Newer
Older
{ publicIPv4
, hardware
, publicStoragePort
, ristrettoSigningKeyPath
, monitoringvpnSecretKeyPath
, monitoringvpnPresharedKeyPath
, passValue
, sshUsers
, stateVersion
, monitoringvpnIPv4
, vpnClientIPs
, nodeExporterTargets
, nginxExporterTargets
, ... }:
# This doesn't work yet:
# let
# pkgs = import (builtins.fetchTarball {
# url = "https://github.com/nixos/nixpkgs/archive/76ed24ceab9ec8b520f977a2803181f0c1d86b4d.tar.gz";
# sha256 = "0dnpkkkv1cly8vywsfizfk3iwl8dnffqh0k6vkq616iw6biha725";
# }) {};
#
# in
rec {
deployment = {
targetHost = publicIPv4;
secrets = {
"monitoringvpn-private-key" = {
source = monitoringvpnSecretKeyPath;
owner.user = "root";
owner.group = "root";
permissions = "0400";
action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
};
"monitoringvpn-preshared-key" = {
source = monitoringvpnPresharedKeyPath;
destination = "/run/keys/monitoringvpn/preshared.key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
};
};
};
imports = [
hardware
../../nixos/modules/monitoring/vpn/server.nix
../../nixos/modules/monitoring/server/prometheus.nix
../../nixos/modules/monitoring/exporters/node.nix
# Loki 0.3.0 from Nixpkgs 19.09 is too old and does not work:
# ../../nixos/modules/monitoring/server/loki.nix
];
services.private-storage.monitoring.vpn.server = {
enable = true;
inherit vpnClientIPs;
services.private-storage.monitoring.grafana = {
domain = "grafana.grid.private.storage";
prometheusUrl = "http://localhost:9090/";
lokiUrl = "http://localhost:3100/";
};
services.private-storage.monitoring.prometheus = {
inherit nodeExporterTargets;
inherit nginxExporterTargets;