commit d9063f2c0013645af8eba732315aa30a1828f7d4
parent de5d72493f46a7c17af5210784f15060d845dab7
Author: Katja (ctucx) <git@ctu.cx>
Date: Thu, 24 Apr 2025 11:53:03 +0200
parent de5d72493f46a7c17af5210784f15060d845dab7
Author: Katja (ctucx) <git@ctu.cx>
Date: Thu, 24 Apr 2025 11:53:03 +0200
nodes: move prometheus/grafana to `rabbit`
11 files changed, 177 insertions(+), 177 deletions(-)
D
|
79
-------------------------------------------------------------------------------
A
|
79
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
D
|
80
-------------------------------------------------------------------------------
A
|
80
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/configurations/nixos/configure/smarthome/mqtt-webui/config.nix b/configurations/nixos/configure/smarthome/mqtt-webui/config.nix @@ -157,7 +157,7 @@ in { title = "Grafana-Dashboard"; type = "text"; icon = "icons/sun.png"; - link = "https://grafana.ctu.cx/d/FRDYqjEGz/smarthome-influx?orgId=1&refresh=5s"; + link = "https://grafana.infra.katja.wtf/d/FRDYqjEGz/smarthome-influx?orgId=1&refresh=5s"; } ]; }
diff --git a/configurations/nixos/websites/grafana.ctu.cx/default.nix b/configurations/nixos/websites/grafana.ctu.cx/default.nix @@ -1,79 +0,0 @@ -{ inputs, secrets, config, lib, pkgs, ... }: - -{ - - dns.zones."katja.wtf".subdomains."grafana.infra".CNAME = [ "${config.networking.fqdn}." ]; - - age.secrets.grafanaInfluxTokenMqttData = { - file = secrets.briefkasten.influx.grafanaTokenMqttData; - owner = "grafana"; - }; - - systemd.services.grafana.onFailure = [ "ntfysh-notify-failure@%i.service" ]; - - services.grafana = { - enable = true; - settings = { - server = { - domain = "grafana.infra.katja.wtf"; - root_url = "https://${config.services.grafana.settings.server.domain}/"; - http_addr = "::1"; - http_port = 3001; - }; - security.allow_embedding = true; - "users".auto_assign_org_role = "Viewer"; -# "users".viewers_can_edit = true; - "users".home_page = "/d/FRDYqjEGz/smarthome-influx"; - "auth".disable_login_form = true; - "auth.basic".enabled = false; - "auth.anonymous".enabled = true; - "auth.anonymous".org_name = "Main Org."; - "auth.anonymous".org_role = "Viewer"; - }; - - provision = { - enable = true; - datasources.settings.datasources = [ - - { - name = "Prometheus"; - type = "prometheus"; - url = "https://prometheus.ctu.cx/"; - isDefault = true; - editable = false; - jsonData.timeInterval = "20s"; - } - - { - name = "InfluxDB (mqttData)"; - type = "influxdb"; - url = "https://influx.home.infra.katja.wtf"; - orgId = 1; - database = "mqttData"; - editable = false; - jsonData.version = "Flux"; - jsonData.organization = "katja"; - jsonData.defaultBucket = "mqttData"; - secureJsonData.token = "$__file{${config.age.secrets.grafanaInfluxTokenMqttData.path}}"; - } - - ]; - - dashboards.settings.providers = [{ - folder = "provisioned"; - options.path = ./dashboards; - }]; - }; - }; - - services.nginx = { - enable = true; - virtualHosts."${config.services.grafana.settings.server.domain}" = { - useACMEHost = "${config.networking.fqdn}"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://[::1]:${toString config.services.grafana.settings.server.http_port}/"; - }; - }; - -}
diff --git a/configurations/nixos/websites/grafana.infra.katja.wtf/default.nix b/configurations/nixos/websites/grafana.infra.katja.wtf/default.nix @@ -0,0 +1,79 @@ +{ inputs, secrets, config, lib, pkgs, ... }: + +{ + + dns.zones."katja.wtf".subdomains."grafana.infra".CNAME = [ "${config.networking.fqdn}." ]; + + age.secrets.grafanaInfluxTokenMqttData = { + file = secrets.briefkasten.influx.grafanaTokenMqttData; + owner = "grafana"; + }; + + systemd.services.grafana.onFailure = [ "ntfysh-notify-failure@%i.service" ]; + + services.grafana = { + enable = true; + settings = { + server = { + domain = "grafana.infra.katja.wtf"; + root_url = "https://${config.services.grafana.settings.server.domain}/"; + http_addr = "::1"; + http_port = 3001; + }; + security.allow_embedding = true; + "users".auto_assign_org_role = "Viewer"; +# "users".viewers_can_edit = true; + "users".home_page = "/d/FRDYqjEGz/smarthome-influx"; + "auth".disable_login_form = true; + "auth.basic".enabled = false; + "auth.anonymous".enabled = true; + "auth.anonymous".org_name = "Main Org."; + "auth.anonymous".org_role = "Viewer"; + }; + + provision = { + enable = true; + datasources.settings.datasources = [ + + { + name = "Prometheus"; + type = "prometheus"; + url = "https://prometheus.infra.katja.wtf/"; + isDefault = true; + editable = false; + jsonData.timeInterval = "20s"; + } + + { + name = "InfluxDB (mqttData)"; + type = "influxdb"; + url = "https://influx.home.infra.katja.wtf"; + orgId = 1; + database = "mqttData"; + editable = false; + jsonData.version = "Flux"; + jsonData.organization = "katja"; + jsonData.defaultBucket = "mqttData"; + secureJsonData.token = "$__file{${config.age.secrets.grafanaInfluxTokenMqttData.path}}"; + } + + ]; + + dashboards.settings.providers = [{ + folder = "provisioned"; + options.path = ./dashboards; + }]; + }; + }; + + services.nginx = { + enable = true; + virtualHosts."${config.services.grafana.settings.server.domain}" = { + useACMEHost = "${config.networking.fqdn}"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://[::1]:${toString config.services.grafana.settings.server.http_port}/"; + }; + }; + +}
diff --git a/configurations/nixos/websites/prometheus.ctu.cx.nix b/configurations/nixos/websites/prometheus.ctu.cx.nix @@ -1,80 +0,0 @@ -{ inputs, config, lib, pkgs, ... }: - -{ - - dns.zones."ctu.cx".subdomains.prometheus.CNAME = [ "${config.networking.fqdn}." ]; - - systemd.services.prometheus.onFailure = [ "ntfysh-notify-failure@%i.service" ]; - - services = { - prometheus = { - enable = true; - webExternalUrl = "https://prometheus.${config.networking.domain}/"; - listenAddress = "[::1]"; - port = 9090; - scrapeConfigs = [ - { - job_name = "node-exporter"; - scrape_interval = "30s"; - scheme = "https"; - metrics_path = "/node-exporter"; - static_configs = [{ - targets = (lib.mapAttrsToList ( - name: host: lib.mkIf ( - host.config.services.prometheus.exporters.node.enable == true && - host.config.networking.hostName != "" && - host.config.networking.domain != "" - ) host.config.networking.fqdn - ) inputs.self.nixosConfigurations); - }]; - } - - { - job_name = "systemd-exporter"; - scrape_interval = "30s"; - scheme = "https"; - metrics_path = "/systemd-exporter"; - static_configs = [{ - targets = (lib.mapAttrsToList ( - name: host: lib.mkIf ( - host.config.services.prometheus.exporters.node.enable == true && - host.config.networking.hostName != "" && - host.config.networking.domain != "" - ) host.config.networking.fqdn - ) inputs.self.nixosConfigurations); - }]; - } - - { - job_name = "scaphandre-exporter"; - scrape_interval = "30s"; - scheme = "https"; - metrics_path = "/scaphandre-exporter"; - static_configs = [{ - targets = (lib.mapAttrsToList ( - name: host: lib.mkIf ( - host.config.services.prometheus.exporters.scaphandre.enable == true && - host.config.networking.hostName != "" && - host.config.networking.domain != "" - ) host.config.networking.fqdn - ) inputs.self.nixosConfigurations); - }]; - } - - ]; - }; - - - nginx = { - enable = true; - virtualHosts."prometheus.${config.networking.domain}" = { - useACMEHost = "${config.networking.fqdn}"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://[::1]:${toString config.services.prometheus.port}/"; - }; - }; - - }; - -}
diff --git a/configurations/nixos/websites/prometheus.infra.katja.wtf.nix b/configurations/nixos/websites/prometheus.infra.katja.wtf.nix @@ -0,0 +1,80 @@ +{ inputs, config, lib, pkgs, ... }: + +{ + + dns.zones."katja.wtf".subdomains."prometheus.infra".CNAME = [ "${config.networking.fqdn}." ]; + + systemd.services.prometheus.onFailure = [ "ntfysh-notify-failure@%i.service" ]; + + services = { + prometheus = { + enable = true; + webExternalUrl = "https://prometheus.${config.networking.domain}/"; + listenAddress = "[::1]"; + port = 9090; + scrapeConfigs = [ + { + job_name = "node-exporter"; + scrape_interval = "30s"; + scheme = "https"; + metrics_path = "/node-exporter"; + static_configs = [{ + targets = (lib.mapAttrsToList ( + name: host: lib.mkIf ( + host.config.services.prometheus.exporters.node.enable == true && + host.config.networking.hostName != "" && + host.config.networking.domain != "" + ) host.config.networking.fqdn + ) inputs.self.nixosConfigurations); + }]; + } + + { + job_name = "systemd-exporter"; + scrape_interval = "30s"; + scheme = "https"; + metrics_path = "/systemd-exporter"; + static_configs = [{ + targets = (lib.mapAttrsToList ( + name: host: lib.mkIf ( + host.config.services.prometheus.exporters.node.enable == true && + host.config.networking.hostName != "" && + host.config.networking.domain != "" + ) host.config.networking.fqdn + ) inputs.self.nixosConfigurations); + }]; + } + + { + job_name = "scaphandre-exporter"; + scrape_interval = "30s"; + scheme = "https"; + metrics_path = "/scaphandre-exporter"; + static_configs = [{ + targets = (lib.mapAttrsToList ( + name: host: lib.mkIf ( + host.config.services.prometheus.exporters.scaphandre.enable == true && + host.config.networking.hostName != "" && + host.config.networking.domain != "" + ) host.config.networking.fqdn + ) inputs.self.nixosConfigurations); + }]; + } + + ]; + }; + + + nginx = { + enable = true; + virtualHosts."prometheus.${config.networking.domain}" = { + useACMEHost = "${config.networking.fqdn}"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://[::1]:${toString config.services.prometheus.port}/"; + }; + }; + + }; + +}
diff --git a/flake.nix b/flake.nix @@ -122,7 +122,7 @@ |> nixpkgsLib.flatten |> builtins.listToAttrs ) // { - "secrets/briefkasten/influx/grafanaTokenMqttData.age".publicKeys = with inputs.self.agenixKeys; [ main briefkasten hector ]; + "secrets/briefkasten/influx/grafanaTokenMqttData.age".publicKeys = with inputs.self.agenixKeys; [ main briefkasten rabbit ]; }; ctucxConfig = rec {
diff --git a/nodes/hector/default.nix b/nodes/hector/default.nix @@ -32,10 +32,6 @@ ctucxConfig.websites."oeffi.katja.wtf" ctucxConfig.websites."grocy.ctu.cx" - # monitoring - ctucxConfig.websites."prometheus.ctu.cx" - ctucxConfig.websites."grafana.ctu.cx" - # cal-/card-dav server (radicale) ctucxConfig.websites."dav.ctu.cx"
diff --git a/nodes/rabbit/default.nix b/nodes/rabbit/default.nix @@ -23,6 +23,10 @@ ctucxConfig.services.prometheus-exporters ctucxConfig.services.dns-server + + # monitoring + ctucxConfig.websites."prometheus.infra.katja.wtf" + ctucxConfig.websites."grafana.infra.katja.wtf" ]; home-manager.users.katja.imports = [
diff --git a/secrets/briefkasten/influx/grafanaTokenMqttData.age b/secrets/briefkasten/influx/grafanaTokenMqttData.age @@ -1,14 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzcjl5S3JZM1pDU3FLTzcr -WjVRS1YrQkllL3ZURWxBT2pvZ0FHT3lIZ1JZCjJKTXQwTjRMTkoyZXBSdDhkM2o4 -V3M3WjRRemFmbm5CdHBkVFpVclU0ZE0KLT4gc3NoLWVkMjU1MTkgNGhLQ013IFp1 -RHExM08rRzVxaUJhYjdBV256N3VZdkFEMWo1YjBkVUZNNC9zWFB3a1EKVTU2S2x1 -TXFySDcyV3p5d3pSaUhaRFBtaHBBZjN2OFVkR2dPVTgwUVA3WQotPiBzc2gtZWQy -NTUxOSB5YUxIU1EgT1o1dHRPbGlsRXE0WVd5eXErUkx1L0RkUnFSZ3NRNUdYZHpy -aVZEWmJYMApsUTIzZW51VHUxdUZ6NkNDZlJHcHpycWVNTEtCc0FDRXpMckJwZUFK -S1JZCi0+IEN4Qy1ncmVhc2UgfVUjcXpBCgotLS0gZzlzall0Uk1xeXZtMUtHRTl0 -Y015QnZmY3htSVdQZ3JMcUplcjdZMUpSQQrdQRs9c5WEwrJYqCYlGbOiBz7WDSHe -hkZ4pHMfucJpM6G1B4FrXsuPPcLU8EdQf66ArovWDsUE110k7dKaiKgmqBHsn36K -ZAMXX1grJcWGpUblmVCScDfRJvyOthrU9earpoXxVvYbGh9Iwif6LaNg9+rzJta8 -uVQ= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZndhbWF6VGY5UHIrVWl0 +M2xURjlxcVFEczc5RS9UaFlSZUJ6REcyT1U4Ck9pRmkxdVZiYXJNR2tFRE9TejFw +YUFhTTNRLzhuNFBkRGRMaXlhTUs1b2MKLT4gc3NoLWVkMjU1MTkgNGhLQ013IGlt +Q0RxNFZweFB6NTYrUE81ZUttOCs1N1g2SlpXaWFOYmI3UFFIcXE2Z3cKNklnNndX +bWhiRjRGZ2lnSGlNSGFKUFBFQlJQSXV0ZmFBTHoxOEZ0aENjbwotPiBzc2gtZWQy +NTUxOSBoa0x1RWcgaVBUZktORU5IY054Wmc5V0dLdFQxOStqK3IvTTY3L2h1amhC +Yy9zRFd3RQppUWh5ZldxYldJaTVJeWtNbEtwZ3ZMazhWRk80azA2ZldLNmxUWS9G +UnV3Ci0+ICJRLWdyZWFzZSB6YVogawppQQotLS0gYThZZWxjRk9jL1dQM2dsWDZn +ODlDVXNyK0VnR0p0RGNxSVU1RTRIODZGWQq1vmDTI7OhbyHCAcRvpZCE16sX6tYM +3pdhKyIlmMOISiPdZz0WOuEsXbI9JhbIZxVWTmprd3VasA+f6vskMUQ0sWdK2qri +Hu7fww2gjDtAiXlD1jsjBGFOVsyTUqjJYTbIIoAEJPF1Ss5JOKkVVwLd0RdChl4C +SDk= -----END AGE ENCRYPTED FILE-----