diff --git a/machines/configuration.nix b/machines/configuration.nix index 9bb9891..698499a 100644 --- a/machines/configuration.nix +++ b/machines/configuration.nix @@ -170,6 +170,16 @@ in ]; }; + overwatch = nixosSystem { + system = "x86_64-linux"; + specialArgs.inputs = inputs; + specialArgs.self = self; + modules = makeMicroVM "overwatch" "10.0.0.13" "D0:E5:CA:F0:D7:E9" [ + ./overwatch/configuration.nix + ]; + }; + + testvm = nixosSystem { system = "x86_64-linux"; specialArgs.inputs = inputs; diff --git a/machines/modules/malobeo/promtail_config.nix b/machines/modules/malobeo/promtail_config.nix new file mode 100644 index 0000000..0641ffe --- /dev/null +++ b/machines/modules/malobeo/promtail_config.nix @@ -0,0 +1,49 @@ +{ logNginx, lokiAddress, config, pkgs, ... }: + +let + basecfg = '' + server: + http_listen_port: 9080 + grpc_listen_port: 0 + + positions: + filename: /tmp/positions.yaml + + clients: + - url: http://${lokiAddress}:3100/loki/api/v1/push + ''; + + withNginx = '' + scrape_configs: + - job_name: journal + journal: + max_age: 12h + labels: + job: systemd-journal + host: ${config.networking.hostName} + relabel_configs: + - source_labels: ["__journal__systemd_unit"] + target_label: "unit" + - job_name: nginx + static_configs: + - targets: + - localhost + labels: + job: nginx + __path__: /var/log/nginx/*log + ''; + + withoutNginx = '' + scrape_configs: + - job_name: journal + journal: + max_age: 12h + labels: + job: systemd-journal + host: ${config.networking.hostName} + relabel_configs: + - source_labels: ["__journal__systemd_unit"] + target_label: "unit" + ''; +in +pkgs.writeText "promtailcfg.yaml" (if logNginx then ''${basecfg}${withNginx}'' else ''${basecfg}${withoutNginx}'') diff --git a/machines/overwatch/configuration.nix b/machines/overwatch/configuration.nix new file mode 100644 index 0000000..71f8de6 --- /dev/null +++ b/machines/overwatch/configuration.nix @@ -0,0 +1,87 @@ +{ config, lib, pkgs, inputs, ... }: + +with lib; + +{ + networking = { + hostName = mkDefault "overwatch"; + useDHCP = false; + }; + + imports = [ + ../modules/malobeo_user.nix + ../modules/sshd.nix + ]; + + networking.firewall.allowedTCPPorts = [ 80 9080 9001 3100 ]; + + services.grafana = { + enable = true; + domain = "grafana.malobeo.org"; + port = 2342; + addr = "127.0.0.1"; + }; + + services.nginx = { + enable = true; + virtualHosts.${config.services.grafana.domain} = { + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}"; + proxyWebsockets = true; + + extraConfig = '' + proxy_set_header Host $host; + ''; + }; + }; + }; + + services.prometheus = { + enable = true; + port = 9001; + exporters = { + node = { + enable = true; + enabledCollectors = [ "systemd" "processes" ]; + port = 9002; + }; + }; + + scrapeConfigs = [ + { + job_name = "overwatch"; + static_configs = [{ + targets = [ "127.0.0.1:9002" ]; + }]; + } + { + job_name = "infradocs"; + static_configs = [{ + targets = [ "10.0.0.11:9002" ]; + }]; + } + ]; + }; + + services.loki = { + enable = true; + configFile = ./loki.yaml; + }; + + services.promtail = { + enable = true; + configFile = import ../modules/malobeo/promtail_config.nix { + lokiAddress = "10.0.0.13"; + logNginx = false; + config = config; + pkgs = pkgs; + }; + }; + + users.users.promtail.extraGroups = [ "nginx" "systemd-journal" ]; + + + + system.stateVersion = "22.11"; # Did you read the comment? +} + diff --git a/machines/overwatch/loki.yaml b/machines/overwatch/loki.yaml new file mode 100644 index 0000000..ae5eec1 --- /dev/null +++ b/machines/overwatch/loki.yaml @@ -0,0 +1,60 @@ +auth_enabled: false + +server: + http_listen_port: 3100 + grpc_listen_port: 9096 + log_level: debug + grpc_server_max_concurrent_streams: 1000 + +common: + instance_addr: 127.0.0.1 + path_prefix: /tmp/loki + storage: + filesystem: + chunks_directory: /tmp/loki/chunks + rules_directory: /tmp/loki/rules + replication_factor: 1 + ring: + kvstore: + store: inmemory + +query_range: + results_cache: + cache: + embedded_cache: + enabled: true + max_size_mb: 100 + +schema_config: + configs: + - from: 2020-10-24 + store: tsdb + object_store: filesystem + schema: v13 + index: + prefix: index_ + period: 24h + +pattern_ingester: + enabled: true + metric_aggregation: + loki_address: localhost:3100 + +ruler: + alertmanager_url: http://localhost:9093 + +frontend: + encoding: protobuf + +# By default, Loki will send anonymous, but uniquely-identifiable usage and configuration +# analytics to Grafana Labs. These statistics are sent to https://stats.grafana.org/ +# +# Statistics help us better understand how Loki is used, and they show us performance +# levels for most users. This helps us prioritize features and documentation. +# For more information on what's sent, look at +# https://github.com/grafana/loki/blob/main/pkg/analytics/stats.go +# Refer to the buildReport method to see what goes into a report. +# +# If you would like to disable reporting, uncomment the following lines: +analytics: + reporting_enabled: false diff --git a/machines/overwatch/promtail.yaml b/machines/overwatch/promtail.yaml new file mode 100644 index 0000000..8030572 --- /dev/null +++ b/machines/overwatch/promtail.yaml @@ -0,0 +1,29 @@ +server: + http_listen_port: 9080 + grpc_listen_port: 0 + +positions: + filename: /tmp/positions.yaml + +clients: + - url: http://10.0.0.13:3100/loki/api/v1/push + + +scrape_configs: + - job_name: journal + journal: + max_age: 12h + labels: + job: systemd-journal + host: overwatch + relabel_configs: + - source_labels: ["__journal__systemd_unit"] + target_label: "unit" + - job_name: nginx + static_configs: + - targets: + - localhost + labels: + job: nginx + __path__: /var/log/nginx/*log +