Add promethus

2024-11-30 15:38:34 +02:00 · 2024-11-30 15:38:34 +02:00 · 7303d7c8e0
commit 7303d7c8e0
parent cb41a522fa
14 changed files with 180 additions and 237 deletions
--- a/caddy/default.nix
+++ b/caddy/default.nix
@ -40,6 +40,20 @@ in
      plugins = [ "github.com/caddy-dns/cloudflare" ];
    });

+    globalConfig = ''
+      servers {
+        metrics
+      }
+
+      admin 0.0.0.0:2019
+    '';
+
+    logFormat = ''
+      output file ${config.services.caddy.logDir}/access.log {
+        mode 640
+      }
+    '';
+
    virtualHosts = {
      "xn--tdaa.ee" = {
        extraConfig = ''
@ -54,11 +68,6 @@ in
          }
        '';
        serverAliases = [ "üü.ee" ];
-        logFormat = ''
-          output file ${config.services.caddy.logDir}/access.log {
-            mode 640
-          }
-        '';
      };
      "kaya.ee" = {
        extraConfig = ''
@ -69,12 +78,6 @@ in

          respond owo
        '';
-
-        logFormat = ''
-          output file ${config.services.caddy.logDir}/access.log {
-            mode 640
-          }
-        '';
      };

      "lastfm.catnip.ee" = {
@ -86,11 +89,6 @@ in

          reverse_proxy :${toString config.services.lastfm-status.port}
        '';
-        logFormat = ''
-          output file ${config.services.caddy.logDir}/access.log {
-            mode 640
-          }
-        '';
      };

      "http://syncthing.internal".extraConfig = ''
@ -153,11 +151,6 @@ in
            hide .Trash-1000
          }
        '';
-        logFormat = ''
-          output file ${config.services.caddy.logDir}/access.log {
-            mode 640
-          }
-        '';
      };

      "chat.catnip.ee".extraConfig = ''
@ -204,11 +197,6 @@ in
            reverse_proxy :${toString settings.ports.mautrix-telegram}
          }
        '';
-        logFormat = ''
-          output file ${config.services.caddy.logDir}/access.log {
-            mode 640
-          }
-        '';
      };

      "catnip.ee" = {
@ -234,11 +222,6 @@ in
            respond `{"m.server": "matrix.catnip.ee:443"}`
          }
        '';
-        logFormat = ''
-          output file ${config.services.caddy.logDir}/access.log {
-            mode 640
-          }
-        '';
      };
      "www.catnip.ee" = {
        extraConfig = ''
@ -249,11 +232,6 @@ in

          redir https://catnip.ee{uri} permanent
        '';
-        logFormat = ''
-          output file ${config.services.caddy.logDir}/access.log {
-            mode 640
-          }
-        '';
      };

      "confess.catnip.ee" = {
@ -265,11 +243,6 @@ in

          reverse_proxy :${toString config.services.confess-web.port}
        '';
-        logFormat = ''
-          output file ${config.services.caddy.logDir}/access.log {
-            mode 640
-          }
-        '';
      };

      ":80".extraConfig = ''
--- a/games/minecraft/default.nix
+++ b/games/minecraft/default.nix
@ -7,17 +7,12 @@
  nixpkgs.overlays = [ inputs.nix-minecraft.overlay ];

  services = {
-    caddy.virtualHosts."drasl.snailcore.net" = {
-      extraConfig = ''
+    caddy.virtualHosts."drasl.snailcore.net".extraConfig = ''
      reverse_proxy http://${config.services.drasl.settings.ListenAddress}
-      '';
-      logFormat = ''
-        output file ${config.services.caddy.logDir}/access.log {
-          mode 640
-        }
-      '';
-    };
-    minecraft-servers = { # /srv/minecraft
+    '';
+
+    minecraft-servers = {
+      # /srv/minecraft
      enable = true;
      eula = true;

--- a/services/blocky.nix
+++ b/services/blocky.nix
@ -40,6 +40,8 @@
            "lidarr.internal"
            "syncthing.internal"
            "stats.internal"
+            "promtail.internal"
+            "prometheus.internal"
          ] "100.93.150.89";
        };
      conditional =
--- a/services/coturn.nix
+++ b/services/coturn.nix
@ -17,12 +17,6 @@ in
      '';

      useACMEHost = config.services.coturn.realm;
-
-      logFormat = ''
-        output file ${config.services.caddy.logDir}/access.log {
-          mode 640
-        }
-      '';
    };

    coturn = rec {
--- a/services/feishin.nix
+++ b/services/feishin.nix
@ -18,19 +18,12 @@
    ];
  };

-  services.caddy.virtualHosts."player.catnip.ee" = {
-    extraConfig = ''
-      tls {
-        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
-        resolvers 1.1.1.1
-      }
+  services.caddy.virtualHosts."player.catnip.ee".extraConfig = ''
+    tls {
+      dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+      resolvers 1.1.1.1
+    }

-      reverse_proxy :${toString settings.ports.feishin}
-    '';
-    logFormat = ''
-      output file ${config.services.caddy.logDir}/access.log {
-        mode 640
-      }
-    '';
-  };
+    reverse_proxy :${toString settings.ports.feishin}
+  '';
 }
--- a/services/forgejo.nix
+++ b/services/forgejo.nix
@ -54,23 +54,14 @@
      };
    };

-    caddy.virtualHosts = {
-      "forge.catnip.ee" = {
-        extraConfig = ''
-          tls {
-            dns cloudflare {env.CLOUDFLARE_API_TOKEN}
-            resolvers 1.1.1.1
-          }
+    caddy.virtualHosts."forge.catnip.ee".extraConfig = ''
+      tls {
+        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        resolvers 1.1.1.1
+      }

-          reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT}
-        '';
-        logFormat = ''
-          output file ${config.services.caddy.logDir}/access.log {
-            mode 640
-          }
-        '';
-      };
-    };
+      reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT}
+    '';

    borgbackup.jobs."borgbase" = {
      paths = [
--- a/services/grafana.nix
+++ b/services/grafana.nix
@ -6,6 +6,12 @@
      provision = {
        enable = true;
        datasources.settings.datasources = [
+          {
+            name = "Prometheus";
+            type = "prometheus";
+            access = "proxy";
+            url = "http://127.0.0.1:${toString config.services.prometheus.port}";
+          }
          {
            name = "loki";
            type = "loki";
@ -124,14 +130,57 @@
      };
    };

-    caddy.virtualHosts."http://stats.internal".extraConfig = ''
-      @local remote_ip private_ranges 100.64.0.0/10
-      reverse_proxy @local http://${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}
-    '';
+    prometheus = {
+      port = 3020;
+      enable = true;
+
+      exporters = {
+        node = {
+          port = 3021;
+          enabledCollectors = [ "systemd" ];
+          enable = true;
+        };
+      };
+
+      scrapeConfigs = [
+        {
+          job_name = "caddy";
+          static_configs = [{
+            targets = [
+              "127.0.0.1:2019"
+            ];
+          }];
+        }
+        {
+          job_name = "nodes";
+          static_configs = [{
+            targets = [
+              "127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
+            ];
+          }];
+        }
+      ];
+    };
+
+    caddy.virtualHosts = {
+      "http://prometheus.internal".extraConfig = ''
+        @local remote_ip private_ranges 100.64.0.0/10
+        reverse_proxy @local http://127.0.0.1:${toString config.services.prometheus.port}
+      '';
+      "http://promtail.internal".extraConfig = ''
+        @local remote_ip private_ranges 100.64.0.0/10
+        reverse_proxy @local http://127.0.0.1:${toString config.services.promtail.configuration.server.http_listen_port}
+      '';
+      "http://stats.internal".extraConfig = ''
+        @local remote_ip private_ranges 100.64.0.0/10
+        reverse_proxy @local http://${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}
+      '';
+    };

    borgbackup.jobs."borgbase".paths = [
      "/var/lib/loki"
      "/var/lib/grafana"
+      "/var/lib/prometheus2"
    ];
  };

--- a/services/jellyfin.nix
+++ b/services/jellyfin.nix
@ -34,36 +34,22 @@
    jellyfin.enable = true;

    caddy.virtualHosts = {
-      "vue.jellyfin.catnip.ee" = {
-        extraConfig = ''
-          tls {
-            dns cloudflare {env.CLOUDFLARE_API_TOKEN}
-            resolvers 1.1.1.1
-          }
+      "vue.jellyfin.catnip.ee".extraConfig = ''
+        tls {
+          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+          resolvers 1.1.1.1
+        }

-          reverse_proxy :${toString settings.ports.jellyfin_vue}
-        '';
-        logFormat = ''
-          output file ${config.services.caddy.logDir}/access.log {
-            mode 640
-          }
-        '';
-      };
-      "jellyfin.catnip.ee" = {
-        extraConfig = ''
-          tls {
-            dns cloudflare {env.CLOUDFLARE_API_TOKEN}
-            resolvers 1.1.1.1
-          }
+        reverse_proxy :${toString settings.ports.jellyfin_vue}
+      '';
+      "jellyfin.catnip.ee".extraConfig = ''
+        tls {
+          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+          resolvers 1.1.1.1
+        }

-          reverse_proxy :${toString settings.ports.jellyfin}
-        '';
-        logFormat = ''
-          output file ${config.services.caddy.logDir}/access.log {
-            mode 640
-          }
-        '';
-      };
+        reverse_proxy :${toString settings.ports.jellyfin}
+      '';
    };

    borgbackup.jobs."borgbase" = {
--- a/services/mastodon.nix
+++ b/services/mastodon.nix
@ -21,53 +21,46 @@
      };
    };

-    caddy.virtualHosts."fedi.catnip.ee" = {
-      extraConfig = ''
-        tls {
-          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
-          resolvers 1.1.1.1
-        }
+    caddy.virtualHosts."fedi.catnip.ee".extraConfig = ''
+      tls {
+        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        resolvers 1.1.1.1
+      }

-        handle_path /system/* {
-          file_server * {
-            root /var/lib/mastodon/public-system
-          }
+      handle_path /system/* {
+        file_server * {
+          root /var/lib/mastodon/public-system
        }
+      }

-        handle /api/v1/streaming/* {
-          reverse_proxy unix//run/mastodon-streaming/streaming.socket
-        }
+      handle /api/v1/streaming/* {
+        reverse_proxy unix//run/mastodon-streaming/streaming.socket
+      }

-        route * {
-          file_server * {
-            root ${pkgs.mastodon}/public
-            pass_thru
-          }
-          reverse_proxy :${toString config.services.mastodon.webPort}
+      route * {
+        file_server * {
+          root ${pkgs.mastodon}/public
+          pass_thru
        }
+        reverse_proxy :${toString config.services.mastodon.webPort}
+      }

-        handle_errors {
-          root * ${pkgs.mastodon}/public
-          rewrite 500.html
-          file_server
-        }
+      handle_errors {
+        root * ${pkgs.mastodon}/public
+        rewrite 500.html
+        file_server
+      }

-        encode gzip
+      encode gzip

-        header /* {
-          Strict-Transport-Security "max-age=31536000;"
-        }
-        header /emoji/* Cache-Control "public, max-age=31536000, immutable"
-        header /packs/* Cache-Control "public, max-age=31536000, immutable"
-        header /system/accounts/avatars/* Cache-Control "public, max-age=31536000, immutable"
-        header /system/media_attachments/files/* Cache-Control "public, max-age=31536000, immutable"
-      '';
-      logFormat = ''
-        output file ${config.services.caddy.logDir}/access.log {
-            mode 640
-        }
-      '';
-    };
+      header /* {
+        Strict-Transport-Security "max-age=31536000;"
+      }
+      header /emoji/* Cache-Control "public, max-age=31536000, immutable"
+      header /packs/* Cache-Control "public, max-age=31536000, immutable"
+      header /system/accounts/avatars/* Cache-Control "public, max-age=31536000, immutable"
+      header /system/media_attachments/files/* Cache-Control "public, max-age=31536000, immutable"
+    '';

    borgbackup.jobs."borgbase" = {
      paths = [
--- a/services/mautrix.nix
+++ b/services/mautrix.nix
@ -12,21 +12,14 @@

  services = {
    # mautrix-discord media proxy https://docs.mau.fi/bridges/go/discord/direct-media.html
-    caddy.virtualHosts."discord-media.catnip.ee" = {
-      extraConfig = ''
-        tls {
-          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
-          resolvers 1.1.1.1
-        }
+    caddy.virtualHosts."discord-media.catnip.ee".extraConfig = ''
+      tls {
+        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        resolvers 1.1.1.1
+      }

-        reverse_proxy :29334
-      '';
-      logFormat = ''
-        output file ${config.services.caddy.logDir}/access.log {
-          mode 640
-        }
-      '';
-    };
+      reverse_proxy :29334
+    '';

    # /var/lib/mautrix-telegram
    mautrix-telegram = {
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@ -4,33 +4,26 @@
  ];

  services = {
-    caddy.virtualHosts."cloud.catnip.ee" = {
-      extraConfig = ''
-        tls {
-          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
-          resolvers 1.1.1.1
-        }
+    caddy.virtualHosts."cloud.catnip.ee".extraConfig = ''
+      tls {
+        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        resolvers 1.1.1.1
+      }

-        redir /.well-known/carddav /remote.php/dav 301
-        redir /.well-known/caldav /remote.php/dav 301
+      redir /.well-known/carddav /remote.php/dav 301
+      redir /.well-known/caldav /remote.php/dav 301

-        header {
-           Strict-Transport-Security "max-age=31536000; includeSubDomains"
-           Referrer-Policy no-referrer
-           Referrer-Policy same-origin
-           Referrer-Policy strict-origin
-           Referrer-Policy strict-origin-when-cross-origin
-           Referrer-Policy no-referrer-when-downgrade
-         }
+      header {
+         Strict-Transport-Security "max-age=31536000; includeSubDomains"
+         Referrer-Policy no-referrer
+         Referrer-Policy same-origin
+         Referrer-Policy strict-origin
+         Referrer-Policy strict-origin-when-cross-origin
+         Referrer-Policy no-referrer-when-downgrade
+       }

-         reverse_proxy 127.0.0.1:${toString settings.ports.nextcloud}
-      '';
-      logFormat = ''
-        output file ${config.services.caddy.logDir}/access.log {
-          mode 640
-        }
-      '';
-    };
+       reverse_proxy 127.0.0.1:${toString settings.ports.nextcloud}
+    '';

    # /var/lib/nextcloud
    nextcloud = {
--- a/services/ntfy.nix
+++ b/services/ntfy.nix
@ -8,30 +8,23 @@
        base-url = "https://ntfy.catnip.ee";
      };
    };
-    caddy.virtualHosts."ntfy.catnip.ee" = {
-      extraConfig = ''
-        tls {
-          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
-          resolvers 1.1.1.1
-        }
+    caddy.virtualHosts."ntfy.catnip.ee".extraConfig = ''
+      tls {
+        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        resolvers 1.1.1.1
+      }

-        reverse_proxy ${config.services.ntfy-sh.settings.listen-http}
+      reverse_proxy ${config.services.ntfy-sh.settings.listen-http}

-        # Redirect HTTP to HTTPS, but only for GET topic addresses, since we want
-        # it to work with curl without the annoying https:// prefix.
-        @httpget {
-            protocol http
-            method GET
-            path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/)
-        }
-        redir @httpget https://{host}{uri}
-      '';
-      logFormat = ''
-        output file ${config.services.caddy.logDir}/access.log {
-          mode 640
-        }
-      '';
-    };
+      # Redirect HTTP to HTTPS, but only for GET topic addresses, since we want
+      # it to work with curl without the annoying https:// prefix.
+      @httpget {
+          protocol http
+          method GET
+          path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/)
+      }
+      redir @httpget https://{host}{uri}
+    '';

    borgbackup.jobs."borgbase".paths = [
      "/var/lib/ntfy-sh"
--- a/services/pds.nix
+++ b/services/pds.nix
@ -44,11 +44,6 @@
        }
      '';
      serverAliases = [ "*.bsky.ee" ];
-      logFormat = ''
-        output file ${config.services.caddy.logDir}/access.log {
-          mode 640
-        }
-      '';
    };

    borgbackup.jobs."borgbase".paths = [
--- a/services/wakapi.nix
+++ b/services/wakapi.nix
@ -1,20 +1,13 @@
 { config, ... }: {
  services = {
-    caddy.virtualHosts."waka.catnip.ee" = {
-      extraConfig = ''
-        tls {
-          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
-          resolvers 1.1.1.1
-        }
+    caddy.virtualHosts."waka.catnip.ee".extraConfig = ''
+      tls {
+        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        resolvers 1.1.1.1
+      }

-        reverse_proxy :${toString config.services.wakapi.settings.server.port}
-      '';
-      logFormat = ''
-        output file ${config.services.caddy.logDir}/access.log {
-          mode 640
-        }
-      '';
-    };
+      reverse_proxy :${toString config.services.wakapi.settings.server.port}
+    '';

    wakapi = {
      enable = true;