Skip to content
Snippets Groups Projects
make-monitoring.nix 2.11 KiB
Newer Older
  • Learn to ignore specific revisions
  • { publicIPv4
    , hardware
    , publicStoragePort
    , ristrettoSigningKeyPath
    , monitoringvpnSecretKeyPath
    , monitoringvpnPresharedKeyPath
    , passValue
    , sshUsers
    , stateVersion
    , monitoringvpnIPv4
    , vpnClientIPs
    
    , nodeExporterTargets
    , nginxExporterTargets
    
    , ... }:
    
    # This doesn't work yet:
    # let
    #       pkgs = import (builtins.fetchTarball {
    #                   url = "https://github.com/nixos/nixpkgs/archive/76ed24ceab9ec8b520f977a2803181f0c1d86b4d.tar.gz";
    #                   sha256 = "0dnpkkkv1cly8vywsfizfk3iwl8dnffqh0k6vkq616iw6biha725";
    #                 }) {};
    #
    # in
    
    rec {
    
    Florian Sesser's avatar
    Florian Sesser committed
    
      deployment = {
        targetHost = publicIPv4;
    
        secrets = {
          "monitoringvpn-private-key" = {
    
            source = monitoringvpnSecretKeyPath;
    
    Florian Sesser's avatar
    Florian Sesser committed
            destination = "/run/keys/monitoringvpn/server.key";
    
    Florian Sesser's avatar
    Florian Sesser committed
            owner.user = "root";
            owner.group = "root";
            permissions = "0400";
            action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
          };
    
          "monitoringvpn-preshared-key" = {
    
            source = monitoringvpnPresharedKeyPath;
    
    Florian Sesser's avatar
    Florian Sesser committed
            destination = "/run/keys/monitoringvpn/preshared.key";
    
            owner.user = "root";
            owner.group = "root";
            permissions = "0400";
            action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
          };
    
    Florian Sesser's avatar
    Florian Sesser committed
        };
      };
    
      imports = [
        hardware
        ../../nixos/modules/monitoring/vpn/server.nix
    
    Florian Sesser's avatar
    Florian Sesser committed
        ../../nixos/modules/monitoring/server/grafana.nix
    
    Florian Sesser's avatar
    Florian Sesser committed
        ../../nixos/modules/monitoring/server/prometheus.nix
    
        ../../nixos/modules/monitoring/exporters/node.nix
    
        # Loki 0.3.0 from Nixpkgs 19.09 is too old and does not work:
        # ../../nixos/modules/monitoring/server/loki.nix
    
    Florian Sesser's avatar
    Florian Sesser committed
      ];
    
      services.private-storage.monitoring.vpn.server = {
        enable = true;
    
    Florian Sesser's avatar
    Florian Sesser committed
        ip = monitoringvpnIPv4;
    
    Florian Sesser's avatar
    Florian Sesser committed
      services.private-storage.monitoring.grafana = {
        domain = "grafana.grid.private.storage";
        prometheusUrl = "http://localhost:9090/";
        lokiUrl = "http://localhost:3100/";
      };
    
    
    Florian Sesser's avatar
    Florian Sesser committed
      services.private-storage.monitoring.prometheus = {
    
        inherit nodeExporterTargets;
        inherit nginxExporterTargets;
    
    Florian Sesser's avatar
    Florian Sesser committed
      system.stateVersion = stateVersion;
    }