[overwatch] temporary disable scraping durruti,nextcloud

machines/configuration.nix

@@ -179,6 +179,15 @@ in
     ];
   };
 
+  overwatch = nixosSystem {
+    system = "x86_64-linux";
+    specialArgs.inputs = inputs;
+    specialArgs.self = self;
+    modules = makeMicroVM "overwatch" "10.0.0.14" "D0:E5:CA:F0:D7:E0" [
+      ./overwatch/configuration.nix
+    ];
+  };
+
   testvm = nixosSystem {
     system = "x86_64-linux";
     specialArgs.inputs = inputs;

machines/durruti/configuration.nix

@@ -6,7 +6,6 @@ with lib;
   networking = {
     hostName = mkDefault "durruti";
     useDHCP = false;
-    nameservers = [ "1.1.1.1" ];
   };
 
   networking.firewall.allowedTCPPorts = [ 8080 ];

machines/infradocs/configuration.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, inputs, ... }:
+{ self, config, lib, pkgs, inputs, ... }:
 
 with lib;
 
@@ -6,15 +6,22 @@ with lib;
   networking = {
     hostName = mkDefault "infradocs";
     useDHCP = false;
-    nameservers = [ "1.1.1.1" ];
   };
 
   imports = [
+    self.nixosModules.malobeo.metrics
     ../durruti/documentation.nix
     ../modules/malobeo_user.nix
     ../modules/sshd.nix
   ];
 
+  malobeo.metrics = {
+    enable = true;
+    enablePromtail = true;
+    logNginx = true;
+    lokiHost = "10.0.0.14";
+  };
+
   system.stateVersion = "22.11"; # Did you read the comment?
 }
 

machines/modules/malobeo/metrics.nix

@@ -0,0 +1,56 @@
+{ config, lib, pkgs, ... }:
+let 
+  cfg = config.malobeo.metrics;
+in
+{
+  options.malobeo.metrics = {
+    enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Enable sharing metrics";
+    };
+    enablePromtail = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Enable sharing logs";
+    };
+    logNginx = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Share nginx logs";
+    };
+    lokiHost = lib.mkOption {
+      type = lib.types.str;
+      default = "10.0.0.14";
+      description = "Address of loki host";
+    };
+  };
+  
+  config = lib.mkIf (cfg.enable) {
+
+    networking.firewall.allowedTCPPorts = [ 9002 ];
+
+    services.prometheus = {
+      exporters = {
+        node = {
+          enable = true;
+          enabledCollectors = [ "systemd" "processes" ];
+          port = 9002;
+        };
+      };
+    };
+
+    services.promtail = {
+      enable = cfg.enablePromtail;
+      configFile = import ./promtail_config.nix { 
+        lokiAddress = cfg.lokiHost;
+        logNginx = cfg.logNginx;
+        config = config;
+        pkgs = pkgs;
+      };
+    };
+
+    users.users.promtail.extraGroups = [ "systemd-journal" ] ++ (lib.optionals cfg.logNginx [ "nginx" ]) ;
+
+  };
+}

machines/modules/malobeo/promtail_config.nix

@@ -0,0 +1,49 @@
+{ logNginx, lokiAddress, config, pkgs, ... }:
+
+let
+  basecfg = ''
+    server:
+      http_listen_port: 9080
+      grpc_listen_port: 0
+    
+    positions:
+      filename: /tmp/positions.yaml
+    
+    clients:
+      - url: http://${lokiAddress}:3100/loki/api/v1/push
+  '';
+
+  withNginx = ''
+    scrape_configs:
+      - job_name: journal
+        journal:
+          max_age: 12h
+          labels:
+            job: systemd-journal
+            host: ${config.networking.hostName}
+        relabel_configs:
+          - source_labels: ["__journal__systemd_unit"]
+            target_label: "unit"
+      - job_name: nginx
+        static_configs:
+        - targets:
+            - localhost
+          labels:
+            job: nginx
+            __path__: /var/log/nginx/*log
+  '';
+
+  withoutNginx = ''
+    scrape_configs:
+      - job_name: journal
+        journal:
+          max_age: 12h
+          labels:
+            job: systemd-journal
+            host: ${config.networking.hostName}
+        relabel_configs:
+          - source_labels: ["__journal__systemd_unit"]
+            target_label: "unit"
+  '';
+in
+pkgs.writeText "promtailcfg.yaml" (if logNginx then ''${basecfg}${withNginx}'' else ''${basecfg}${withoutNginx}'')

machines/overwatch/configuration.nix

@@ -0,0 +1,123 @@
+{ config, self, lib, pkgs, inputs, ... }:
+
+with lib;
+
+{
+  networking = {
+    hostName = mkDefault "overwatch";
+    useDHCP = false;
+  };
+
+  imports = [
+    self.nixosModules.malobeo.metrics
+    ../modules/malobeo_user.nix
+    ../modules/sshd.nix
+  ];
+
+  networking.firewall.allowedTCPPorts = [ 80 3100 ];
+
+  malobeo.metrics = {
+    enable = true;
+    enablePromtail = true;
+    logNginx = false;
+    lokiHost = "10.0.0.14";
+  };
+
+  services.grafana = {
+    enable = true;
+    domain = "grafana.malobeo.org";
+    port = 2342;
+    addr = "127.0.0.1";
+
+    provision.datasources.settings = {
+      apiVersion = 1;
+
+      datasources = [
+        {
+          name = "loki";
+          type = "loki";
+          access = "proxy";
+          uid = "eeakiack8nqwwc";
+          url = "http://localhost:3100";
+          editable = false;
+        }
+        {
+          name = "prometheus";
+          type = "prometheus";
+          access = "proxy";
+          uid = "feakib1gq7ugwc";
+          url = "http://localhost:9001";
+          editable = false;
+
+        }
+      ];
+    };
+
+    provision.dashboards.settings = {
+      apiVersion = 1;
+      providers = [{
+        name = "default";
+        options.path = ./dashboards;
+      }];
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts.${config.services.grafana.domain} = {
+      locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
+          proxyWebsockets = true;
+
+      extraConfig = ''
+        proxy_set_header Host $host;
+      '';
+    };
+      };
+  };
+
+  services.prometheus = {
+    enable = true;
+    port = 9001;
+
+    scrapeConfigs = [
+      {
+        job_name = "overwatch";
+        static_configs = [{
+          targets = [ "127.0.0.1:9002" ];
+        }];
+      }
+      #{
+      #  job_name = "durruti";
+      #  static_configs = [{
+      #    targets = [ "10.0.0.5:9002" ];
+      #  }];
+      #}
+      {
+        job_name = "infradocs";
+        static_configs = [{
+          targets = [ "10.0.0.11:9002" ];
+        }];
+      }
+      #{
+      #  job_name = "nextcloud";
+      #  static_configs = [{
+      #    targets = [ "10.0.0.13:9002" ];
+      #  }];
+      #}
+      # add vpn - check how to reach it first. most probably 10.100.0.1
+    ];
+  };
+
+  services.loki = {
+    enable = true;
+    configFile = ./loki.yaml;
+  };
+
+  users.users.promtail.extraGroups = [ "nginx" "systemd-journal" ];
+
+
+
+  system.stateVersion = "22.11"; # Did you read the comment?
+}
+

machines/overwatch/loki.yaml

@@ -0,0 +1,60 @@
+auth_enabled: false
+
+server:
+  http_listen_port: 3100
+  grpc_listen_port: 9096
+  log_level: debug
+  grpc_server_max_concurrent_streams: 1000
+
+common:
+  instance_addr: 127.0.0.1
+  path_prefix: /tmp/loki
+  storage:
+    filesystem:
+      chunks_directory: /tmp/loki/chunks
+      rules_directory: /tmp/loki/rules
+  replication_factor: 1
+  ring:
+    kvstore:
+      store: inmemory
+
+query_range:
+  results_cache:
+    cache:
+      embedded_cache:
+        enabled: true
+        max_size_mb: 100
+
+schema_config:
+  configs:
+    - from: 2020-10-24
+      store: tsdb
+      object_store: filesystem
+      schema: v13
+      index:
+        prefix: index_
+        period: 24h
+
+pattern_ingester:
+  enabled: true
+  metric_aggregation:
+    loki_address: localhost:3100
+
+ruler:
+  alertmanager_url: http://localhost:9093
+
+frontend:
+  encoding: protobuf
+
+# By default, Loki will send anonymous, but uniquely-identifiable usage and configuration
+# analytics to Grafana Labs. These statistics are sent to https://stats.grafana.org/
+#
+# Statistics help us better understand how Loki is used, and they show us performance
+# levels for most users. This helps us prioritize features and documentation.
+# For more information on what's sent, look at
+# https://github.com/grafana/loki/blob/main/pkg/analytics/stats.go
+# Refer to the buildReport method to see what goes into a report.
+#
+# If you would like to disable reporting, uncomment the following lines:
+analytics:
+  reporting_enabled: false

machines/overwatch/promtail.yaml

@@ -0,0 +1,29 @@
+server:
+  http_listen_port: 9080
+  grpc_listen_port: 0
+
+positions:
+  filename: /tmp/positions.yaml
+
+clients:
+  - url: http://10.0.0.13:3100/loki/api/v1/push
+
+  
+scrape_configs:
+  - job_name: journal
+    journal:
+      max_age: 12h
+      labels:
+        job: systemd-journal
+        host: overwatch
+    relabel_configs:
+      - source_labels: ["__journal__systemd_unit"]
+        target_label: "unit"
+  - job_name: nginx
+    static_configs:
+    - targets:
+        - localhost
+      labels:
+        job: nginx
+        __path__: /var/log/nginx/*log
+

machines/uptimekuma/configuration.nix

@@ -6,7 +6,6 @@ with lib;
   networking = {
     hostName = mkDefault "uptimekuma";
     useDHCP = false;
-    nameservers = [ "1.1.1.1" ];
   };
 
   imports = [

outputs.nix

@@ -240,6 +240,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
       microvm.imports = [ ./machines/modules/malobeo/microvm_host.nix ];
       vpn.imports = [ ./machines/modules/malobeo/wireguard.nix ];
       initssh.imports = [ ./machines/modules/malobeo/initssh.nix ];
+      metrics.imports = [ ./machines/modules/malobeo/metrics.nix ];
       disko.imports = [ ./machines/modules/disko ];
     };