+13

nix/modules/extensions/monitoring/alloy.env.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> ssh-ed25519 1Q/fmg tG5EaBxZhX7rLwXaeICjKhYlSnutbIa7OOhak6kwPHY 3 3 + OxYf7XCVYKf0UMVrryxZGHlSh24LsdXrjCjE/5O/6/k 4 4 + -> ssh-ed25519 KGcorg N76gB4IWkuR1nMAcMAA2yt/WnitJsCCJZCbKwGP7Pzo 5 5 + KeylsEHCoPVj4O2q7ZMsYz90UpLsUED8/tNShLFhoQo 6 6 + -> ssh-ed25519 Zu6W7Q t5JQxEmHJ9o6DdidG2PO3fMosyViqLul0eQgQUC7gmo 7 7 + s5XE5XBD756lWz9bI3QbV50z/rOYr/tUrOdqOoD0rxw 8 8 + -> ssh-ed25519 ywGURw hzB+83uFILTQCKY+NGU1qKXWe5lhH/gjLHp5PHJ1iRk 9 9 + RyKW9XvexD2dLTeVZ72cuQokyDuSV5oikyeoIC3+2o4 10 10 + -> ssh-ed25519 HEOV7w sKJm1+muTLahi91l7LFvvq/NzkHT5v+gpQpSoPR76R8 11 11 + ae8flidFkzkblYzTaR0CZlqzeG5mFUAiOpu3ix/2wH8 12 12 + --- T4BDmaoTMR6QGEZrfYodBG3PENwpt7Q2VdTbXmwA/sM 13 13 + �������t�������G���w޳�]��o����h���R���൐��j���ox6���&� �z/��ni�.��T!R�؟j�`2EDa�����bڞA[�~O,ö.�����ɱ!a�ܐ��ܸ��D�����O�Ӯ��%�FRM�?��%*��}V}�nUq}��g釰�B'��$0t��i��i�J-���B��T~֕��IOL�n�d�P0D}���ήS����&�ܺ�KhA1>��ʭG[M�F��
����

+37

nix/modules/extensions/monitoring/alloy.nix

reviewed

··· 1 1 + { 2 2 + flake.modules.nixos."ext-monitoring" = {config, ...}: { 3 3 + age.secrets."alloy.env".file = ./alloy.env.age; 4 4 + 5 5 + services.alloy = { 6 6 + enable = true; 7 7 + environmentFile = config.age.secrets."alloy.env".path; 8 8 + }; 9 9 + 10 10 + systemd.services."alloy".environment.HOSTNAME = config.networking.hostName; 11 11 + 12 12 + environment.etc."alloy/remotes.alloy".text = '' 13 13 + prometheus.remote_write "default" { 14 14 + endpoint { 15 15 + name = "grafana-cloud" 16 16 + url = "https://prometheus-prod-65-prod-eu-west-2.grafana.net/api/prom/push" 17 17 + 18 18 + basic_auth { 19 19 + username = sys.env("GCLOUD_MIMIR_USERNAME") 20 20 + password = sys.env("GCLOUD_RW_TOKEN") 21 21 + } 22 22 + } 23 23 + } 24 24 + 25 25 + loki.write "default" { 26 26 + endpoint { 27 27 + url = "https://logs-prod-012.grafana.net/loki/api/v1/push" 28 28 + 29 29 + basic_auth { 30 30 + username = sys.env("GCLOUD_LOKI_USERNAME") 31 31 + password = sys.env("GCLOUD_RW_TOKEN") 32 32 + } 33 33 + } 34 34 + } 35 35 + ''; 36 36 + }; 37 37 + }

+53

nix/modules/extensions/monitoring/discovery.nix

reviewed

··· 1 1 + { 2 2 + flake.modules.nixos."ext-monitoring" = { 3 3 + config, 4 4 + lib, 5 5 + pkgs, 6 6 + ... 7 7 + }: let 8 8 + cfg = config.services.alloy.scrape; 9 9 + jsonFormat = pkgs.formats.json {}; 10 10 + scrapeModule = lib.types.submodule { 11 11 + freeformType = jsonFormat.type; 12 12 + options = { 13 13 + targets = lib.mkOption { 14 14 + type = lib.types.listOf lib.types.str; 15 15 + default = []; 16 16 + }; 17 17 + labels = lib.mkOption { 18 18 + type = lib.types.attrsOf lib.types.str; 19 19 + default = {}; 20 20 + }; 21 21 + }; 22 22 + }; 23 23 + in { 24 24 + options.services.alloy.scrape = lib.mkOption { 25 25 + type = lib.types.listOf scrapeModule; 26 26 + default = []; 27 27 + }; 28 28 + 29 29 + config = lib.mkIf (cfg != []) { 30 30 + environment.etc."alloy/discovery.alloy".text = '' 31 31 + discovery.file "default" { 32 32 + files = ["/etc/alloy/discovery.json"] 33 33 + } 34 34 + 35 35 + prometheus.scrape "default" { 36 36 + targets = discovery.file.default.targets 37 37 + scrape_interval = "15s" 38 38 + 39 39 + forward_to = [prometheus.relabel.default.receiver] 40 40 + } 41 41 + 42 42 + prometheus.relabel "default" { 43 43 + rule { 44 44 + target_label = "node" 45 45 + replacement = sys.env("HOSTNAME") 46 46 + } 47 47 + forward_to = [prometheus.remote_write.default.receiver] 48 48 + } 49 49 + ''; 50 50 + environment.etc."alloy/discovery.json".source = jsonFormat.generate "alloy-discovery.json" cfg; 51 51 + }; 52 52 + }; 53 53 + }

+11

nix/modules/extensions/monitoring/node-exporter.nix

reviewed

··· 1 1 + { 2 2 + flake.modules.nixos."ext-monitoring" = {config, ...}: { 3 3 + services.prometheus.exporters.node.enable = true; 4 4 + 5 5 + services.alloy.scrape = [ 6 6 + { 7 7 + targets = with config.services.prometheus.exporters.node; ["${listenAddress}:${toString port}"]; 8 8 + } 9 9 + ]; 10 10 + }; 11 11 + }

+1

nixosConfigurations/universe/configuration.nix

reviewed

··· 22 22 23 23 fpConfig.flake.modules.nixos.netcup-vps 24 24 fpConfig.flake.modules.nixos.machine-universe 25 25 + fpConfig.flake.modules.nixos.ext-monitoring 25 26 26 27 inputs.srvos.nixosModules.server 27 28 inputs.srvos.nixosModules.mixins-systemd-boot

+1

secrets.nix

reviewed

··· 27 27 "nix/modules/machines/galileo/wifi/Beehive.psk.age".publicKeys = galileo ++ scrumplex; 28 28 "nix/modules/machines/galileo/wireguard/wg-scrumplex.key.age".publicKeys = galileo ++ scrumplex; 29 29 "nix/modules/machines/universe/pocket-id/encryption-key.age".publicKeys = universe ++ scrumplex; 30 30 + "nix/modules/extensions/monitoring/alloy.env.age".publicKeys = universe ++ eclipse ++ galileo ++ scrumplex; 30 31 31 32 "nixosConfigurations/eclipse/hetzner-api-token.env.age".publicKeys = scrumplex ++ eclipse; 32 33 "nixosConfigurations/eclipse/media/sabnzbd-secrets.ini.age".publicKeys = scrumplex ++ eclipse;