servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(monitoring): add Grafana and Prometheus service configurations

Browse Source
This commit is contained in:
uttarayan21
2025-10-24 13:49:43 +05:30
parent 41d2200b2e
commit bda071e9f8
4 changed files with 289 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.rules
View File

@@ -2,10 +2,8 @@
You are a sysadmin that manages server configurations and deployments in nixos/nix-darwin and the nix language. You are a sysadmin that manages server configurations and deployments in nixos/nix-darwin and the nix language.
# Instructions # Instructions
1. Do not create new markdown files in this repository. 1. DO NOT under any circumstance create any new markdown files in this repository.
2. Do not add any helper scripts or shell scripts. 2. DO NOT add any helper scripts or shell scripts.
3. Do not add any example / snippets or sample code. 3. DO NOT add any example / snippets or sample code.
4. All configurations must be done using nix expressions if possible. 4. All configurations must be done using nix expressions if possible.
5. When adding any new file ensure it follows the existing naming conventions and directory structure. 5. When adding any new file ensure it follows the existing naming conventions and directory structure.

21
home/services/gtk.nix
View File

@@ -4,18 +4,19 @@
device, device,
... ...
}: { }: {
stylix.targets.gtk.enable = false;
gtk = { gtk = {
enable = device.is "ryu"; enable = device.is "ryu";
# theme = { theme = {
# name = "catppuccin-mocha-mauve-standard+normal"; name = "catppuccin-mocha-mauve-standard+normal";
# package = pkgs.catppuccinThemes.gtk; package = pkgs.catppuccinThemes.gtk;
# # package = pkgs.catppuccin-gtk.override { # package = pkgs.catppuccin-gtk.override {
# # variant = "mocha"; # variant = "mocha";
# # size = "standard"; # size = "standard";
# # accents = ["mauve"]; # accents = ["mauve"];
# # tweaks = ["normal"]; # tweaks = ["normal"];
# # }; # };
# }; };
iconTheme = { iconTheme = {
name = "Papirus-Dark"; name = "Papirus-Dark";

3
nixos/mirai/services/default.nix
View File

@@ -8,9 +8,10 @@
./flaresolverr.nix ./flaresolverr.nix
./gitea.nix ./gitea.nix
./homepage.nix ./homepage.nix
./immich.nix # ./immich.nix
./llama.nix ./llama.nix
./lldap.nix ./lldap.nix
./monitoring.nix
./nextcloud.nix ./nextcloud.nix
./prowlarr.nix ./prowlarr.nix
./resolved.nix ./resolved.nix

273
nixos/mirai/services/monitoring.nix Normal file
View File

@@ -0,0 +1,273 @@
{
config,
pkgs,
...
}: {
sops.secrets = {
"grafana/adminPassword" = {
owner = "grafana";
group = "grafana";
};
oauth-client-secret-grafana-authelia = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
key = "authelia/oidc/grafana/client_secret";
restartUnits = [
"authelia-darksailor.service"
];
};
oauth-client-secret-grafana = {
owner = config.systemd.services.grafana.serviceConfig.User;
key = "authelia/oidc/grafana/client_secret";
restartUnits = [
"grafana"
];
};
};
services = {
prometheus = {
enable = true;
port = 9090;
listenAddress = "0.0.0.0";
scrapeConfigs = [
{
job_name = "tsuba-node";
static_configs = [
{
targets = ["tsuba:9100"];
}
];
scrape_interval = "15s";
scrape_timeout = "10s";
}
{
job_name = "tsuba-process";
static_configs = [
{
targets = ["tsuba:9256"];
}
];
scrape_interval = "15s";
scrape_timeout = "10s";
}
{
job_name = "ryu-node";
static_configs = [
{
targets = ["ryu:9100"];
}
];
scrape_interval = "15s";
scrape_timeout = "10s";
}
{
job_name = "ryu-process";
static_configs = [
{
targets = ["ryu:9256"];
}
];
scrape_interval = "15s";
scrape_timeout = "10s";
}
{
job_name = "mirai-node";
static_configs = [
{
targets = ["localhost:9100"];
}
];
scrape_interval = "15s";
scrape_timeout = "10s";
}
{
job_name = "mirai-process";
static_configs = [
{
targets = ["localhost:9256"];
}
];
scrape_interval = "15s";
scrape_timeout = "10s";
}
];
retentionTime = "30d";
globalConfig = {
scrape_interval = "15s";
evaluation_interval = "15s";
};
};
prometheus.exporters = {
node = {
enable = true;
enabledCollectors = [
"systemd"
"textfile"
"filesystem"
"loadavg"
"meminfo"
"netdev"
"stat"
"time"
"uname"
"vmstat"
];
port = 9100;
};
process = {
enable = true;
settings.process_names = [
{
name = "{{.Comm}}";
cmdline = [".*"];
}
];
};
};
grafana = {
enable = true;
settings = {
server = {
http_addr = "0.0.0.0";
http_port = 3333;
domain = "monitoring.darksailor.dev";
root_url = "https://monitoring.darksailor.dev";
};
security = {
admin_user = "admin";
admin_password = "$__file{${config.sops.secrets."grafana/adminPassword".path}}";
};
auth = {
disable_login_form = true;
};
"auth.basic" = {
enabled = false;
};
"auth.generic_oauth" = {
enabled = true;
name = "Authelia";
client_id = "grafana";
client_secret = "$__file{${config.sops.secrets.oauth-client-secret-grafana.path}}";
scopes = "openid profile email groups";
auth_url = "https://auth.darksailor.dev/api/oidc/authorization";
token_url = "https://auth.darksailor.dev/api/oidc/token";
api_url = "https://auth.darksailor.dev/api/oidc/userinfo";
login_attribute_path = "preferred_username";
groups_attribute_path = "groups";
name_attribute_path = "name";
use_pkce = true;
auto_login = true;
allow_sign_up = true;
# use_refresh_token = true;
# id_token_attribute_name = "id_token";
# role_attribute_path = "groups";
};
};
provision = {
enable = true;
datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://localhost:9090";
isDefault = true;
jsonData = {
timeInterval = "15s";
};
}
];
dashboards.settings = {
apiVersion = 1;
providers = [
{
name = "default";
type = "file";
options.path = "/var/lib/grafana/dashboards";
}
];
};
};
};
caddy.virtualHosts."monitoring.darksailor.dev".extraConfig = ''
reverse_proxy localhost:${builtins.toString config.services.grafana.settings.server.http_port}
'';
authelia = {
instances.darksailor = {
settings = {
identity_providers = {
oidc = {
claims_policies = {
grafana = {
id_token = [
"email"
"name"
"groups"
"preferred_username"
];
};
};
clients = [
{
client_name = "Grafana";
client_id = "grafana";
claims_policy = "grafana";
client_secret = ''{{ secret "${config.sops.secrets.oauth-client-secret-grafana-authelia.path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = true;
pkce_challenge_method = "S256";
redirect_uris = [
"https://monitoring.darksailor.dev/login/generic_oauth"
];
scopes = [
"openid"
"profile"
"email"
"groups"
];
response_types = ["code"];
grant_types = ["authorization_code"];
userinfo_signed_response_alg = "none";
access_token_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_basic";
}
];
};
};
};
};
};
};
# SOPS secrets for Grafana
# Create dashboard directory and copy dashboards
systemd.tmpfiles.rules = [
"d /var/lib/grafana/dashboards 0755 grafana grafana"
];
# Open firewall ports
networking.firewall = {
allowedTCPPorts = [
3000 # Grafana
9090 # Prometheus
9100 # Node exporter
9256 # Process exporter
];
# Allow Tailscale traffic for metrics scraping
trustedInterfaces = ["tailscale0"];
};
# Ensure Grafana service starts after PostgreSQL
# systemd.services.grafana.after = ["postgresql.service"];
# systemd.services.grafana.requires = ["postgresql.service"];
}