From f1d249d4c036422a78c08658e980b20365884dc1 Mon Sep 17 00:00:00 2001 From: arcnmx Date: Sat, 1 Jun 2024 11:24:51 -0700 Subject: [PATCH] chore(monitoring): nf-fmt-nix --- modules/extern/nixos/monitoring.nix | 2 +- modules/nixos/gatus.nix | 72 +++++------ modules/nixos/monitoring/source/promtail.nix | 2 +- modules/system/access.nix | 9 +- modules/system/exports/dnsmasq.nix | 6 +- modules/system/exports/monitoring.nix | 69 +++++++---- modules/system/exports/nginx.nix | 6 +- modules/system/exports/services.nix | 6 +- nixos/monitoring/gatus.nix | 121 ++++++++++++------- nixos/monitoring/grafana-alerting.nix | 50 ++++---- 10 files changed, 208 insertions(+), 135 deletions(-) diff --git a/modules/extern/nixos/monitoring.nix b/modules/extern/nixos/monitoring.nix index 8988aa1e..fa0d61c9 100644 --- a/modules/extern/nixos/monitoring.nix +++ b/modules/extern/nixos/monitoring.nix @@ -88,7 +88,7 @@ let url = "${cfg.lokiUrl}/loki/api/v1/push"; } ]; - scrape_configs = mkIf cfg.journald.enable [ (unmerged.mergeAttrs cfg.journald.settings) ]; + scrape_configs = mkIf cfg.journald.enable [(unmerged.mergeAttrs cfg.journald.settings)]; }; }; }; diff --git a/modules/nixos/gatus.nix b/modules/nixos/gatus.nix index 60dc151e..09ee55ee 100644 --- a/modules/nixos/gatus.nix +++ b/modules/nixos/gatus.nix @@ -1,6 +1,9 @@ -{ config, lib, pkgs, ... }: - -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) types mkIf mkOption mkEnableOption mkPackageOption mkOptionDefault; cfg = config.services.gatus; @@ -13,7 +16,7 @@ in { options.services.gatus = { enable = mkEnableOption "a developer-oriented service status page"; - package = mkPackageOption pkgs "gatus" { }; + package = mkPackageOption pkgs "gatus" {}; user = mkOption { type = types.str; @@ -38,13 +41,13 @@ in { metrics = mkEnableOption "expose metrics at /metrics"; storage = { - path = mkOption { type = types.path; }; - type = mkOption { type = types.enum [ "memory" "sqlite" "postgres" ]; }; + path = mkOption {type = types.path;}; + type = mkOption {type = types.enum ["memory" "sqlite" "postgres"];}; caching = mkEnableOption "write-through caching"; }; endpoints = mkOption { - type = types.attrsOf (types.submodule ({ name, ... }: { + type = types.attrsOf (types.submodule ({name, ...}: { options = { enabled = mkOption { type = types.bool; @@ -68,7 +71,7 @@ in { See [https://github.com/TwiN/gatus#endpoint-groups](Endpoint groups). ''; }; - url = mkOption { type = types.str; }; + url = mkOption {type = types.str;}; method = mkOption { type = types.enum [ "GET" @@ -111,9 +114,9 @@ in { }; headers = mkOption { type = types.submodule { - freeformType = (pkgs.formats.yaml { }).type; + freeformType = (pkgs.formats.yaml {}).type; }; - default = { }; + default = {}; description = '' Request headers. ''; @@ -122,7 +125,7 @@ in { type = types.nullOr (types.submodule { options = { query-type = mkOption { - type = types.enum [ "A" "AAAA" "CNAME" "MX" "NS" ]; + type = types.enum ["A" "AAAA" "CNAME" "MX" "NS"]; description = '' Query type (e.g. MX) ''; @@ -187,20 +190,21 @@ in { type = types.bool; default = true; }; - failure-threshold = mkOption { type = types.ints.positive; }; - success-threshold = mkOption { type = types.ints.positive; }; - send-on-resolved = mkEnableOption + failure-threshold = mkOption {type = types.ints.positive;}; + success-threshold = mkOption {type = types.ints.positive;}; + send-on-resolved = + mkEnableOption "sending a notification once a triggered alert is marked as solved"; - description = mkOption { type = types.str; }; + description = mkOption {type = types.str;}; }; }); - default = [ ]; + default = []; }; client = mkOption { type = types.submodule { - freeformType = (pkgs.formats.yaml { }).type; + freeformType = (pkgs.formats.yaml {}).type; }; - default = { }; + default = {}; description = '' [https://github.com/TwiN/gatus#client-configuration](Client configuration). ''; @@ -215,7 +219,7 @@ in { mkEnableOption "resolving failed conditions for the UI"; badge.response-time.thresholds = mkOption { type = types.listOf types.ints.positive; - default = [ 50 200 300 500 750 ]; + default = [50 200 300 500 750]; description = '' List of response time thresholds. Each time a threshold is reached, the badge has a different color. @@ -223,20 +227,21 @@ in { }; }; }; - config = { name = mkOptionDefault name; }; + config = {name = mkOptionDefault name;}; })); - default = { }; + default = {}; }; alerting = mkOption { - type = types.submodule { freeformType = (pkgs.formats.yaml { }).type; }; - default = { }; + type = types.submodule {freeformType = (pkgs.formats.yaml {}).type;}; + default = {}; description = '' [https://github.com/TwiN/gatus#alerting](Alerting configuration). ''; }; security = mkOption { - type = types.nullOr - (types.submodule { freeformType = (pkgs.formats.yaml { }).type; }); + type = + types.nullOr + (types.submodule {freeformType = (pkgs.formats.yaml {}).type;}); default = null; description = '' [https://github.com/TwiN/gatus#security](Security configuration). @@ -269,8 +274,7 @@ in { certificate-file = mkOption { type = types.nullOr types.path; default = null; - description = - "Optional public certificate file for TLS in PEM format"; + description = "Optional public certificate file for TLS in PEM format"; }; private-key-file = mkOption { type = types.nullOr types.path; @@ -305,8 +309,8 @@ in { config = mkIf cfg.enable { systemd.services.gatus = { description = "Automated developer-oriented status page"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; environment.GATUS_CONFIG_PATH = "${configFile}"; @@ -318,9 +322,9 @@ in { StateDirectory = "gatus"; LogsDirectory = "gatus"; EnvironmentFile = - mkIf (cfg.environmentFile != null) [ cfg.environmentFile ]; + mkIf (cfg.environmentFile != null) [cfg.environmentFile]; - AmbientCapabilities = [ "CAP_NET_RAW" ]; # needed for ICMP probes + AmbientCapabilities = ["CAP_NET_RAW"]; # needed for ICMP probes DevicePolicy = "closed"; LockPersonality = true; MemoryDenyWriteExecute = true; @@ -339,7 +343,7 @@ in { ProtectProc = "invisible"; ProtectSystem = "strict"; RemoveIPC = true; - RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; + RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"]; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; @@ -351,7 +355,7 @@ in { }; }; - users.groups = mkIf (cfg.group == "gatus") { ${cfg.group} = { }; }; + users.groups = mkIf (cfg.group == "gatus") {${cfg.group} = {};}; users.users = mkIf (cfg.user == "gatus") { ${cfg.user} = { @@ -362,5 +366,5 @@ in { }; }; - meta.maintainers = with lib.maintainers; [ christoph-heiss ]; + meta.maintainers = with lib.maintainers; [christoph-heiss]; } diff --git a/modules/nixos/monitoring/source/promtail.nix b/modules/nixos/monitoring/source/promtail.nix index f2ac6ed7..1e576d03 100644 --- a/modules/nixos/monitoring/source/promtail.nix +++ b/modules/nixos/monitoring/source/promtail.nix @@ -15,7 +15,7 @@ in { grpc_listen_port = mkOptionDefault 0; }; clients = let - baseUrl = access.proxyUrlFor { serviceName = "loki"; }; + baseUrl = access.proxyUrlFor {serviceName = "loki";}; in [ { url = "${baseUrl}/loki/api/v1/push"; diff --git a/modules/system/access.nix b/modules/system/access.nix index 3f91a059..88f9b5f5 100644 --- a/modules/system/access.nix +++ b/modules/system/access.nix @@ -169,13 +169,16 @@ getAddressFor ? "getAddressFor", }: let scheme' = - if scheme == null then "${port.protocol}://" - else if scheme == "" then "" + if scheme == null + then "${port.protocol}://" + else if scheme == "" + then "" else "${scheme}://"; port' = if !port.enable then throw "${system.name}.exports.services.${service.name}.ports.${portName} isn't enabled" - else if port.port == defaultPort then "" + else if port.port == defaultPort + then "" else ":${toString port.port}"; url = "${scheme'}${mkAddress6 host}${port'}"; in diff --git a/modules/system/exports/dnsmasq.nix b/modules/system/exports/dnsmasq.nix index ae76cf58..0f07a40d 100644 --- a/modules/system/exports/dnsmasq.nix +++ b/modules/system/exports/dnsmasq.nix @@ -6,7 +6,11 @@ inherit (gensokyo-zone.lib) mkAlmostOptionDefault; inherit (lib.modules) mkOptionDefault; in { - config.exports.services.dnsmasq = {system, config, ...}: { + config.exports.services.dnsmasq = { + system, + config, + ... + }: { displayName = mkAlmostOptionDefault "Dnsmasq"; id = mkAlmostOptionDefault "dns"; nixos = { diff --git a/modules/system/exports/monitoring.nix b/modules/system/exports/monitoring.nix index aebb888f..0e3a53ff 100644 --- a/modules/system/exports/monitoring.nix +++ b/modules/system/exports/monitoring.nix @@ -1,5 +1,11 @@ let - portModule = {system, config, gensokyo-zone, lib, ...}: let + portModule = { + system, + config, + gensokyo-zone, + lib, + ... + }: let inherit (gensokyo-zone.lib) unmerged; inherit (lib.options) mkOption mkEnableOption; inherit (lib.modules) mkIf mkMerge mkOptionDefault; @@ -11,17 +17,21 @@ let status = { enable = mkEnableOption "status checks"; alert = { - enable = mkEnableOption "health check alerts" // { - default = system.exports.status.alert.enable; - }; + enable = + mkEnableOption "health check alerts" + // { + default = system.exports.status.alert.enable; + }; }; gatus = { - enable = mkEnableOption "gatus" // { - default = true; - }; + enable = + mkEnableOption "gatus" + // { + default = true; + }; client = { network = mkOption { - type = enum [ "ip" "ip4" "ip6" ]; + type = enum ["ip" "ip4" "ip6"]; default = "ip"; }; }; @@ -47,15 +57,20 @@ let status.gatus = let cfg = config.status.gatus; defaultProtocol = - if config.protocol != null then mkOptionDefault config.protocol - else if config.starttls then mkOptionDefault "starttls" - else if config.ssl then mkOptionDefault "tls" - else if config.transport != "unix" then mkOptionDefault config.transport + if config.protocol != null + then mkOptionDefault config.protocol + else if config.starttls + then mkOptionDefault "starttls" + else if config.ssl + then mkOptionDefault "tls" + else if config.transport != "unix" + then mkOptionDefault config.transport else mkIf false (throw "unreachable"); in { protocol = defaultProtocol; http.statusCondition = mkOptionDefault ( - if cfg.protocol == "http" || cfg.protocol == "https" then "[STATUS] == 200" + if cfg.protocol == "http" || cfg.protocol == "https" + then "[STATUS] == 200" else null ); settings = mkMerge [ @@ -174,27 +189,37 @@ in name = "node"; port = 9091; } + { + name = "unifi"; + port = 9130; + } ]; in { options.exports = with lib.types; { prometheus = { exporter = { - enable = mkEnableOption "prometheus ingress" // { - default = config.access.online.enable; - }; + enable = + mkEnableOption "prometheus ingress" + // { + default = config.access.online.enable; + }; services = mkOption { type = listOf str; }; }; }; status = { - enable = mkEnableOption "status checks" // { - default = config.access.online.enable; - }; - alert = { - enable = mkEnableOption "health check alerts" // { - default = config.access.online.enable && config.type == "NixOS"; + enable = + mkEnableOption "status checks" + // { + default = config.access.online.enable; }; + alert = { + enable = + mkEnableOption "health check alerts" + // { + default = config.access.online.enable && config.type == "NixOS"; + }; }; services = mkOption { type = listOf str; diff --git a/modules/system/exports/nginx.nix b/modules/system/exports/nginx.nix index e970bc2c..33d00df8 100644 --- a/modules/system/exports/nginx.nix +++ b/modules/system/exports/nginx.nix @@ -7,7 +7,11 @@ inherit (lib.modules) mkIf; inherit (lib.attrsets) mapAttrs; in { - config.exports.services.nginx = {config, system, ...}: let + config.exports.services.nginx = { + config, + system, + ... + }: let mkAssertion = f: nixosConfig: let cfg = nixosConfig.services.nginx; in diff --git a/modules/system/exports/services.nix b/modules/system/exports/services.nix index 19c798d2..735d3bfd 100644 --- a/modules/system/exports/services.nix +++ b/modules/system/exports/services.nix @@ -31,8 +31,10 @@ displayName = mkOption { type = nullOr str; default = - if config.name == "default" then null - else if config.ssl && (config.name == "ssl" || config.name == "https") then "SSL" + if config.name == "default" + then null + else if config.ssl && (config.name == "ssl" || config.name == "https") + then "SSL" else config.name; }; listen = mkOption { diff --git a/nixos/monitoring/gatus.nix b/nixos/monitoring/gatus.nix index 18d59938..99301077 100644 --- a/nixos/monitoring/gatus.nix +++ b/nixos/monitoring/gatus.nix @@ -17,17 +17,25 @@ statusServices = map (serviceName: system.config.exports.services.${serviceName}) system.config.exports.status.services; serviceEndpoints = concatMap (mkServiceEndpoint system) statusServices; systemEndpoint = mkSystemEndpoint system; - in serviceEndpoints ++ [ systemEndpoint ]; - mkPortEndpoint = { system, service, port, unique }: let + in + serviceEndpoints ++ [systemEndpoint]; + mkPortEndpoint = { + system, + service, + port, + unique, + }: let inherit (port.status) gatus; hasId = service.id != service.name; displayName = service.displayName + optionalString (!unique && port.displayName != null) "/${port.displayName}"; name = concatStringsSep "-" ([ - service.name - ] ++ optional hasId service.id ++ [ - port.name - system.config.name - ]); + service.name + ] + ++ optional hasId service.id + ++ [ + port.name + system.config.name + ]); #network = port.listen; network = "lan"; protocolOverrides = { @@ -37,16 +45,24 @@ }; starttls.host = system.config.access.fqdn; }; - urlConf = { - inherit service port network; - system = system.config; - scheme = gatus.protocol; - ${if gatus.client.network != "ip" then "getAddressFor" else null} = { - ip = "getAddressFor"; - ip4 = "getAddress4For"; - ip6 = "getAddress6For"; - }.${gatus.client.network}; - } // protocolOverrides.${gatus.protocol} or { }; + urlConf = + { + inherit service port network; + system = system.config; + scheme = gatus.protocol; + ${ + if gatus.client.network != "ip" + then "getAddressFor" + else null + } = + { + ip = "getAddressFor"; + ip4 = "getAddress4For"; + ip6 = "getAddress6For"; + } + .${gatus.client.network}; + } + // protocolOverrides.${gatus.protocol} or {}; url = access.proxyUrlFor urlConf + optionalString (gatus.http.path != "/") gatus.http.path; conf = { enabled = mkIf (gatus.protocol == "starttls") (mkAlmostOptionDefault false); @@ -55,41 +71,54 @@ url = mkOptionDefault url; client.network = mkAlmostOptionDefault gatus.client.network; }; - in nameValuePair name (_: { - imports = [ alertingConfig ] - ++ optional port.status.alert.enable alertingConfigAlerts - ++ optional (gatus.protocol == "http" || gatus.protocol == "https") alertingConfigHttp; + in + nameValuePair name (_: { + imports = + [alertingConfig] + ++ optional port.status.alert.enable alertingConfigAlerts + ++ optional (gatus.protocol == "http" || gatus.protocol == "https") alertingConfigHttp; - config = mkMerge [ - (unmerged.mergeAttrs gatus.settings) - conf - ]; - }); + config = mkMerge [ + (unmerged.mergeAttrs gatus.settings) + conf + ]; + }); mkServiceEndpoint = system: service: let - statusPorts = map /*lib.attrsets.getAttr*/(portName: service.ports.${portName}) service.status.ports; + statusPorts = + map + (portName: service.ports.${portName}) + service.status.ports; gatusPorts = filter (port: port.status.gatus.enable) statusPorts; unique = length gatusPorts == 1; - in map (port: mkPortEndpoint { - inherit system service port unique; - }) gatusPorts; + in + map (port: + mkPortEndpoint { + inherit system service port unique; + }) + gatusPorts; mkSystemEndpoint = system: let inherit (system.config.exports) status; network = "lan"; - getAddressFor = if system.config.network.networks.local.address4 or null != null then "getAddress4For" else "getAddressFor"; + getAddressFor = + if system.config.network.networks.local.address4 or null != null + then "getAddress4For" + else "getAddressFor"; addr = access.${getAddressFor} system.config.name network; addrIs6 = hasInfix ":" addr; - in nameValuePair "ping-${system.config.name}" (_: { - imports = [ alertingConfig ] - ++ optional status.alert.enable alertingConfigAlerts; - config = { - name = mkAlmostOptionDefault system.config.name; - # XXX: it can't seem to ping ipv6 for some reason..? :< - enabled = mkIf addrIs6 (mkAlmostOptionDefault false); - client.network = mkIf addrIs6 (mkAlmostOptionDefault "ip6"); - group = mkAlmostOptionDefault (groups.forSystem system); - url = mkOptionDefault "icmp://${mkAddress6 addr}"; - }; - }); + in + nameValuePair "ping-${system.config.name}" (_: { + imports = + [alertingConfig] + ++ optional status.alert.enable alertingConfigAlerts; + config = { + name = mkAlmostOptionDefault system.config.name; + # XXX: it can't seem to ping ipv6 for some reason..? :< + enabled = mkIf addrIs6 (mkAlmostOptionDefault false); + client.network = mkIf addrIs6 (mkAlmostOptionDefault "ip6"); + group = mkAlmostOptionDefault (groups.forSystem system); + url = mkOptionDefault "icmp://${mkAddress6 addr}"; + }; + }); alertingConfigAlerts = { alerts = [ { @@ -105,7 +134,7 @@ # Common interval for refreshing all basic HTTP endpoints interval = mkAlmostOptionDefault "30s"; }; - alertingConfig = { config, ... }: let + alertingConfig = {config, ...}: let isLan = match ''.*(::|10\.|127\.|\.(local|int|tail)\.).*'' config.url != null; isDns = hasPrefix "dns://" config.url || config.dns.query-name or null != null; in { @@ -131,7 +160,9 @@ systems = "Systems"; forSystem = system: let node = systems.${system.config.proxmox.node.name}.config; - in if system.config.proxmox.enabled then "${groups.systems}/${node.name}" + in + if system.config.proxmox.enabled + then "${groups.systems}/${node.name}" else groups.systems; }; in { diff --git a/nixos/monitoring/grafana-alerting.nix b/nixos/monitoring/grafana-alerting.nix index 04117bf3..8822e1bd 100644 --- a/nixos/monitoring/grafana-alerting.nix +++ b/nixos/monitoring/grafana-alerting.nix @@ -1,26 +1,26 @@ -{ config, ... }: { - sops.secrets.grafana_discord_webhook_url = { - sopsFile = ../secrets/grafana.yaml; - owner = "grafana"; - }; - services.grafana.provision.alerting.contactPoints.settings = { - apiVersion = 1; - contactPoints = [ - { - orgId = 1; - name = "Discord"; - receivers = [ - { - uid = "discord_alerting"; - type = "discord"; - disableResolveMessage = false; - settings = { - url = "$__file{${config.sops.secrets.grafana_discord_webhook_url.path}}"; - #avatar_url = ""; - }; - } - ]; - } +{config, ...}: { + sops.secrets.grafana_discord_webhook_url = { + sopsFile = ../secrets/grafana.yaml; + owner = "grafana"; + }; + services.grafana.provision.alerting.contactPoints.settings = { + apiVersion = 1; + contactPoints = [ + { + orgId = 1; + name = "Discord"; + receivers = [ + { + uid = "discord_alerting"; + type = "discord"; + disableResolveMessage = false; + settings = { + url = "$__file{${config.sops.secrets.grafana_discord_webhook_url.path}}"; + #avatar_url = ""; + }; + } ]; - }; -} \ No newline at end of file + } + ]; + }; +}