servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(monitoring): dashboard provisioning, sops secret, exportarr off

Browse Source
This commit is contained in:
Servius
2026-02-01 21:09:52 +05:30
parent d5396917c3
commit 22d619b3ce
2 changed files with 151 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
nixos/tako/services/monitoring.nix
View File

@@ -78,42 +78,23 @@ in {
]; ];
# Provision popular community dashboards # Provision popular community dashboards
dashboards.path = let dashboards = {
# Define dashboard files with proper hashes settings = {
nodeExporterFull = pkgs.fetchurl { apiVersion = 1;
url = "https://grafana.com/api/dashboards/1860/revisions/37/download"; providers = [
sha256 = "0qza4j8lywrj08bqbww52dgh2p2b9rkhq5p313g72i57lrlkacfl"; {
name = "default";
orgId = 1;
folder = "";
type = "file";
disableDeletion = false;
updateIntervalSeconds = 10;
allowUiUpdates = true;
options.path = "/var/lib/grafana/dashboards";
}
];
}; };
nvidiaDashboard = pkgs.fetchurl { };
url = "https://grafana.com/api/dashboards/14574/revisions/9/download";
sha256 = "170ijap5i99sapkxlf3k0lnvwmb6g9jkk7q66nwjwswkj2a7rqbr";
};
postgresqlDashboard = pkgs.fetchurl {
url = "https://grafana.com/api/dashboards/9628/revisions/7/download";
sha256 = "0xmk68kqb9b8aspjj2f8wxv2mxiqk9k3xs0yal4szmzbv65c6k66";
};
redisDashboard = pkgs.fetchurl {
url = "https://grafana.com/api/dashboards/11835/revisions/1/download";
sha256 = "15lbn4i8j5hiypl4dsg0d72jgrgjwpagkf5kcwx66gyps17jcrxx";
};
dockerDashboard = pkgs.fetchurl {
url = "https://grafana.com/api/dashboards/193/revisions/1/download";
sha256 = "1lxbbl91fh0yfh8x53205b7nw5ivghlpfb0m308z2p6fzvz2iq2m";
};
caddyDashboard = pkgs.fetchurl {
url = "https://grafana.com/api/dashboards/14280/revisions/1/download";
sha256 = "0j3q68cq1nj8gcxkqz5h1kn1ds5kgq4jlkw73xp6yc88mbm5nyh4";
};
in
pkgs.runCommand "grafana-dashboards" {} ''
mkdir -p $out
cp ${nodeExporterFull} $out/node-exporter-full.json
cp ${nvidiaDashboard} $out/nvidia-gpu.json
cp ${postgresqlDashboard} $out/postgresql.json
cp ${redisDashboard} $out/redis.json
cp ${dockerDashboard} $out/docker-cadvisor.json
cp ${caddyDashboard} $out/caddy.json
'';
}; };
}; };
@@ -418,24 +399,74 @@ in {
}; };
# Link dashboard files from Nix store to Grafana's expected location # Link dashboard files from Nix store to Grafana's expected location
# systemd.tmpfiles.rules = let systemd.tmpfiles.rules = let
# dashboardPath = config.services.grafana.provision.dashboards.path; # Define dashboard files with proper hashes
# in [ nodeExporterFull = pkgs.fetchurl {
# "L+ /var/lib/grafana/dashboards/node-exporter-full.json - - - - ${dashboardPath}/node-exporter-full.json" url = "https://grafana.com/api/dashboards/1860/revisions/37/download";
# "L+ /var/lib/grafana/dashboards/nvidia-gpu.json - - - - ${dashboardPath}/nvidia-gpu.json" sha256 = "0qza4j8lywrj08bqbww52dgh2p2b9rkhq5p313g72i57lrlkacfl";
# "L+ /var/lib/grafana/dashboards/postgresql.json - - - - ${dashboardPath}/postgresql.json" };
# "L+ /var/lib/grafana/dashboards/redis.json - - - - ${dashboardPath}/redis.json" nvidiaDashboardRaw = pkgs.fetchurl {
# "L+ /var/lib/grafana/dashboards/docker-cadvisor.json - - - - ${dashboardPath}/docker-cadvisor.json" url = "https://grafana.com/api/dashboards/14574/revisions/9/download";
# "L+ /var/lib/grafana/dashboards/caddy.json - - - - ${dashboardPath}/caddy.json" sha256 = "170ijap5i99sapkxlf3k0lnvwmb6g9jkk7q66nwjwswkj2a7rqbr";
# ]; };
# Fix NVIDIA dashboard to use our Prometheus datasource
nvidiaDashboard = pkgs.runCommand "nvidia-gpu-fixed.json" {} ''
${pkgs.gnused}/bin/sed 's/\''${DS_PROMETHEUS}/Prometheus/g' ${nvidiaDashboardRaw} > $out
'';
postgresqlDashboardRaw = pkgs.fetchurl {
url = "https://grafana.com/api/dashboards/9628/revisions/7/download";
sha256 = "0xmk68kqb9b8aspjj2f8wxv2mxiqk9k3xs0yal4szmzbv65c6k66";
};
# Fix PostgreSQL dashboard to use our Prometheus datasource
postgresqlDashboard = pkgs.runCommand "postgresql-fixed.json" {} ''
${pkgs.gnused}/bin/sed 's/\''${DS_PROMETHEUS}/Prometheus/g' ${postgresqlDashboardRaw} > $out
'';
redisDashboard = pkgs.fetchurl {
url = "https://grafana.com/api/dashboards/11835/revisions/1/download";
sha256 = "15lbn4i8j5hiypl4dsg0d72jgrgjwpagkf5kcwx66gyps17jcrxx";
};
dockerDashboardRaw = pkgs.fetchurl {
url = "https://grafana.com/api/dashboards/193/revisions/1/download";
sha256 = "1lxbbl91fh0yfh8x53205b7nw5ivghlpfb0m308z2p6fzvz2iq2m";
};
# Fix Docker dashboard to use our Prometheus datasource
dockerDashboard = pkgs.runCommand "docker-cadvisor-fixed.json" {} ''
${pkgs.gnused}/bin/sed 's/\''${DS_PROMETHEUS}/Prometheus/g' ${dockerDashboardRaw} > $out
'';
caddyDashboardRaw = pkgs.fetchurl {
url = "https://grafana.com/api/dashboards/14280/revisions/1/download";
sha256 = "0j3q68cq1nj8gcxkqz5h1kn1ds5kgq4jlkw73xp6yc88mbm5nyh4";
};
# Fix Caddy dashboard to use our Prometheus datasource
caddyDashboard = pkgs.runCommand "caddy-fixed.json" {} ''
${pkgs.gnused}/bin/sed 's/\''${DS_PROMETHEUS}/Prometheus/g' ${caddyDashboardRaw} > $out
'';
piholeDashboardRaw = pkgs.fetchurl {
url = "https://grafana.com/api/dashboards/10176/revisions/3/download";
sha256 = "18f8w3l5k178agipfbimg29lkf2i32xynin1g1v5abiac3ahj7ih";
};
# Fix Pi-hole dashboard to use our Prometheus datasource
piholeDashboard = pkgs.runCommand "pihole-fixed.json" {} ''
${pkgs.gnused}/bin/sed 's/\''${DS_PROMETHEUS}/Prometheus/g' ${piholeDashboardRaw} > $out
'';
in [
"d /var/lib/grafana/dashboards 0755 grafana grafana -"
"L+ /var/lib/grafana/dashboards/node-exporter-full.json - - - - ${nodeExporterFull}"
"L+ /var/lib/grafana/dashboards/nvidia-gpu.json - - - - ${nvidiaDashboard}"
"L+ /var/lib/grafana/dashboards/postgresql.json - - - - ${postgresqlDashboard}"
"L+ /var/lib/grafana/dashboards/redis.json - - - - ${redisDashboard}"
"L+ /var/lib/grafana/dashboards/docker-cadvisor.json - - - - ${dockerDashboard}"
"L+ /var/lib/grafana/dashboards/caddy.json - - - - ${caddyDashboard}"
"L+ /var/lib/grafana/dashboards/pihole.json - - - - ${piholeDashboard}"
];
# Open firewall ports for Prometheus to scrape exporters # Open firewall ports for Prometheus to scrape exporters
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ # allowedTCPPorts = [
ports.node # ports.node
ports.systemd # ports.systemd
ports.process # ports.process
]; # ];
# Allow Prometheus and Grafana access from Tailscale network # Allow Prometheus and Grafana access from Tailscale network
interfaces."tailscale0".allowedTCPPorts = [ interfaces."tailscale0".allowedTCPPorts = [

121
nixos/tsuba/services/monitoring.nix
View File

@@ -1,4 +1,8 @@
{pkgs, ...}: let {
pkgs,
config,
...
}: let
# Port configurations # Port configurations
ports = { ports = {
# System exporters # System exporters
@@ -24,6 +28,7 @@
deluge = 9354; deluge = 9354;
}; };
in { in {
sops.secrets."pihole/password" = {};
services = { services = {
prometheus = { prometheus = {
exporters = { exporters = {
@@ -88,69 +93,83 @@ in {
# namespace: homeassistant # namespace: homeassistant
# Pi-hole exporter # Pi-hole exporter
# Uses sops-managed API token for authentication with Pi-hole v6
# To set the token: edit secrets/secrets.yaml and replace the placeholder at pihole.api_token
systemd.services.pihole-exporter = { systemd.services.pihole-exporter = {
description = "Pi-hole Prometheus Exporter"; description = "Pi-hole Prometheus Exporter";
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
after = ["network.target"]; after = ["network.target" "sops-nix.service"];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
DynamicUser = true; DynamicUser = true;
ExecStart = "${pkgs.prometheus-pihole-exporter}/bin/pihole_exporter -pihole_hostname localhost -pihole_port 8053 -port ${toString ports.pihole}"; # Load API token from sops secret file
LoadCredential = "ppassword:${config.sops.secrets."pihole/password".path}";
ExecStart = ''
${pkgs.bash}/bin/bash -c '${pkgs.prometheus-pihole-exporter}/bin/pihole-exporter \
-pihole_hostname pihole.darksailor.dev \
-pihole_port 8053 \
-port ${toString ports.pihole} \
-pihole_password $(cat ''${CREDENTIALS_DIRECTORY}/ppassword)'
'';
Restart = "on-failure"; Restart = "on-failure";
}; };
}; };
# Exportarr for Sonarr # Exportarr for Sonarr
systemd.services.exportarr-sonarr = { # Disabled: needs API key configuration
description = "Exportarr Prometheus Exporter for Sonarr"; # systemd.services.exportarr-sonarr = {
wantedBy = ["multi-user.target"]; # description = "Exportarr Prometheus Exporter for Sonarr";
after = ["network.target"]; # wantedBy = ["multi-user.target"];
serviceConfig = { # after = ["network.target"];
Type = "simple"; # serviceConfig = {
DynamicUser = true; # Type = "simple";
ExecStart = "${pkgs.exportarr}/bin/exportarr sonarr --port ${toString ports.sonarr} --url http://localhost:8989"; # DynamicUser = true;
Restart = "on-failure"; # ExecStart = "${pkgs.exportarr}/bin/exportarr sonarr --port ${toString ports.sonarr} --url http://localhost:8989";
}; # Restart = "on-failure";
}; # };
# };
# Exportarr for Radarr # Exportarr for Radarr
systemd.services.exportarr-radarr = { # Disabled: needs API key configuration
description = "Exportarr Prometheus Exporter for Radarr"; # systemd.services.exportarr-radarr = {
wantedBy = ["multi-user.target"]; # description = "Exportarr Prometheus Exporter for Radarr";
after = ["network.target"]; # wantedBy = ["multi-user.target"];
serviceConfig = { # after = ["network.target"];
Type = "simple"; # serviceConfig = {
DynamicUser = true; # Type = "simple";
ExecStart = "${pkgs.exportarr}/bin/exportarr radarr --port ${toString ports.radarr} --url http://localhost:7878"; # DynamicUser = true;
Restart = "on-failure"; # ExecStart = "${pkgs.exportarr}/bin/exportarr radarr --port ${toString ports.radarr} --url http://localhost:7878";
}; # Restart = "on-failure";
}; # };
# };
# Exportarr for Lidarr # Exportarr for Lidarr
systemd.services.exportarr-lidarr = { # Disabled: needs API key configuration
description = "Exportarr Prometheus Exporter for Lidarr"; # systemd.services.exportarr-lidarr = {
wantedBy = ["multi-user.target"]; # description = "Exportarr Prometheus Exporter for Lidarr";
after = ["network.target"]; # wantedBy = ["multi-user.target"];
serviceConfig = { # after = ["network.target"];
Type = "simple"; # serviceConfig = {
DynamicUser = true; # Type = "simple";
ExecStart = "${pkgs.exportarr}/bin/exportarr lidarr --port ${toString ports.lidarr} --url http://localhost:8686"; # DynamicUser = true;
Restart = "on-failure"; # ExecStart = "${pkgs.exportarr}/bin/exportarr lidarr --port ${toString ports.lidarr} --url http://localhost:8686";
}; # Restart = "on-failure";
}; # };
# };
# Exportarr for Bazarr # Exportarr for Bazarr
systemd.services.exportarr-bazarr = { # Disabled: needs API key configuration
description = "Exportarr Prometheus Exporter for Bazarr"; # systemd.services.exportarr-bazarr = {
wantedBy = ["multi-user.target"]; # description = "Exportarr Prometheus Exporter for Bazarr";
after = ["network.target"]; # wantedBy = ["multi-user.target"];
serviceConfig = { # after = ["network.target"];
Type = "simple"; # serviceConfig = {
DynamicUser = true; # Type = "simple";
ExecStart = "${pkgs.exportarr}/bin/exportarr bazarr --port ${toString ports.bazarr} --url http://localhost:6767"; # DynamicUser = true;
Restart = "on-failure"; # ExecStart = "${pkgs.exportarr}/bin/exportarr bazarr --port ${toString ports.bazarr} --url http://localhost:6767";
}; # Restart = "on-failure";
}; # };
# };
# Deluge exporter # Deluge exporter
systemd.services.deluge-exporter = { systemd.services.deluge-exporter = {
@@ -179,10 +198,10 @@ in {
ports.caddy ports.caddy
ports.jellyfin ports.jellyfin
ports.pihole ports.pihole
ports.sonarr # ports.sonarr # Disabled - needs API key
ports.radarr # ports.radarr # Disabled - needs API key
ports.lidarr # ports.lidarr # Disabled - needs API key
ports.bazarr # ports.bazarr # Disabled - needs API key
ports.deluge ports.deluge
]; ];
}; };