.dataDir}/boltdb-index";
cache_location = "${config.services.loki.dataDir}/boltdb-cache";
cache_ttl = "24h";
};
filesystem = {
directory = "${config.services.loki.dataDir}/chunks";
}; };
}; };
chunk_idle_period = "1h";
max_chunk_age = "1h";
chunk_target_size = 999999;
chunk_retain_period = "30s";
};
limits_config = { limits_config = {
ingestion_rate_mb = 16; reject_old_samples = true;
allow_structured_metadata = false; reject_old_samples_max_age = "168h";
}; };
schema_config = { querier.engine.max_look_back_period = "0s";
configs = [{
from = "2022-09-15"; table_manager = {
store = "boltdb-shipper"; retention_deletes_enabled = false;
object_store = "filesystem"; retention_period = "0s";
schema = "v11"; };
index = {
prefix = "index_"; compactor = {
period = "24h"; working_directory = "${config.services.loki.dataDir}";
compactor_ring = {
kvstore = {
store = "inmemory";
};
}; };
}];
};
storage_config = {
boltdb_shipper = {
active_index_directory =
"${config.services.loki.dataDir}/boltdb-index";
cache_location = "${config.services.loki.dataDir}/boltdb-cache";
cache_ttl = "24h";
}; };
filesystem = { analytics = {
directory = "${config.services.loki.dataDir}/chunks"; reporting_enabled = false;
}; };
}; };
limits_config = {
reject_old_samples = true;
reject_old_samples_max_age = "168h";
};
querier.engine.max_look_back_period = "0s";
table_manager = {
retention_deletes_enabled = false;
retention_period = "0s";
};
compactor = {
working_directory = "${config.services.loki.dataDir}";
compactor_ring = { kvstore = { store = "inmemory"; }; };
};
analytics = { reporting_enabled = false; };
}; };
}; };
}; };

57
modules/monitoring-exporters.nix
View file

@ -1,6 +1,8 @@
{ config, lib, ... }: { config, lib, ... }:
let cfg = config.custom.services.monitoring-exporters; let
in { cfg = config.custom.services.monitoring-exporters;
in
{
options.custom.services.monitoring-exporters = { options.custom.services.monitoring-exporters = {
enable = lib.mkEnableOption "monitoring-exporters"; enable = lib.mkEnableOption "monitoring-exporters";
}; };
@ -10,11 +12,30 @@ in {
exporters = { exporters = {
node = { node = {
enable = true; enable = true;
enabledCollectors = [ "systemd" "processes" ]; enabledCollectors = [
"systemd"
"processes"
];
};
dmarc = {
enable = true;
debug = true;
imap = {
host = "mail.banditlair.com";
username = "paultrial@banditlair.com";
passwordFile = "/run/credentials/prometheus-dmarc-exporter.service/password";
};
folders = {
inbox = "dmarc_reports";
done = "Archives.dmarc_report_processed";
error = "Archives.dmarc_report_error";
};
}; };
}; };
}; };
systemd.services.prometheus-dmarc-exporter.serviceConfig.LoadCredential = "password:${config.sops.secrets.dmarcExporterPassword.path}";
services.promtail = { services.promtail = {
enable = true; enable = true;
configuration = { configuration = {
@ -22,7 +43,7 @@ in {
http_listen_port = 3101; http_listen_port = 3101;
grpc_listen_port = 0; grpc_listen_port = 0;
}; };
clients = [{ url = "http://10.0.2.3:3100/loki/api/v1/push"; }]; clients = [ { url = "http://127.0.0.1:3100/loki/api/v1/push"; } ];
scrape_configs = [ scrape_configs = [
{ {
job_name = "journal"; job_name = "journal";
@ -33,21 +54,25 @@ in {
host = "${config.networking.hostName}"; host = "${config.networking.hostName}";
}; };
}; };
relabel_configs = [{ relabel_configs = [
source_labels = [ "__journal__systemd_unit" ]; {
target_label = "unit"; source_labels = [ "__journal__systemd_unit" ];
}]; target_label = "unit";
}
];
} }
(lib.mkIf config.services.nginx.enable { (lib.mkIf config.services.nginx.enable {
job_name = "nginx"; job_name = "nginx";
static_configs = [{ static_configs = [
targets = [ "localhost" ]; {
labels = { targets = [ "localhost" ];
job = "nginx"; labels = {
host = "${config.networking.hostName}"; job = "nginx";
__path__ = "/var/log/nginx/*.log"; host = "${config.networking.hostName}";
}; __path__ = "/var/log/nginx/*.log";
}]; };
}
];
}) })
]; ];
}; };

9
modules/nextcloud.nix
View file

@ -33,10 +33,15 @@ in
forceSSL = true; forceSSL = true;
}; };
# Can't change home dir for now, use bind mount as workaround
# https://github.com/NixOS/nixpkgs/issues/356973
fileSystems."/var/lib/nextcloud" = {
device = "/nix/var/data/nextcloud";
options = [ "bind" ];
};
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
# Can't be changed for now, could use a bind mount as workaround
# https://github.com/NixOS/nixpkgs/issues/356973
# home = "/nix/var/data/nextcloud"; # home = "/nix/var/data/nextcloud";
package = pkgs.nextcloud29; package = pkgs.nextcloud29;
hostName = "cloud.${config.networking.domain}"; hostName = "cloud.${config.networking.domain}";

65
profiles/hel.nix
View file

@ -15,6 +15,9 @@
owner = config.users.users.gitlab-runner.name; owner = config.users.users.gitlab-runner.name;
key = "gitlab/runner_registration_config/hel1"; key = "gitlab/runner_registration_config/hel1";
}; };
dmarcExporterPassword = {
key = "dmarc_exporter/password";
};
}; };
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
@ -180,26 +183,29 @@
}; };
}; };
custom = { custom.services = {
services.nginx.enable = true; nginx.enable = true;
services.postgresql.enable = true; postgresql.enable = true;
services.dokuwiki.enable = true; dokuwiki.enable = true;
services.openssh.enable = true; openssh.enable = true;
services.gitlab-runner = { gitlab-runner = {
enable = true; enable = true;
runnerRegistrationConfigFile = config.sops.secrets.runnerRegistrationConfig.path; runnerRegistrationConfigFile = config.sops.secrets.runnerRegistrationConfig.path;
}; };
services.jellyfin.enable = true; jellyfin.enable = true;
services.torrents.enable = true; torrents.enable = true;
services.foundryvtt.enable = true; foundryvtt.enable = true;
services.jitsi.enable = true; jitsi.enable = true;
services.stb.enable = true; stb.enable = true;
services.murmur.enable = true; murmur.enable = true;
services.synapse.enable = true; synapse.enable = true;
services.nextcloud.enable = true; nextcloud.enable = true;
services.roundcube.enable = true; roundcube.enable = true;
monero.enable = true;
grafana.enable = true;
monitoring-exporters.enable = true;
services.backup-job = { backup-job = {
enable = true; enable = true;
repoName = "bl"; repoName = "bl";
additionalPaths = [ additionalPaths = [
@ -235,7 +241,7 @@
sshKey = config.sops.secrets.borgSshKey.path; sshKey = config.sops.secrets.borgSshKey.path;
}; };
services.monit = { monit = {
enable = true; enable = true;
additionalConfig = '' additionalConfig = ''
check host nextcloud with address cloud.banditlair.com check host nextcloud with address cloud.banditlair.com
@ -331,6 +337,31 @@
''; '';
}; };
}; };
# services.minecraft-server = {
# enable = false;
# package = pkgs-unstable.minecraft-server;
# eula = true;
# openFirewall = false;
# declarative = true;
# serverProperties = {
# enable-rcon = true;
# "rcon.port" = 25575;
# "rcon.password" = "password";
# server-port = 23363;
# online-mode = true;
# force-gamemode = true;
# white-list = true;
# diffuculty = "hard";
# };
# whitelist = {
# paulplay15 = "1d5abc95-2fdb-4dcb-98e8-4fb5a0fba953";
# Xavier1258 = "e9059cf3-00ef-47a3-92ee-4e4a3fea0e6d";
# denisjulien3333 = "3c93e1a2-42d8-4a51-9fe3-924c8e8d5b07";
# };
# dataDir = "/nix/var/data/minecraft";
# };
# virtualisation.oci-containers.containers = { # virtualisation.oci-containers.containers = {
# "minecraft" = { # "minecraft" = {
# image = "itzg/minecraft-server"; # image = "itzg/minecraft-server";

65
profiles/storage.nix
View file

@ -19,9 +19,6 @@
nixCacheKey = { nixCacheKey = {
key = "nix/cache_secret_key"; key = "nix/cache_secret_key";
}; };
dmarcExporterPassword = {
key = "dmarc_exporter/password";
};
paultrialPassword = { paultrialPassword = {
key = "email/accounts_passwords/paultrial"; key = "email/accounts_passwords/paultrial";
}; };
@ -75,9 +72,6 @@
services.nginx.enable = true; services.nginx.enable = true;
services.openssh.enable = true; services.openssh.enable = true;
services.monero.enable = false;
services.grafana.enable = true;
services.monitoring-exporters.enable = true;
}; };
mailserver = { mailserver = {
@ -157,22 +151,6 @@
certificateScheme = "acme-nginx"; certificateScheme = "acme-nginx";
}; };
services.prometheus.exporters.dmarc = {
enable = true;
debug = true;
imap = {
host = "mail.banditlair.com";
username = "paultrial@banditlair.com";
passwordFile = "/run/credentials/prometheus-dmarc-exporter.service/password";
};
folders = {
inbox = "dmarc_reports";
done = "Archives.dmarc_report_processed";
error = "Archives.dmarc_report_error";
};
};
systemd.services.prometheus-dmarc-exporter.serviceConfig.LoadCredential = "password:${config.sops.secrets.dmarcExporterPassword.path}";
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
80 80
443 443
@ -182,9 +160,6 @@
networking.firewall.allowedUDPPorts = [ networking.firewall.allowedUDPPorts = [
23363 # Minecraft 23363 # Minecraft
]; ];
networking.firewall.interfaces.vlan4001.allowedTCPPorts = [
config.services.loki.configuration.server.http_listen_port
];
networking.nat.enable = true; networking.nat.enable = true;
networking.nat.internalInterfaces = [ "ve-+" ]; networking.nat.internalInterfaces = [ "ve-+" ];
@ -221,46 +196,6 @@
}; };
users.groups.steam = { }; users.groups.steam = { };
services.minecraft-server = {
enable = false;
package = pkgs-unstable.minecraft-server;
eula = true;
openFirewall = false;
declarative = true;
serverProperties = {
enable-rcon = true;
"rcon.port" = 25575;
"rcon.password" = "password";
server-port = 23363;
online-mode = true;
force-gamemode = true;
white-list = true;
diffuculty = "hard";
};
whitelist = {
paulplay15 = "1d5abc95-2fdb-4dcb-98e8-4fb5a0fba953";
Xavier1258 = "e9059cf3-00ef-47a3-92ee-4e4a3fea0e6d";
denisjulien3333 = "3c93e1a2-42d8-4a51-9fe3-924c8e8d5b07";
};
dataDir = "/nix/var/data/minecraft";
};
# virtualisation.oci-containers.containers = {
# "minecraft" = {
# image = "itzg/minecraft-server";
# environment = {
# EULA = "TRUE";
# VERSION = "1.18.2";
# TYPE = "AUTO_CURSEFORGE";
# MEMORY = "4G";
# CF_SLUG = "modecube"; # https://www.curseforge.com/minecraft/modpacks/modecube/files
# };
# ports = [ "25565:25565" ];
# volumes = [ "/nix/var/data/minecraft-modded:/data" ];
# autoStart = true;
# };
# };
# services.rustdesk-server = { # services.rustdesk-server = {
# enable = true; # enable = true;
# openFirewall = true; # openFirewall = true;

2
terraform/dns.tf
View file

@ -72,7 +72,7 @@ resource "hetznerdns_record" "hel1_a" {
resource "hetznerdns_record" "grafana_a" { resource "hetznerdns_record" "grafana_a" {
zone_id = data.hetznerdns_zone.banditlair_zone.id zone_id = data.hetznerdns_zone.banditlair_zone.id
name = "grafana" name = "grafana"
value = local.storage1_ip value = local.hel1_ip
type = "A" type = "A"
ttl = 600 ttl = 600
} }