gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore(monitoring): nf-fmt-nix

Browse source
This commit is contained in:
arcnmx 2024-06-01 11:24:51 -07:00
parent 23b746191f
commit f1d249d4c0
10 changed files with 208 additions and 135 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/extern/nixos/monitoring.nix vendored
View file

@ -88,7 +88,7 @@ let
url = "${cfg.lokiUrl}/loki/api/v1/push";
}
];
scrape_configs = mkIf cfg.journald.enable [ (unmerged.mergeAttrs cfg.journald.settings) ];
scrape_configs = mkIf cfg.journald.enable [(unmerged.mergeAttrs cfg.journald.settings)];
};
};
};

72
modules/nixos/gatus.nix
View file

@ -1,6 +1,9 @@
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) types mkIf mkOption mkEnableOption mkPackageOption mkOptionDefault;
cfg = config.services.gatus;
@ -13,7 +16,7 @@ in {
options.services.gatus = {
enable = mkEnableOption "a developer-oriented service status page";
package = mkPackageOption pkgs "gatus" { };
package = mkPackageOption pkgs "gatus" {};
user = mkOption {
type = types.str;
@ -38,13 +41,13 @@ in {
metrics = mkEnableOption "expose metrics at /metrics";
storage = {
path = mkOption { type = types.path; };
type = mkOption { type = types.enum [ "memory" "sqlite" "postgres" ]; };
path = mkOption {type = types.path;};
type = mkOption {type = types.enum ["memory" "sqlite" "postgres"];};
caching = mkEnableOption "write-through caching";
};
endpoints = mkOption {
type = types.attrsOf (types.submodule ({ name, ... }: {
type = types.attrsOf (types.submodule ({name, ...}: {
options = {
enabled = mkOption {
type = types.bool;
@ -68,7 +71,7 @@ in {
See [https://github.com/TwiN/gatus#endpoint-groups](Endpoint groups).
'';
};
url = mkOption { type = types.str; };
url = mkOption {type = types.str;};
method = mkOption {
type = types.enum [
"GET"
@ -111,9 +114,9 @@ in {
};
headers = mkOption {
type = types.submodule {
freeformType = (pkgs.formats.yaml { }).type;
freeformType = (pkgs.formats.yaml {}).type;
};
default = { };
default = {};
description = ''
Request headers.
'';
@ -122,7 +125,7 @@ in {
type = types.nullOr (types.submodule {
options = {
query-type = mkOption {
type = types.enum [ "A" "AAAA" "CNAME" "MX" "NS" ];
type = types.enum ["A" "AAAA" "CNAME" "MX" "NS"];
description = ''
Query type (e.g. MX)
'';
@ -187,20 +190,21 @@ in {
type = types.bool;
default = true;
};
failure-threshold = mkOption { type = types.ints.positive; };
success-threshold = mkOption { type = types.ints.positive; };
send-on-resolved = mkEnableOption
failure-threshold = mkOption {type = types.ints.positive;};
success-threshold = mkOption {type = types.ints.positive;};
send-on-resolved =
mkEnableOption
"sending a notification once a triggered alert is marked as solved";
description = mkOption { type = types.str; };
description = mkOption {type = types.str;};
};
});
default = [ ];
default = [];
};
client = mkOption {
type = types.submodule {
freeformType = (pkgs.formats.yaml { }).type;
freeformType = (pkgs.formats.yaml {}).type;
};
default = { };
default = {};
description = ''
[https://github.com/TwiN/gatus#client-configuration](Client configuration).
'';
@ -215,7 +219,7 @@ in {
mkEnableOption "resolving failed conditions for the UI";
badge.response-time.thresholds = mkOption {
type = types.listOf types.ints.positive;
default = [ 50 200 300 500 750 ];
default = [50 200 300 500 750];
description = ''
List of response time thresholds. Each time a threshold is reached,
the badge has a different color.
@ -223,20 +227,21 @@ in {
};
};
};
config = { name = mkOptionDefault name; };
config = {name = mkOptionDefault name;};
}));
default = { };
default = {};
};
alerting = mkOption {
type = types.submodule { freeformType = (pkgs.formats.yaml { }).type; };
default = { };
type = types.submodule {freeformType = (pkgs.formats.yaml {}).type;};
default = {};
description = ''
[https://github.com/TwiN/gatus#alerting](Alerting configuration).
'';
};
security = mkOption {
type = types.nullOr
(types.submodule { freeformType = (pkgs.formats.yaml { }).type; });
type =
types.nullOr
(types.submodule {freeformType = (pkgs.formats.yaml {}).type;});
default = null;
description = ''
[https://github.com/TwiN/gatus#security](Security configuration).
@ -269,8 +274,7 @@ in {
certificate-file = mkOption {
type = types.nullOr types.path;
default = null;
description =
"Optional public certificate file for TLS in PEM format";
description = "Optional public certificate file for TLS in PEM format";
};
private-key-file = mkOption {
type = types.nullOr types.path;
@ -305,8 +309,8 @@ in {
config = mkIf cfg.enable {
systemd.services.gatus = {
description = "Automated developer-oriented status page";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
after = ["network.target"];
wantedBy = ["multi-user.target"];
environment.GATUS_CONFIG_PATH = "${configFile}";
@ -318,9 +322,9 @@ in {
StateDirectory = "gatus";
LogsDirectory = "gatus";
EnvironmentFile =
mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];
mkIf (cfg.environmentFile != null) [cfg.environmentFile];
AmbientCapabilities = [ "CAP_NET_RAW" ]; # needed for ICMP probes
AmbientCapabilities = ["CAP_NET_RAW"]; # needed for ICMP probes
DevicePolicy = "closed";
LockPersonality = true;
MemoryDenyWriteExecute = true;
@ -339,7 +343,7 @@ in {
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
@ -351,7 +355,7 @@ in {
};
};
users.groups = mkIf (cfg.group == "gatus") { ${cfg.group} = { }; };
users.groups = mkIf (cfg.group == "gatus") {${cfg.group} = {};};
users.users = mkIf (cfg.user == "gatus") {
${cfg.user} = {
@ -362,5 +366,5 @@ in {
};
};
meta.maintainers = with lib.maintainers; [ christoph-heiss ];
meta.maintainers = with lib.maintainers; [christoph-heiss];
}

2
modules/nixos/monitoring/source/promtail.nix
View file

@ -15,7 +15,7 @@ in {
grpc_listen_port = mkOptionDefault 0;
};
clients = let
baseUrl = access.proxyUrlFor { serviceName = "loki"; };
baseUrl = access.proxyUrlFor {serviceName = "loki";};
in [
{
url = "${baseUrl}/loki/api/v1/push";

9
modules/system/access.nix
View file

@ -169,13 +169,16 @@
getAddressFor ? "getAddressFor",
}: let
scheme' =
if scheme == null then "${port.protocol}://"
else if scheme == "" then ""
if scheme == null
then "${port.protocol}://"
else if scheme == ""
then ""
else "${scheme}://";
port' =
if !port.enable
then throw "${system.name}.exports.services.${service.name}.ports.${portName} isn't enabled"
else if port.port == defaultPort then ""
else if port.port == defaultPort
then ""
else ":${toString port.port}";
url = "${scheme'}${mkAddress6 host}${port'}";
in

6
modules/system/exports/dnsmasq.nix
View file

@ -6,7 +6,11 @@
inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
inherit (lib.modules) mkOptionDefault;
in {
config.exports.services.dnsmasq = {system, config, ...}: {
config.exports.services.dnsmasq = {
system,
config,
...
}: {
displayName = mkAlmostOptionDefault "Dnsmasq";
id = mkAlmostOptionDefault "dns";
nixos = {

69
modules/system/exports/monitoring.nix
View file

@ -1,5 +1,11 @@
let
portModule = {system, config, gensokyo-zone, lib, ...}: let
portModule = {
system,
config,
gensokyo-zone,
lib,
...
}: let
inherit (gensokyo-zone.lib) unmerged;
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge mkOptionDefault;
@ -11,17 +17,21 @@ let
status = {
enable = mkEnableOption "status checks";
alert = {
enable = mkEnableOption "health check alerts" // {
default = system.exports.status.alert.enable;
};
enable =
mkEnableOption "health check alerts"
// {
default = system.exports.status.alert.enable;
};
};
gatus = {
enable = mkEnableOption "gatus" // {
default = true;
};
enable =
mkEnableOption "gatus"
// {
default = true;
};
client = {
network = mkOption {
type = enum [ "ip" "ip4" "ip6" ];
type = enum ["ip" "ip4" "ip6"];
default = "ip";
};
};
@ -47,15 +57,20 @@ let
status.gatus = let
cfg = config.status.gatus;
defaultProtocol =
if config.protocol != null then mkOptionDefault config.protocol
else if config.starttls then mkOptionDefault "starttls"
else if config.ssl then mkOptionDefault "tls"
else if config.transport != "unix" then mkOptionDefault config.transport
if config.protocol != null
then mkOptionDefault config.protocol
else if config.starttls
then mkOptionDefault "starttls"
else if config.ssl
then mkOptionDefault "tls"
else if config.transport != "unix"
then mkOptionDefault config.transport
else mkIf false (throw "unreachable");
in {
protocol = defaultProtocol;
http.statusCondition = mkOptionDefault (
if cfg.protocol == "http" || cfg.protocol == "https" then "[STATUS] == 200"
if cfg.protocol == "http" || cfg.protocol == "https"
then "[STATUS] == 200"
else null
);
settings = mkMerge [
@ -174,27 +189,37 @@ in
name = "node";
port = 9091;
}
{
name = "unifi";
port = 9130;
}
];
in {
options.exports = with lib.types; {
prometheus = {
exporter = {
enable = mkEnableOption "prometheus ingress" // {
default = config.access.online.enable;
};
enable =
mkEnableOption "prometheus ingress"
// {
default = config.access.online.enable;
};
services = mkOption {
type = listOf str;
};
};
};
status = {
enable = mkEnableOption "status checks" // {
default = config.access.online.enable;
};
alert = {
enable = mkEnableOption "health check alerts" // {
default = config.access.online.enable && config.type == "NixOS";
enable =
mkEnableOption "status checks"
// {
default = config.access.online.enable;
};
alert = {
enable =
mkEnableOption "health check alerts"
// {
default = config.access.online.enable && config.type == "NixOS";
};
};
services = mkOption {
type = listOf str;

6
modules/system/exports/nginx.nix
View file

@ -7,7 +7,11 @@
inherit (lib.modules) mkIf;
inherit (lib.attrsets) mapAttrs;
in {
config.exports.services.nginx = {config, system, ...}: let
config.exports.services.nginx = {
config,
system,
...
}: let
mkAssertion = f: nixosConfig: let
cfg = nixosConfig.services.nginx;
in

6
modules/system/exports/services.nix
View file

@ -31,8 +31,10 @@
displayName = mkOption {
type = nullOr str;
default =
if config.name == "default" then null
else if config.ssl && (config.name == "ssl" || config.name == "https") then "SSL"
if config.name == "default"
then null
else if config.ssl && (config.name == "ssl" || config.name == "https")
then "SSL"
else config.name;
};
listen = mkOption {

121
nixos/monitoring/gatus.nix
View file

@ -17,17 +17,25 @@
statusServices = map (serviceName: system.config.exports.services.${serviceName}) system.config.exports.status.services;
serviceEndpoints = concatMap (mkServiceEndpoint system) statusServices;
systemEndpoint = mkSystemEndpoint system;
in serviceEndpoints ++ [ systemEndpoint ];
mkPortEndpoint = { system, service, port, unique }: let
in
serviceEndpoints ++ [systemEndpoint];
mkPortEndpoint = {
system,
service,
port,
unique,
}: let
inherit (port.status) gatus;
hasId = service.id != service.name;
displayName = service.displayName + optionalString (!unique && port.displayName != null) "/${port.displayName}";
name = concatStringsSep "-" ([
service.name
] ++ optional hasId service.id ++ [
port.name
system.config.name
]);
service.name
]
++ optional hasId service.id
++ [
port.name
system.config.name
]);
#network = port.listen;
network = "lan";
protocolOverrides = {
@ -37,16 +45,24 @@
};
starttls.host = system.config.access.fqdn;
};
urlConf = {
inherit service port network;
system = system.config;
scheme = gatus.protocol;
${if gatus.client.network != "ip" then "getAddressFor" else null} = {
ip = "getAddressFor";
ip4 = "getAddress4For";
ip6 = "getAddress6For";
}.${gatus.client.network};
} // protocolOverrides.${gatus.protocol} or { };
urlConf =
{
inherit service port network;
system = system.config;
scheme = gatus.protocol;
${
if gatus.client.network != "ip"
then "getAddressFor"
else null
} =
{
ip = "getAddressFor";
ip4 = "getAddress4For";
ip6 = "getAddress6For";
}
.${gatus.client.network};
}
// protocolOverrides.${gatus.protocol} or {};
url = access.proxyUrlFor urlConf + optionalString (gatus.http.path != "/") gatus.http.path;
conf = {
enabled = mkIf (gatus.protocol == "starttls") (mkAlmostOptionDefault false);
@ -55,41 +71,54 @@
url = mkOptionDefault url;
client.network = mkAlmostOptionDefault gatus.client.network;
};
in nameValuePair name (_: {
imports = [ alertingConfig ]
++ optional port.status.alert.enable alertingConfigAlerts
++ optional (gatus.protocol == "http" || gatus.protocol == "https") alertingConfigHttp;
in
nameValuePair name (_: {
imports =
[alertingConfig]
++ optional port.status.alert.enable alertingConfigAlerts
++ optional (gatus.protocol == "http" || gatus.protocol == "https") alertingConfigHttp;
config = mkMerge [
(unmerged.mergeAttrs gatus.settings)
conf
];
});
config = mkMerge [
(unmerged.mergeAttrs gatus.settings)
conf
];
});
mkServiceEndpoint = system: service: let
statusPorts = map /*lib.attrsets.getAttr*/(portName: service.ports.${portName}) service.status.ports;
statusPorts =
map
(portName: service.ports.${portName})
service.status.ports;
gatusPorts = filter (port: port.status.gatus.enable) statusPorts;
unique = length gatusPorts == 1;
in map (port: mkPortEndpoint {
inherit system service port unique;
}) gatusPorts;
in
map (port:
mkPortEndpoint {
inherit system service port unique;
})
gatusPorts;
mkSystemEndpoint = system: let
inherit (system.config.exports) status;
network = "lan";
getAddressFor = if system.config.network.networks.local.address4 or null != null then "getAddress4For" else "getAddressFor";
getAddressFor =
if system.config.network.networks.local.address4 or null != null
then "getAddress4For"
else "getAddressFor";
addr = access.${getAddressFor} system.config.name network;
addrIs6 = hasInfix ":" addr;
in nameValuePair "ping-${system.config.name}" (_: {
imports = [ alertingConfig ]
++ optional status.alert.enable alertingConfigAlerts;
config = {
name = mkAlmostOptionDefault system.config.name;
# XXX: it can't seem to ping ipv6 for some reason..? :<
enabled = mkIf addrIs6 (mkAlmostOptionDefault false);
client.network = mkIf addrIs6 (mkAlmostOptionDefault "ip6");
group = mkAlmostOptionDefault (groups.forSystem system);
url = mkOptionDefault "icmp://${mkAddress6 addr}";
};
});
in
nameValuePair "ping-${system.config.name}" (_: {
imports =
[alertingConfig]
++ optional status.alert.enable alertingConfigAlerts;
config = {
name = mkAlmostOptionDefault system.config.name;
# XXX: it can't seem to ping ipv6 for some reason..? :<
enabled = mkIf addrIs6 (mkAlmostOptionDefault false);
client.network = mkIf addrIs6 (mkAlmostOptionDefault "ip6");
group = mkAlmostOptionDefault (groups.forSystem system);
url = mkOptionDefault "icmp://${mkAddress6 addr}";
};
});
alertingConfigAlerts = {
alerts = [
{
@ -105,7 +134,7 @@
# Common interval for refreshing all basic HTTP endpoints
interval = mkAlmostOptionDefault "30s";
};
alertingConfig = { config, ... }: let
alertingConfig = {config, ...}: let
isLan = match ''.*(::|10\.|127\.|\.(local|int|tail)\.).*'' config.url != null;
isDns = hasPrefix "dns://" config.url || config.dns.query-name or null != null;
in {
@ -131,7 +160,9 @@
systems = "Systems";
forSystem = system: let
node = systems.${system.config.proxmox.node.name}.config;
in if system.config.proxmox.enabled then "${groups.systems}/${node.name}"
in
if system.config.proxmox.enabled
then "${groups.systems}/${node.name}"
else groups.systems;
};
in {

50
nixos/monitoring/grafana-alerting.nix
View file

@ -1,26 +1,26 @@
{ config, ... }: {
sops.secrets.grafana_discord_webhook_url = {
sopsFile = ../secrets/grafana.yaml;
owner = "grafana";
};
services.grafana.provision.alerting.contactPoints.settings = {
apiVersion = 1;
contactPoints = [
{
orgId = 1;
name = "Discord";
receivers = [
{
uid = "discord_alerting";
type = "discord";
disableResolveMessage = false;
settings = {
url = "$__file{${config.sops.secrets.grafana_discord_webhook_url.path}}";
#avatar_url = "";
};
}
];
}
{config, ...}: {
sops.secrets.grafana_discord_webhook_url = {
sopsFile = ../secrets/grafana.yaml;
owner = "grafana";
};
services.grafana.provision.alerting.contactPoints.settings = {
apiVersion = 1;
contactPoints = [
{
orgId = 1;
name = "Discord";
receivers = [
{
uid = "discord_alerting";
type = "discord";
disableResolveMessage = false;
settings = {
url = "$__file{${config.sops.secrets.grafana_discord_webhook_url.path}}";
#avatar_url = "";
};
}
];
};
}
}
];
};
}