feat(access): monitoring

2026-02-09 12:29:19 -08:00 · 2024-05-30 15:09:27 -07:00 · 2024-05-30 15:09:27 -07:00 · 0397043f88
commit 0397043f88
parent 511a02931a
13 changed files with 323 additions and 94 deletions
--- a/nixos/access/grafana.nix
+++ b/nixos/access/grafana.nix
@ -0,0 +1,50 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.modules) mkIf mkDefault;
+  inherit (config.services) grafana;
+  name.shortServer = mkDefault "mon";
+  upstreamName = "grafana'access";
+in {
+  config.services.nginx = {
+    upstreams'.${upstreamName}.servers = {
+      local = {
+        enable = mkDefault grafana.enable;
+        addr = mkDefault "localhost";
+        port = mkIf grafana.enable (mkDefault grafana.settings.server.http_port);
+      };
+      service = {upstream, ...}: {
+        enable = mkIf upstream.servers.local.enable (mkDefault false);
+        accessService = {
+          name = "grafana";
+        };
+      };
+    };
+    virtualHosts = let
+      copyFromVhost = mkDefault "grafana";
+      vouch.enable = mkDefault true;
+      locations = {
+        "/" = {
+          proxy.enable = true;
+        };
+      };
+    in {
+      grafana = {
+        inherit name locations vouch;
+        proxy.upstream = mkDefault upstreamName;
+      };
+      grafana'local = {
+        inherit name locations;
+        ssl.cert = {
+          inherit copyFromVhost;
+        };
+        proxy = {
+          inherit copyFromVhost;
+        };
+        local.enable = mkDefault true;
+      };
+    };
+  };
+}
--- a/nixos/access/loki.nix
+++ b/nixos/access/loki.nix
@ -0,0 +1,51 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.modules) mkIf mkDefault;
+  inherit (config.services) loki;
+  name.shortServer = mkDefault "logs";
+  upstreamName = "loki'access";
+in {
+  config.services.nginx = {
+    # TODO: gRPC port?
+    upstreams'.${upstreamName}.servers = {
+      local = {
+        enable = mkDefault loki.enable;
+        addr = mkDefault "localhost";
+        port = mkIf loki.enable (mkDefault loki.configuration.server.http_listen_port);
+      };
+      service = {upstream, ...}: {
+        enable = mkIf upstream.servers.local.enable (mkDefault false);
+        accessService = {
+          name = "loki";
+        };
+      };
+    };
+    virtualHosts = let
+      copyFromVhost = mkDefault "loki";
+      vouch.enable = mkDefault true;
+      locations = {
+        "/" = {
+          proxy.enable = true;
+        };
+      };
+    in {
+      loki = {
+        inherit name locations vouch;
+        proxy.upstream = mkDefault upstreamName;
+      };
+      loki'local = {
+        inherit name locations vouch;
+        ssl.cert = {
+          inherit copyFromVhost;
+        };
+        proxy = {
+          inherit copyFromVhost;
+        };
+        local.enable = mkDefault true;
+      };
+    };
+  };
+}
--- a/nixos/access/prometheus.nix
+++ b/nixos/access/prometheus.nix
@ -0,0 +1,50 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.modules) mkIf mkDefault;
+  inherit (config.services) prometheus;
+  name.shortServer = mkDefault "prometheus";
+  upstreamName = "prometheus'access";
+in {
+  config.services.nginx = {
+    upstreams'.${upstreamName}.servers = {
+      local = {
+        enable = mkDefault prometheus.enable;
+        addr = mkDefault "localhost";
+        port = mkIf prometheus.enable (mkDefault prometheus.port);
+      };
+      service = {upstream, ...}: {
+        enable = mkIf upstream.servers.local.enable (mkDefault false);
+        accessService = {
+          name = "prometheus";
+        };
+      };
+    };
+    virtualHosts = let
+      copyFromVhost = mkDefault "prometheus";
+      vouch.enable = mkDefault true;
+      locations = {
+        "/" = {
+          proxy.enable = true;
+        };
+      };
+    in {
+      prometheus = {
+        inherit name locations vouch;
+        proxy.upstream = mkDefault upstreamName;
+      };
+      prometheus'local = {
+        inherit name locations;
+        ssl.cert = {
+          inherit copyFromVhost;
+        };
+        proxy = {
+          inherit copyFromVhost;
+        };
+        local.enable = mkDefault true;
+      };
+    };
+  };
+}
--- a/nixos/base/monitoring.nix
+++ b/nixos/base/monitoring.nix
@ -1,6 +1,8 @@
-_: {
+{lib, ...}: let
+  inherit (lib.modules) mkDefault;
+in {
  services = {
-    prometheus.exporters.node.enable = true;
-    promtail.enable = true;
+    prometheus.exporters.node.enable = mkDefault true;
+    promtail.enable = mkDefault true;
  };
 }
--- a/nixos/monitoring.nix
+++ b/nixos/monitoring.nix
@ -12,11 +12,11 @@ in {
    prometheus.enable = true;
  };
  networking.firewall.interfaces.lan.allowedTCPPorts = mkMerge [
-    (mkIf grafana.enable [ grafana.port ])
+    (mkIf grafana.enable [grafana.settings.server.http_port])
    (mkIf loki.enable [
-      loki.settings.httpListenPort
-      (mkIf (loki.settings.grpcListenPort != 0) loki.settings.grpcListenPort)
+      loki.configuration.server.http_listen_port
+      (mkIf (loki.configuration.server.grpc_listen_port != 0) loki.configuration.server.grpc_listen_port)
    ])
-    (mkIf prometheus.enable [ prometheus.port ])
+    (mkIf prometheus.enable [prometheus.port])
  ];
 }