diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..e3207ea --- /dev/null +++ b/.editorconfig @@ -0,0 +1,5 @@ +root = true + +[*] +indent_style = space +indent_size = 2 \ No newline at end of file diff --git a/hosts/server/webapps/default.nix b/hosts/server/webapps/default.nix index 26b43b7..efc387b 100755 --- a/hosts/server/webapps/default.nix +++ b/hosts/server/webapps/default.nix @@ -12,6 +12,12 @@ in { port = 3000; }; + metrics = { + enable = true; + domain = "metrics.reidlab.online"; + port = 2342; + } + # you should probably keep this on # configures acme, gzip, optimization, proxy, and ssl config # opens ports and adds some Headers @@ -51,7 +57,7 @@ in { location @main { content_by_lua ' require("main").handle_request() - '; + '; } ''; }; diff --git a/modules/security.nix b/modules/security.nix index a00b377..7f56006 100755 --- a/modules/security.nix +++ b/modules/security.nix @@ -36,7 +36,6 @@ in { security = { protectKernelImage = true; - polkit.enable = true; rtkit.enable = true; }; } // (mkIf cfg.useDoas { diff --git a/modules/services/loki.yml b/modules/services/loki.yml new file mode 100644 index 0000000..6c47d51 --- /dev/null +++ b/modules/services/loki.yml @@ -0,0 +1,55 @@ +auth_enabled: false + +server: + http_listen_port: 3100 + +ingester: + lifecycler: + address: 0.0.0.0 + ring: + kvstore: + store: inmemory + replication_factor: 1 + final_sleep: 0s + chunk_idle_period: 1h # Any chunk not receiving new logs in this time will be flushed + max_chunk_age: 1h # All chunks will be flushed when they hit this age, default is 1h + chunk_target_size: 1048576 # Loki will attempt to build chunks up to 1.5MB, flushing first if chunk_idle_period or max_chunk_age is reached first + chunk_retain_period: 30s # Must be greater than index read cache TTL if using an index cache (Default index read cache TTL is 5m) + max_transfer_retries: 0 # Chunk transfers disabled + +schema_config: + configs: + - from: 2023-12-08 + store: boltdb-shipper + object_store: filesystem + schema: v11 + index: + prefix: index_ + period: 24h + +storage_config: + boltdb_shipper: + active_index_directory: /var/lib/loki/boltdb-shipper-active + cache_location: /var/lib/loki/boltdb-shipper-cache + cache_ttl: 24h # Can be increased for faster performance over longer query periods, uses more disk space + shared_store: filesystem + filesystem: + directory: /var/lib/loki/chunks + +limits_config: + reject_old_samples: true + reject_old_samples_max_age: 168h + +chunk_store_config: + max_look_back_period: 0s + +table_manager: + retention_deletes_enabled: false + retention_period: 0s + +compactor: + working_directory: /var/lib/loki + shared_store: filesystem + compactor_ring: + kvstore: + store: inmemory \ No newline at end of file diff --git a/modules/services/metrics.nix b/modules/services/metrics.nix new file mode 100644 index 0000000..270f71c --- /dev/null +++ b/modules/services/metrics.nix @@ -0,0 +1,98 @@ +{ config, lib, pkgs, options, ... }: + +with lib; +let + cfg = config.modules.services.metrics; +in { + options.modules.services.metrics = { + enable = mkOption { + type = types.bool; + default = false; + }; + domain = mkOption { + type = types.str; + default = "grafana.reidlab.online"; + }; + port = mkOption { + type = types.int; + default = 2342; + }; + }; + + config = mkIf cfg.enable { + systemd.services.promtail = { + description = "promtail, an agent for loki"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = '' + ${pkgs.grafana-loki}/bin/promtail --config.file ${./promtail.yml} + ''; + }; + }; + services = { + grafana = { + enable = true; + + settings = { + server = { + domain = cfg.domain; + http_port = cfg.port; + http_addr = "127.0.0.1"; + }; + }; + }; + + prometheus = let + ports = { + base = 9001; + node = 9002; + nginx = 9003; + }; + in { + enable = true; + port = ports.base; + + exporters = { + node = { + enable = true; + enabledCollectors = [ "systemd" ]; + port = ports.node; + }; + nginx = { + enable = true; + port = ports.nginx; + }; + }; + + scrapeConfigs = [ + { + job_name = "nixos-server-reid"; + static_configs = [{ + targets = [ + "127.0.0.1:${toString ports.node}" + "127.0.0.1:${toString ports.nginx}" + ]; + }]; + } + ]; + }; + + loki = { + enable = true; + configFile = ./loki.yml; + }; + + nginx.statusPage = true; + + nginx.virtualHosts."${cfg.domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + proxyWebsockets = true; + }; + }; + }; + }; +} diff --git a/modules/services/postgres.nix b/modules/services/postgres.nix index 2038cee..abde301 100755 --- a/modules/services/postgres.nix +++ b/modules/services/postgres.nix @@ -14,8 +14,7 @@ in { config = mkIf cfg.enable { services.postgresql = { enable = true; - # this is set to v14 because im too lazy to migrate data directories - # plz change + package = pkgs.postgresql_14; }; }; diff --git a/modules/services/promtail.yml b/modules/services/promtail.yml new file mode 100644 index 0000000..1085e65 --- /dev/null +++ b/modules/services/promtail.yml @@ -0,0 +1,20 @@ +server: + http_listen_port: 28183 + grpc_listen_port: 0 + +positions: + filename: /tmp/positions.yaml + +clients: + - url: http://127.0.0.1:3100/loki/api/v1/push + +scrape_configs: + - job_name: journal + journal: + max_age: 12h + labels: + job: systemd-journal + host: nixos-server-reid + relabel_configs: + - source_labels: ["__journal__systemd_unit"] + target_label: "unit" \ No newline at end of file