Skip to content
Snippets Groups Projects
Commit 72088473 authored by Jean-Paul Calderone's avatar Jean-Paul Calderone
Browse files

Merge branch 'develop' into 'production'

merge develop into production

See merge request !278
parents b694712e 282d1356
No related branches found
No related tags found
2 merge requests!393Draft: Support QEmu local grid - DO NOT MERGE,!278merge develop into production
Pipeline #1935 passed
...@@ -2,12 +2,11 @@ ...@@ -2,12 +2,11 @@
# "issuer"-type system. # "issuer"-type system.
{ lib, config, ...}: { lib, config, ...}:
let let
inherit (config.grid) publicKeyPath privateKeyPath monitoringvpnEndpoint monitoringvpnIPv4; inherit (config.grid) privateKeyPath;
inherit (config.grid.issuer) issuerDomains allowedChargeOrigins; inherit (config.grid.issuer) issuerDomains allowedChargeOrigins;
in { in {
imports = [ imports = [
../../nixos/modules/monitoring/vpn/client.nix ./monitoringvpn-client.nix
../../nixos/modules/monitoring/exporters/node.nix
]; ];
options.grid.issuer = { options.grid.issuer = {
...@@ -47,26 +46,8 @@ in { ...@@ -47,26 +46,8 @@ in {
permissions = "0400"; permissions = "0400";
action = ["sudo" "systemctl" "restart" "zkapissuer.service"]; action = ["sudo" "systemctl" "restart" "zkapissuer.service"];
}; };
"monitoringvpn-secret-key" = {
destination = "/run/keys/monitoringvpn/client.key";
source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
};
"monitoringvpn-preshared-key" = {
destination = "/run/keys/monitoringvpn/preshared.key";
source = "${privateKeyPath}/monitoringvpn/preshared.key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
}; };
}; };
};
services.private-storage-issuer = { services.private-storage-issuer = {
enable = true; enable = true;
tls = true; tls = true;
...@@ -79,12 +60,7 @@ in { ...@@ -79,12 +60,7 @@ in {
domains = issuerDomains; domains = issuerDomains;
}; };
services.private-storage.monitoring.vpn.client = { services.private-storage.monitoring.exporters.node.enable = true;
enable = true;
ip = monitoringvpnIPv4;
endpoint = monitoringvpnEndpoint;
endpointPublicKeyFile = "${publicKeyPath}/monitoringvpn/server.pub";
};
system.stateVersion = "19.03"; system.stateVersion = "19.03";
}; };
......
...@@ -31,7 +31,6 @@ in { ...@@ -31,7 +31,6 @@ in {
../../nixos/modules/monitoring/server/grafana.nix ../../nixos/modules/monitoring/server/grafana.nix
../../nixos/modules/monitoring/server/prometheus.nix ../../nixos/modules/monitoring/server/prometheus.nix
../../nixos/modules/monitoring/server/loki.nix ../../nixos/modules/monitoring/server/loki.nix
../../nixos/modules/monitoring/exporters/node.nix
../../nixos/modules/monitoring/exporters/blackbox.nix ../../nixos/modules/monitoring/exporters/blackbox.nix
]; ];
...@@ -161,5 +160,7 @@ in { ...@@ -161,5 +160,7 @@ in {
inherit letsEncryptAdminEmail; inherit letsEncryptAdminEmail;
domains = cfg.monitoringDomains; domains = cfg.monitoringDomains;
}; };
services.private-storage.monitoring.exporters.node.enable = true;
}; };
} }
{ lib, config, ...}:
let
inherit (config.grid) publicKeyPath privateKeyPath monitoringvpnEndpoint monitoringvpnIPv4;
in {
config = {
deployment = {
secrets = {
"monitoringvpn-secret-key" = {
destination = "/run/keys/monitoringvpn/client.key";
source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
};
"monitoringvpn-preshared-key" = {
destination = "/run/keys/monitoringvpn/preshared.key";
source = "${privateKeyPath}/monitoringvpn/preshared.key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
};
};
};
services.private-storage.monitoring.vpn.client = {
enable = true;
ip = monitoringvpnIPv4;
endpoint = monitoringvpnEndpoint;
endpointPublicKeyFile = "${publicKeyPath}/monitoringvpn/server.pub";
};
};
}
...@@ -2,19 +2,11 @@ ...@@ -2,19 +2,11 @@
# "storage"-type system. # "storage"-type system.
{ lib, config, ...} : { lib, config, ...} :
let let
inherit (config.grid) publicKeyPath privateKeyPath monitoringvpnIPv4 monitoringvpnEndpoint; inherit (config.grid) privateKeyPath;
in { in {
# Any extra NixOS modules to load on this server. # Any extra NixOS modules to load on this server.
imports = [ imports = [
# Bring in our module for configuring the Tahoe-LAFS service and other ./monitoringvpn-client.nix
# Private Storage-specific things.
../../nixos/modules/private-storage.nix
# Connect to the monitoringvpn.
../../nixos/modules/monitoring/vpn/client.nix
# Expose base system metrics over the monitoringvpn.
../../nixos/modules/monitoring/exporters/node.nix
# Collect Tahoe OpenMetrics statistics.
../../nixos/modules/monitoring/exporters/tahoe.nix
]; ];
options.grid.storage = { options.grid.storage = {
...@@ -48,25 +40,10 @@ in { ...@@ -48,25 +40,10 @@ in {
# extract it from the tahoe-lafs nixos module somehow? # extract it from the tahoe-lafs nixos module somehow?
action = ["sudo" "systemctl" "restart" "tahoe.storage.service"]; action = ["sudo" "systemctl" "restart" "tahoe.storage.service"];
}; };
"monitoringvpn-secret-key" = {
destination = "/run/keys/monitoringvpn/client.key";
source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
};
"monitoringvpn-preshared-key" = {
destination = "/run/keys/monitoringvpn/preshared.key";
source = "${privateKeyPath}/monitoringvpn/preshared.key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
};
}; };
}; };
services.private-storage.monitoring.exporters.node.enable = true;
services.private-storage.monitoring.exporters.tahoe.enable = true; services.private-storage.monitoring.exporters.tahoe.enable = true;
# Turn on the Private Storage (Tahoe-LAFS) service. # Turn on the Private Storage (Tahoe-LAFS) service.
...@@ -77,12 +54,5 @@ in { ...@@ -77,12 +54,5 @@ in {
ristrettoSigningKeyPath = config.deployment.secrets.ristretto-signing-key.destination; ristrettoSigningKeyPath = config.deployment.secrets.ristretto-signing-key.destination;
inherit (config.grid.storage) passValue publicStoragePort; inherit (config.grid.storage) passValue publicStoragePort;
}; };
services.private-storage.monitoring.vpn.client = {
enable = true;
ip = monitoringvpnIPv4;
endpoint = monitoringvpnEndpoint;
endpointPublicKeyFile = "${publicKeyPath}/monitoringvpn/server.pub";
};
}; };
} }
...@@ -12,6 +12,10 @@ ...@@ -12,6 +12,10 @@
imports = [ imports = [
./packages.nix ./packages.nix
./issuer.nix ./issuer.nix
./private-storage.nix
./monitoring/vpn/client.nix
./monitoring/exporters/node.nix
./monitoring/exporters/tahoe.nix
./monitoring/exporters/promtail.nix ./monitoring/exporters/promtail.nix
]; ];
} }
...@@ -16,13 +16,15 @@ let ...@@ -16,13 +16,15 @@ let
in { in {
options.services.private-storage.monitoring.exporters.node = { options.services.private-storage.monitoring.exporters.node = {
enable = lib.mkEnableOption "Base system metrics collection";
textfiles-directory = lib.mkOption { textfiles-directory = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "Directory used by the textfiles collector."; description = "Directory used by the textfiles collector.";
default = "/run/prometheus-node-exporter"; default = "/run/prometheus-node-exporter";
}; };
}; };
config.services.prometheus.exporters.node = {
config.services.prometheus.exporters.node = lib.mkIf cfg.enable {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
firewallFilter = "-i monitoringvpn -p tcp -m tcp --dport 9100"; firewallFilter = "-i monitoringvpn -p tcp -m tcp --dport 9100";
......
...@@ -39,6 +39,15 @@ in { ...@@ -39,6 +39,15 @@ in {
config = config =
lib.mkIf cfg.enable { lib.mkIf cfg.enable {
assertions = [
{
assertion = config.services.private-storage.monitoring.exporters.node.enable;
message = ''
services.private-storage.monitoring.tahoe requires services.private-storage.monitoring.exporters.node to provide the textfile prometheus collector.
'';
}
];
environment.systemPackages = [ pkgs.curl ]; environment.systemPackages = [ pkgs.curl ];
systemd.services.tahoe-metrics-collector = { systemd.services.tahoe-metrics-collector = {
......
...@@ -161,95 +161,62 @@ ...@@ -161,95 +161,62 @@
"type": "timeseries" "type": "timeseries"
}, },
{ {
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"description": "", "description": "",
"fieldConfig": { "fieldConfig": {
"defaults": { "defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short" "unit": "short"
}, },
"overrides": [ "overrides": []
{
"matcher": {
"id": "byName",
"options": "Redeemed vouchers"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "yellow",
"mode": "fixed"
}
}
]
}
]
}, },
"fill": 1,
"fillGradient": 0,
"gridPos": { "gridPos": {
"h": 7, "h": 7,
"w": 12, "w": 12,
"x": 12, "x": 12,
"y": 1 "y": 1
}, },
"hiddenSeries": false,
"id": 20, "id": 20,
"options": {
"legend": { "legend": {
"calcs": [], "avg": false,
"displayMode": "list", "current": false,
"placement": "bottom" "max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"nullPointMode": "null",
"options": {
"alertThreshold": true
}, },
"tooltip": { "percentage": false,
"mode": "single" "pluginVersion": "8.3.5",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "Issued signatures",
"yaxis": 2
} }
}, ],
"pluginVersion": "8.3.4", "spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [ "targets": [
{ {
"datasource": {
"type": "prometheus",
"uid": "000000001"
},
"exemplar": true, "exemplar": true,
"expr": "payment_redemption_signatures_issued", "expr": "payment_redemption_signatures_issued",
"interval": "", "interval": "",
...@@ -257,6 +224,10 @@ ...@@ -257,6 +224,10 @@
"refId": "A" "refId": "A"
}, },
{ {
"datasource": {
"type": "prometheus",
"uid": "000000001"
},
"exemplar": true, "exemplar": true,
"expr": "payment_redemption_vouchers_redeemed", "expr": "payment_redemption_vouchers_redeemed",
"format": "time_series", "format": "time_series",
...@@ -266,8 +237,37 @@ ...@@ -266,8 +237,37 @@
"refId": "B" "refId": "B"
} }
], ],
"thresholds": [],
"timeRegions": [],
"title": "Redemption", "title": "Redemption",
"type": "timeseries" "tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"mode": "time",
"show": false,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:408",
"format": "short",
"logBase": 1,
"show": true
},
{
"$$hashKey": "object:409",
"format": "short",
"logBase": 1,
"show": true
}
],
"yaxis": {
"align": false
}
}, },
{ {
"collapsed": false, "collapsed": false,
......
{ {
"owner": "PrivateStorageio", "owner": "PrivateStorageio",
"repo": "PaymentServer", "repo": "PaymentServer",
"rev": "47478f705332b23219285e9598a69668f2c79aa1", "rev": "d82908141edcd2ddce40bc50b8b2a4f1959f1b30",
"branch": "main", "branch": "main",
"outputHashAlgo": "sha512", "outputHashAlgo": "sha512",
"outputHash": "3z62dfkyivb0l8yc1l1qm31k8sl8i88m9pzrk9nhs42kmgcqyr7sa10lavj499w9l6zvh1628ss0g5pza5yaji537r1bc51qqfszydl" "outputHash": "0r84hjrd03znizr915nn886rybxn9pq4h8fsf6vx8jkh05whr2b950rk4ld3mi9gq75cksd688pi1aqyy9in3ybll2b1m98j9f0h7mz"
} }
\ No newline at end of file
{ {
"name": "source", "name": "source",
"url": "https://releases.nixos.org/nixos/21.11/nixos-21.11.336045.4afca382d80/nixexprs.tar.xz", "url": "https://releases.nixos.org/nixos/21.11/nixos-21.11.336340.2ebb6c1e5ae/nixexprs.tar.xz",
"sha256": "1af93alrn7iwv6kjm9r941wafjgpx142psjpix45qn2p50lbpxyx" "sha256": "1hi47fq801v2bk7ms50sz7a8744zfkkk27kxjpbxzv1n6k0n1w1q"
} }
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment