From 7303d7c8e03baa05b39691fafe61b5cc38f51c81 Mon Sep 17 00:00:00 2001 From: batteredbunny Date: Sat, 30 Nov 2024 15:38:34 +0200 Subject: [PATCH] Add promethus --- caddy/default.nix | 55 ++++++++-------------------- games/minecraft/default.nix | 15 +++----- services/blocky.nix | 2 ++ services/coturn.nix | 6 ---- services/feishin.nix | 21 ++++------- services/forgejo.nix | 23 ++++-------- services/grafana.nix | 57 ++++++++++++++++++++++++++--- services/jellyfin.nix | 42 ++++++++-------------- services/mastodon.nix | 71 +++++++++++++++++-------------------- services/mautrix.nix | 21 ++++------- services/nextcloud.nix | 41 +++++++++------------ services/ntfy.nix | 37 ++++++++----------- services/pds.nix | 5 --- services/wakapi.nix | 21 ++++------- 14 files changed, 180 insertions(+), 237 deletions(-) diff --git a/caddy/default.nix b/caddy/default.nix index 05861c8..6e6ec6c 100644 --- a/caddy/default.nix +++ b/caddy/default.nix @@ -40,6 +40,20 @@ in plugins = [ "github.com/caddy-dns/cloudflare" ]; }); + globalConfig = '' + servers { + metrics + } + + admin 0.0.0.0:2019 + ''; + + logFormat = '' + output file ${config.services.caddy.logDir}/access.log { + mode 640 + } + ''; + virtualHosts = { "xn--tdaa.ee" = { extraConfig = '' @@ -54,11 +68,6 @@ in } ''; serverAliases = [ "ΓΌΓΌ.ee" ]; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; }; "kaya.ee" = { extraConfig = '' @@ -69,12 +78,6 @@ in respond owo ''; - - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; }; "lastfm.catnip.ee" = { @@ -86,11 +89,6 @@ in reverse_proxy :${toString config.services.lastfm-status.port} ''; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; }; "http://syncthing.internal".extraConfig = '' @@ -153,11 +151,6 @@ in hide .Trash-1000 } ''; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; }; "chat.catnip.ee".extraConfig = '' @@ -204,11 +197,6 @@ in reverse_proxy :${toString settings.ports.mautrix-telegram} } ''; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; }; "catnip.ee" = { @@ -234,11 +222,6 @@ in respond `{"m.server": "matrix.catnip.ee:443"}` } ''; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; }; "www.catnip.ee" = { extraConfig = '' @@ -249,11 +232,6 @@ in redir https://catnip.ee{uri} permanent ''; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; }; "confess.catnip.ee" = { @@ -265,11 +243,6 @@ in reverse_proxy :${toString config.services.confess-web.port} ''; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; }; ":80".extraConfig = '' diff --git a/games/minecraft/default.nix b/games/minecraft/default.nix index 7369ed5..28fa15a 100644 --- a/games/minecraft/default.nix +++ b/games/minecraft/default.nix @@ -7,17 +7,12 @@ nixpkgs.overlays = [ inputs.nix-minecraft.overlay ]; services = { - caddy.virtualHosts."drasl.snailcore.net" = { - extraConfig = '' + caddy.virtualHosts."drasl.snailcore.net".extraConfig = '' reverse_proxy http://${config.services.drasl.settings.ListenAddress} - ''; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; - }; - minecraft-servers = { # /srv/minecraft + ''; + + minecraft-servers = { + # /srv/minecraft enable = true; eula = true; diff --git a/services/blocky.nix b/services/blocky.nix index 673150e..e44ce79 100644 --- a/services/blocky.nix +++ b/services/blocky.nix @@ -40,6 +40,8 @@ "lidarr.internal" "syncthing.internal" "stats.internal" + "promtail.internal" + "prometheus.internal" ] "100.93.150.89"; }; conditional = diff --git a/services/coturn.nix b/services/coturn.nix index dbcf236..11c3205 100644 --- a/services/coturn.nix +++ b/services/coturn.nix @@ -17,12 +17,6 @@ in ''; useACMEHost = config.services.coturn.realm; - - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; }; coturn = rec { diff --git a/services/feishin.nix b/services/feishin.nix index e0fa6e2..c0b90fe 100644 --- a/services/feishin.nix +++ b/services/feishin.nix @@ -18,19 +18,12 @@ ]; }; - services.caddy.virtualHosts."player.catnip.ee" = { - extraConfig = '' - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - resolvers 1.1.1.1 - } + services.caddy.virtualHosts."player.catnip.ee".extraConfig = '' + tls { + dns cloudflare {env.CLOUDFLARE_API_TOKEN} + resolvers 1.1.1.1 + } - reverse_proxy :${toString settings.ports.feishin} - ''; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; - }; + reverse_proxy :${toString settings.ports.feishin} + ''; } diff --git a/services/forgejo.nix b/services/forgejo.nix index 54a4d78..4de2ded 100644 --- a/services/forgejo.nix +++ b/services/forgejo.nix @@ -54,23 +54,14 @@ }; }; - caddy.virtualHosts = { - "forge.catnip.ee" = { - extraConfig = '' - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - resolvers 1.1.1.1 - } + caddy.virtualHosts."forge.catnip.ee".extraConfig = '' + tls { + dns cloudflare {env.CLOUDFLARE_API_TOKEN} + resolvers 1.1.1.1 + } - reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT} - ''; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; - }; - }; + reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT} + ''; borgbackup.jobs."borgbase" = { paths = [ diff --git a/services/grafana.nix b/services/grafana.nix index 49ff98c..5b04e94 100644 --- a/services/grafana.nix +++ b/services/grafana.nix @@ -6,6 +6,12 @@ provision = { enable = true; datasources.settings.datasources = [ + { + name = "Prometheus"; + type = "prometheus"; + access = "proxy"; + url = "http://127.0.0.1:${toString config.services.prometheus.port}"; + } { name = "loki"; type = "loki"; @@ -124,14 +130,57 @@ }; }; - caddy.virtualHosts."http://stats.internal".extraConfig = '' - @local remote_ip private_ranges 100.64.0.0/10 - reverse_proxy @local http://${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port} - ''; + prometheus = { + port = 3020; + enable = true; + + exporters = { + node = { + port = 3021; + enabledCollectors = [ "systemd" ]; + enable = true; + }; + }; + + scrapeConfigs = [ + { + job_name = "caddy"; + static_configs = [{ + targets = [ + "127.0.0.1:2019" + ]; + }]; + } + { + job_name = "nodes"; + static_configs = [{ + targets = [ + "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" + ]; + }]; + } + ]; + }; + + caddy.virtualHosts = { + "http://prometheus.internal".extraConfig = '' + @local remote_ip private_ranges 100.64.0.0/10 + reverse_proxy @local http://127.0.0.1:${toString config.services.prometheus.port} + ''; + "http://promtail.internal".extraConfig = '' + @local remote_ip private_ranges 100.64.0.0/10 + reverse_proxy @local http://127.0.0.1:${toString config.services.promtail.configuration.server.http_listen_port} + ''; + "http://stats.internal".extraConfig = '' + @local remote_ip private_ranges 100.64.0.0/10 + reverse_proxy @local http://${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port} + ''; + }; borgbackup.jobs."borgbase".paths = [ "/var/lib/loki" "/var/lib/grafana" + "/var/lib/prometheus2" ]; }; diff --git a/services/jellyfin.nix b/services/jellyfin.nix index 690e76a..5ad59c6 100644 --- a/services/jellyfin.nix +++ b/services/jellyfin.nix @@ -34,36 +34,22 @@ jellyfin.enable = true; caddy.virtualHosts = { - "vue.jellyfin.catnip.ee" = { - extraConfig = '' - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - resolvers 1.1.1.1 - } + "vue.jellyfin.catnip.ee".extraConfig = '' + tls { + dns cloudflare {env.CLOUDFLARE_API_TOKEN} + resolvers 1.1.1.1 + } - reverse_proxy :${toString settings.ports.jellyfin_vue} - ''; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; - }; - "jellyfin.catnip.ee" = { - extraConfig = '' - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - resolvers 1.1.1.1 - } + reverse_proxy :${toString settings.ports.jellyfin_vue} + ''; + "jellyfin.catnip.ee".extraConfig = '' + tls { + dns cloudflare {env.CLOUDFLARE_API_TOKEN} + resolvers 1.1.1.1 + } - reverse_proxy :${toString settings.ports.jellyfin} - ''; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; - }; + reverse_proxy :${toString settings.ports.jellyfin} + ''; }; borgbackup.jobs."borgbase" = { diff --git a/services/mastodon.nix b/services/mastodon.nix index 277b9f3..c0630ee 100644 --- a/services/mastodon.nix +++ b/services/mastodon.nix @@ -21,53 +21,46 @@ }; }; - caddy.virtualHosts."fedi.catnip.ee" = { - extraConfig = '' - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - resolvers 1.1.1.1 - } + caddy.virtualHosts."fedi.catnip.ee".extraConfig = '' + tls { + dns cloudflare {env.CLOUDFLARE_API_TOKEN} + resolvers 1.1.1.1 + } - handle_path /system/* { - file_server * { - root /var/lib/mastodon/public-system - } + handle_path /system/* { + file_server * { + root /var/lib/mastodon/public-system } + } - handle /api/v1/streaming/* { - reverse_proxy unix//run/mastodon-streaming/streaming.socket - } + handle /api/v1/streaming/* { + reverse_proxy unix//run/mastodon-streaming/streaming.socket + } - route * { - file_server * { - root ${pkgs.mastodon}/public - pass_thru - } - reverse_proxy :${toString config.services.mastodon.webPort} + route * { + file_server * { + root ${pkgs.mastodon}/public + pass_thru } + reverse_proxy :${toString config.services.mastodon.webPort} + } - handle_errors { - root * ${pkgs.mastodon}/public - rewrite 500.html - file_server - } + handle_errors { + root * ${pkgs.mastodon}/public + rewrite 500.html + file_server + } - encode gzip + encode gzip - header /* { - Strict-Transport-Security "max-age=31536000;" - } - header /emoji/* Cache-Control "public, max-age=31536000, immutable" - header /packs/* Cache-Control "public, max-age=31536000, immutable" - header /system/accounts/avatars/* Cache-Control "public, max-age=31536000, immutable" - header /system/media_attachments/files/* Cache-Control "public, max-age=31536000, immutable" - ''; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; - }; + header /* { + Strict-Transport-Security "max-age=31536000;" + } + header /emoji/* Cache-Control "public, max-age=31536000, immutable" + header /packs/* Cache-Control "public, max-age=31536000, immutable" + header /system/accounts/avatars/* Cache-Control "public, max-age=31536000, immutable" + header /system/media_attachments/files/* Cache-Control "public, max-age=31536000, immutable" + ''; borgbackup.jobs."borgbase" = { paths = [ diff --git a/services/mautrix.nix b/services/mautrix.nix index b4d8c8b..0fb755b 100644 --- a/services/mautrix.nix +++ b/services/mautrix.nix @@ -12,21 +12,14 @@ services = { # mautrix-discord media proxy https://docs.mau.fi/bridges/go/discord/direct-media.html - caddy.virtualHosts."discord-media.catnip.ee" = { - extraConfig = '' - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - resolvers 1.1.1.1 - } + caddy.virtualHosts."discord-media.catnip.ee".extraConfig = '' + tls { + dns cloudflare {env.CLOUDFLARE_API_TOKEN} + resolvers 1.1.1.1 + } - reverse_proxy :29334 - ''; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; - }; + reverse_proxy :29334 + ''; # /var/lib/mautrix-telegram mautrix-telegram = { diff --git a/services/nextcloud.nix b/services/nextcloud.nix index a1e4eb4..e1af8d8 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -4,33 +4,26 @@ ]; services = { - caddy.virtualHosts."cloud.catnip.ee" = { - extraConfig = '' - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - resolvers 1.1.1.1 - } + caddy.virtualHosts."cloud.catnip.ee".extraConfig = '' + tls { + dns cloudflare {env.CLOUDFLARE_API_TOKEN} + resolvers 1.1.1.1 + } - redir /.well-known/carddav /remote.php/dav 301 - redir /.well-known/caldav /remote.php/dav 301 + redir /.well-known/carddav /remote.php/dav 301 + redir /.well-known/caldav /remote.php/dav 301 - header { - Strict-Transport-Security "max-age=31536000; includeSubDomains" - Referrer-Policy no-referrer - Referrer-Policy same-origin - Referrer-Policy strict-origin - Referrer-Policy strict-origin-when-cross-origin - Referrer-Policy no-referrer-when-downgrade - } + header { + Strict-Transport-Security "max-age=31536000; includeSubDomains" + Referrer-Policy no-referrer + Referrer-Policy same-origin + Referrer-Policy strict-origin + Referrer-Policy strict-origin-when-cross-origin + Referrer-Policy no-referrer-when-downgrade + } - reverse_proxy 127.0.0.1:${toString settings.ports.nextcloud} - ''; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; - }; + reverse_proxy 127.0.0.1:${toString settings.ports.nextcloud} + ''; # /var/lib/nextcloud nextcloud = { diff --git a/services/ntfy.nix b/services/ntfy.nix index 8c821aa..c1f387a 100644 --- a/services/ntfy.nix +++ b/services/ntfy.nix @@ -8,30 +8,23 @@ base-url = "https://ntfy.catnip.ee"; }; }; - caddy.virtualHosts."ntfy.catnip.ee" = { - extraConfig = '' - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - resolvers 1.1.1.1 - } + caddy.virtualHosts."ntfy.catnip.ee".extraConfig = '' + tls { + dns cloudflare {env.CLOUDFLARE_API_TOKEN} + resolvers 1.1.1.1 + } - reverse_proxy ${config.services.ntfy-sh.settings.listen-http} + reverse_proxy ${config.services.ntfy-sh.settings.listen-http} - # Redirect HTTP to HTTPS, but only for GET topic addresses, since we want - # it to work with curl without the annoying https:// prefix. - @httpget { - protocol http - method GET - path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/) - } - redir @httpget https://{host}{uri} - ''; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; - }; + # Redirect HTTP to HTTPS, but only for GET topic addresses, since we want + # it to work with curl without the annoying https:// prefix. + @httpget { + protocol http + method GET + path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/) + } + redir @httpget https://{host}{uri} + ''; borgbackup.jobs."borgbase".paths = [ "/var/lib/ntfy-sh" diff --git a/services/pds.nix b/services/pds.nix index fe07572..d37b432 100644 --- a/services/pds.nix +++ b/services/pds.nix @@ -44,11 +44,6 @@ } ''; serverAliases = [ "*.bsky.ee" ]; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; }; borgbackup.jobs."borgbase".paths = [ diff --git a/services/wakapi.nix b/services/wakapi.nix index d1c9516..11d5762 100644 --- a/services/wakapi.nix +++ b/services/wakapi.nix @@ -1,20 +1,13 @@ { config, ... }: { services = { - caddy.virtualHosts."waka.catnip.ee" = { - extraConfig = '' - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - resolvers 1.1.1.1 - } + caddy.virtualHosts."waka.catnip.ee".extraConfig = '' + tls { + dns cloudflare {env.CLOUDFLARE_API_TOKEN} + resolvers 1.1.1.1 + } - reverse_proxy :${toString config.services.wakapi.settings.server.port} - ''; - logFormat = '' - output file ${config.services.caddy.logDir}/access.log { - mode 640 - } - ''; - }; + reverse_proxy :${toString config.services.wakapi.settings.server.port} + ''; wakapi = { enable = true;