From 8d52252c231d151531b9747486e142d2e4b2505b Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone <exarkun@twistedmatrix.com> Date: Thu, 24 Jun 2021 10:29:21 -0400 Subject: [PATCH] Monitoring-related documentation and cleanups --- morph/lib/customize-monitoring.nix | 24 ++++++++++++++++++++++-- morph/lib/monitoring.nix | 20 ++------------------ 2 files changed, 24 insertions(+), 20 deletions(-) diff --git a/morph/lib/customize-monitoring.nix b/morph/lib/customize-monitoring.nix index c81a765f..8df7f458 100644 --- a/morph/lib/customize-monitoring.nix +++ b/morph/lib/customize-monitoring.nix @@ -1,10 +1,30 @@ -{ hostsMap +# Define a function which returns a value which fills in all the holes left by +# ``monitoring.nix``. +{ + # A set mapping VPN IP addresses as strings to lists of hostnames as + # strings. The system's ``/etc/hosts`` will be populated with this + # information. + hostsMap + + # See ``customize-issuer.nix``. , monitoringvpnKeyDir -, publicIPv4 , monitoringvpnIPv4 + + # XXX To be removed +, publicIPv4 + + # A list of VPN IP addresses as strings indicating which clients will be + # allowed onto the VPN. , vpnClientIPs + + # A list of VPN clients (IP addresses or hostnames) as strings indicating + # which nodes to scrape metrics from. , nodeExporterTargets + + # ... , nginxExporterTargets ? [] + + # A string giving the NixOS state version for the system. , stateVersion , ... }: { diff --git a/morph/lib/monitoring.nix b/morph/lib/monitoring.nix index 2001dea8..b48820f0 100644 --- a/morph/lib/monitoring.nix +++ b/morph/lib/monitoring.nix @@ -1,8 +1,9 @@ +# Similar to ``issuer.nix`` but for a "monitoring"-type system. Holes are +# filled by ``customize-monitoring.nix``. rec { deployment = { secrets = { "monitoringvpn-private-key" = { - # source = ...; destination = "/run/keys/monitoringvpn/server.key"; owner.user = "root"; owner.group = "root"; @@ -10,7 +11,6 @@ rec { action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"]; }; "monitoringvpn-preshared-key" = { - # source = ...; destination = "/run/keys/monitoringvpn/preshared.key"; owner.user = "root"; owner.group = "root"; @@ -29,25 +29,9 @@ rec { # ../../nixos/modules/monitoring/server/loki.nix ]; - services.private-storage.monitoring.vpn.server = { - # enable = ...; - # ip = ...; - # vpnClientIPs = ...; - # pubKeysPath = ...; - }; - services.private-storage.monitoring.grafana = { domain = "monitoring.private.storage"; prometheusUrl = "http://localhost:9090/"; lokiUrl = "http://localhost:3100/"; }; - - services.private-storage.monitoring.prometheus = { - # nodeExporterTargets = ...; - # nginxExporterTargets = ...; - }; - - # system.stateVersion = ...; - - # networking.hosts = ...; } -- GitLab