diff --git a/modules/services/default.nix b/modules/services/default.nix index 424e26f..a0f11fd 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -14,6 +14,7 @@ ./lohr.nix ./matrix.nix ./miniflux.nix + ./monitoring.nix ./nextcloud.nix ./nginx.nix ./pirate.nix diff --git a/modules/services/monitoring.nix b/modules/services/monitoring.nix new file mode 100644 index 0000000..8146eca --- /dev/null +++ b/modules/services/monitoring.nix @@ -0,0 +1,116 @@ +# Grafana dashboards for all the things! +{ config, lib, pkgs, ... }: +let + cfg = config.my.services.monitoring; + + domain = config.networking.domain; + grafanaDomain = "monitoring.${config.networking.domain}"; +in +{ + options.my.services.monitoring = with lib; { + enable = mkEnableOption "monitoring"; + + grafana = { + port = mkOption { + type = types.port; + default = 9500; + example = 3001; + description = "Internal port"; + }; + + username = mkOption { + type = types.str; + default = "ambroisie"; + example = "admin"; + description = "Admin username"; + }; + + passwordFile = mkOption { + type = types.str; + example = "/var/lib/grafana/password.txt"; + description = "Admin password stored in a file"; + }; + }; + + prometheus = { + port = mkOption { + type = types.port; + default = 9501; + example = 3002; + description = "Internal port"; + }; + }; + }; + + config = lib.mkIf cfg.enable { + services.grafana = { + enable = true; + domain = grafanaDomain; + port = cfg.grafana.port; + addr = "127.0.0.1"; # Proxied through Nginx + + security = { + adminUser = cfg.grafana.username; + adminPasswordFile = cfg.grafana.passwordFile; + }; + + provision = { + enable = true; + + datasources = [ + { + name = "Prometheus"; + type = "prometheus"; + url = "http://localhost:${toString cfg.prometheus.port}"; + } + ]; + + dashboards = [ + { + name = "Node Exporter"; + options.path = pkgs.nur.repos.alarsyo.grafana-dashboards.node-exporter; + disableDeletion = true; + } + ]; + }; + }; + + services.prometheus = { + enable = true; + port = cfg.prometheus.port; + listenAddress = "127.0.0.1"; + + retentionTime = "2y"; + + exporters = { + node = { + enable = true; + enabledCollectors = [ "systemd" ]; + port = 9100; + listenAddress = "127.0.0.1"; + }; + }; + + scrapeConfigs = [ + { + job_name = config.networking.hostName; + static_configs = [{ + targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + ]; + }; + + services.nginx = { + virtualHosts.${grafanaDomain} = { + forceSSL = true; + useACMEHost = domain; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.grafana.port}"; + proxyWebsockets = true; + }; + }; + }; + }; +}