saga: monitoring server

This commit is contained in:
Erwin Boskma 2024-02-28 22:49:27 +01:00
parent 1ef59b6364
commit 5f866a8b98
Signed by: erwin
SSH key fingerprint: SHA256:/Wk1WZdLg+vQHs3in9qq7PsIp8SMzwGSk/RLZ5zPuZk
5 changed files with 154 additions and 12 deletions

View file

@ -4,7 +4,7 @@ inputs: {
# deploy = { # deploy = {
# # host = "10.0.0.202"; # # host = "10.0.0.202";
# host = "ci.barn-beaver.ts.net"; # host = "ci.barn-beaver.ts.net";
# sshUser = "erwin"; # targetUser = "erwin";
# buildOn = "local"; # buildOn = "local";
# substituteOnTarget = true; # substituteOnTarget = true;
# tags = [ "container" ]; # tags = [ "container" ];
@ -15,7 +15,7 @@ inputs: {
deploy = { deploy = {
# host = "10.0.0.205"; # host = "10.0.0.205";
host = "frigate.barn-beaver.ts.net"; host = "frigate.barn-beaver.ts.net";
sshUser = "erwin"; targetUser = "erwin";
buildOn = "local"; buildOn = "local";
substituteOnTarget = true; substituteOnTarget = true;
tags = [ "container" ]; tags = [ "container" ];
@ -26,7 +26,7 @@ inputs: {
deploy = { deploy = {
# host = "10.0.0.203"; # host = "10.0.0.203";
host = "gitea.barn-beaver.ts.net"; host = "gitea.barn-beaver.ts.net";
sshUser = "erwin"; targetUser = "erwin";
buildOn = "local"; buildOn = "local";
substituteOnTarget = true; substituteOnTarget = true;
tags = [ "container" ]; tags = [ "container" ];
@ -37,7 +37,7 @@ inputs: {
deploy = { deploy = {
# host = "10.0.0.210"; # host = "10.0.0.210";
host = "gitea-runner.barn-beaver.ts.net"; host = "gitea-runner.barn-beaver.ts.net";
sshUser = "erwin"; targetUser = "erwin";
buildOn = "local"; buildOn = "local";
substituteOnTarget = true; substituteOnTarget = true;
tags = [ "container" ]; tags = [ "container" ];
@ -48,7 +48,7 @@ inputs: {
deploy = { deploy = {
# host = "heimdall.datarift.nl"; # host = "heimdall.datarift.nl";
host = "heimdall.barn-beaver.ts.net"; host = "heimdall.barn-beaver.ts.net";
sshUser = "erwin"; targetUser = "erwin";
buildOn = "local"; buildOn = "local";
substituteOnTarget = true; substituteOnTarget = true;
tags = [ "metal" ]; tags = [ "metal" ];
@ -59,7 +59,7 @@ inputs: {
deploy = { deploy = {
# host = "10.0.0.167"; # host = "10.0.0.167";
host = "10.0.0.208"; host = "10.0.0.208";
sshUser = "erwin"; targetUser = "erwin";
buildOn = "local"; buildOn = "local";
substituteOnTarget = true; substituteOnTarget = true;
tags = [ "container" ]; tags = [ "container" ];
@ -76,7 +76,7 @@ inputs: {
deploy = { deploy = {
# host = "10.0.0.204"; # host = "10.0.0.204";
host = "minio.barn-beaver.ts.net"; host = "minio.barn-beaver.ts.net";
sshUser = "erwin"; targetUser = "erwin";
buildOn = "local"; buildOn = "local";
substituteOnTarget = true; substituteOnTarget = true;
tags = [ "container" ]; tags = [ "container" ];
@ -106,7 +106,7 @@ inputs: {
deploy = { deploy = {
# host = "10.0.0.251"; # host = "10.0.0.251";
host = "proxy.barn-beaver.ts.net"; host = "proxy.barn-beaver.ts.net";
sshUser = "erwin"; targetUser = "erwin";
buildOn = "local"; buildOn = "local";
substituteOnTarget = true; substituteOnTarget = true;
tags = [ "container" ]; tags = [ "container" ];
@ -116,12 +116,21 @@ inputs: {
system = "aarch64-linux"; system = "aarch64-linux";
config = import ./regin/configuration.nix inputs; config = import ./regin/configuration.nix inputs;
}; };
saga = {
config = import ./saga/configuration.nix inputs;
deploy = {
# host = "10.0.0.212";
host = "saga.barn-beaver.ts.net";
targetUser = "erwin";
tags = [ "container" ];
};
};
# thor = { # thor = {
# system = "aarch64-linux"; # system = "aarch64-linux";
# config = import ./thor/configuration.nix inputs; # config = import ./thor/configuration.nix inputs;
# # deploy = { # # deploy = {
# # host = "10.0.0.198"; # # host = "10.0.0.198";
# # sshUser = "erwin"; # # targetUser = "erwin";
# # buildOn = "local"; # # buildOn = "local";
# # substituteOnTarget = true; # # substituteOnTarget = true;
# # }; # # };
@ -131,7 +140,7 @@ inputs: {
deploy = { deploy = {
# host = "10.0.0.207"; # host = "10.0.0.207";
host = "unifi.barn-beaver.ts.net"; host = "unifi.barn-beaver.ts.net";
sshUser = "erwin"; targetUser = "erwin";
buildOn = "local"; buildOn = "local";
substituteOnTarget = true; substituteOnTarget = true;
tags = [ "container" ]; tags = [ "container" ];
@ -142,7 +151,7 @@ inputs: {
deploy = { deploy = {
# host = "10.0.0.206"; # host = "10.0.0.206";
host = "valkyrie.barn-beaver.ts.net"; host = "valkyrie.barn-beaver.ts.net";
sshUser = "erwin"; targetUser = "erwin";
buildOn = "local"; buildOn = "local";
substituteOnTarget = true; substituteOnTarget = true;
tags = [ "container" ]; tags = [ "container" ];

View file

@ -0,0 +1,80 @@
{ self, ... }:
{ modulesPath, lib, ... }:
{
imports = [
(modulesPath + "/virtualisation/lxc-container.nix")
../../users/root
../../users/erwin
./grafana
./prometheus
];
eboskma = {
users.erwin = {
enable = true;
server = true;
};
nix-common = {
enable = true;
remote-builders = true;
};
tailscale.enable = true;
};
boot = {
isContainer = true;
};
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = lib.mkIf (self ? rev) self.rev;
networking = {
hostName = "saga";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
nftables.enable = true;
firewall.trustedInterfaces = [ "tailscale0" ];
};
systemd.network = {
enable = true;
wait-online.anyInterface = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
networkConfig = {
Address = "10.0.0.212/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
};
};
};
};
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
# sops.defaultSopsFile = ./secrets.yaml;
# sops.secrets = {
# };
system.stateVersion = "24.05";
}

View file

@ -0,0 +1,13 @@
{
services.grafana = {
enable = true;
settings = {
server = {
domain = "saga.datarift.nl";
enforce_domain = true;
http_addr = "0.0.0.0";
root_url = "https://saga.datarift.nl";
};
};
};
}

View file

@ -0,0 +1,37 @@
{ config, ... }:
{
services.prometheus = {
enable = true;
scrapeConfigs = [
{
job_name = "saga";
static_configs = [
{
targets = [
"saga:${toString config.services.prometheus.exporters.node.port}" # node
];
}
];
}
{
job_name = "valkyrie";
static_configs = [
{
targets = [
"valkyrie:${toString config.services.prometheus.exporters.node.port}" # node
"valkyrie:${toString config.services.prometheus.exporters.unbound.port}" # unbound
];
}
];
}
];
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
};
};
};
}

View file

@ -14,6 +14,7 @@ let
tls { tls {
dns cloudflare {env.CF_API_TOKEN} dns cloudflare {env.CF_API_TOKEN}
propagation_timeout -1
} }
''; '';
}; };
@ -32,6 +33,7 @@ let
tls { tls {
dns cloudflare {env.CF_API_TOKEN} dns cloudflare {env.CF_API_TOKEN}
propagation_timeout -1
} }
''; '';
}; };
@ -49,7 +51,7 @@ in
email = "erwin@datarift.nl"; email = "erwin@datarift.nl";
# acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
virtualHosts = { virtualHosts = {
"home.datarift.nl" = mkProxyHost "homeassistant.barn-beaver.ts.net:8123"; "home.datarift.nl" = mkProxyHost "homeassistant.barn-beaver.ts.net:8123";
@ -58,6 +60,7 @@ in
"git.datarift.nl" = mkProxyHost "gitea.barn-beaver.ts.net:3000"; "git.datarift.nl" = mkProxyHost "gitea.barn-beaver.ts.net:3000";
"minio.datarift.nl" = mkProxyHost "minio.barn-beaver.ts.net:9000"; "minio.datarift.nl" = mkProxyHost "minio.barn-beaver.ts.net:9000";
"minio-admin.datarift.nl" = mkLocalProxyHost "minio.barn-beaver.ts.net:9001"; "minio-admin.datarift.nl" = mkLocalProxyHost "minio.barn-beaver.ts.net:9001";
"saga.datarift.nl" = mkLocalProxyHost "saga.barn-beaver.ts.net:3000";
"unifi.datarift.nl" = mkLocalProxyHost "unifi.barn-beaver.ts.net:8443"; "unifi.datarift.nl" = mkLocalProxyHost "unifi.barn-beaver.ts.net:8443";
}; };
}; };