{ lib, config, pkgs, ... }: let cfg = config.services.vm_grafana; in { options.services.vm_grafana = { enable = lib.mkEnableOption "Enable minimal config"; vm_ip = lib.mkOption { type = lib.types.str; description = "The VM IP address"; }; proxy_ip = lib.mkOption { type = lib.types.str; description = "The Nginx proxy IP address"; }; pgsql_ip = lib.mkOption { type = lib.types.str; description = "The PostgreSQL host IP address"; }; }; config = lib.mkIf cfg.enable { age.secrets ={ grafana-db = { file = ./secrets/grafana-db.age; owner = "grafana"; }; grafana-oauth_secret = { file = ./secrets/grafana-oauth_secret.age; owner = "grafana"; }; kuma-token.file = ./secrets/kuma-token.age; }; services.rsyslogd = { enable = true; extraConfig = '' ruleset(name="remote"){ action(type="omfwd" Target="localhost" Port="1514" Protocol="tcp" Template="RSYSLOG_SyslogProtocol23Format" TCP_Framing="octet-counted") } module(load="imudp") input(type="imudp" port="514" ruleset="remote") module(load="imtcp") input(type="imtcp" port="514" ruleset="remote") ''; }; services.influxdb2 = { enable = true; }; services.grafana = { enable = true; settings = { server = { protocol = "http"; http_addr = "${cfg.vm_ip}"; http_port = 3000; domain = "logs.le43.eu"; root_url = "https://logs.le43.eu"; serve_from_sub_path = false; }; database = { type = "postgres"; host = "${cfg.pgsql_ip}:5432"; name = "grafana"; user = "grafana"; password = "\$__file{${config.age.secrets.grafana-db.path}}"; }; "auth.generic_oauth" = { enabled = "true"; name = "authentik"; allow_sign_up = "true"; client_id = "9HV82G8F92Jcbw4nP8eppMcPpLcAw5uYpejfReLy"; client_secret = "\$__file{${config.age.secrets.grafana-oauth_secret.path}}"; scopes = "openid email profile"; auth_url = "https://authentik.le43.eu/application/o/authorize/"; token_url = "https://authentik.le43.eu/application/o/token/"; api_url = "https://authentik.le43.eu/application/o/userinfo/"; role_attribute_path = "contains(groups, 'admin') && 'Admin' || contains(groups, 'admin') && 'Editor' || 'Viewer';role_attribute_strict = false"; allow_assign_grafana_admin = "true"; }; }; }; services.prometheus = { enable = true; port = 9001; scrapeConfigs = [ { job_name = "kuma"; scrape_interval = "30s"; scheme = "http"; static_configs = [{ targets = [ "192.168.1.90:3001" ]; }]; basic_auth.username = "tbarnouin"; basic_auth.password_file = config.age.secrets.kuma-token.path; } { job_name = "grafana"; static_configs = [{ targets = [ "127.0.0.1:9002" ]; }]; } { job_name = "openmediavault_cadvisor"; static_configs = [{ targets = [ "192.168.1.125:8080" ]; }]; } { job_name = "opportunity"; static_configs = [{ targets = [ "192.168.1.125:9100" ]; }]; } { job_name = "nginx"; static_configs = [{ targets = [ "${cfg.proxy_ip}:9002" ]; }]; } { job_name = "redis"; static_configs = [{ targets = [ "192.168.1.16:9002" ]; }]; } { job_name = "ingenuity"; static_configs = [{ targets = [ "192.168.1.90:9100" ]; }]; } { job_name = "gitea"; static_configs = [{ targets = [ "192.168.1.14:9100" ]; }]; } { job_name = "postgresql"; static_configs = [{ targets = [ "192.168.1.13:9100" ]; }]; } { job_name = "nextcloud"; static_configs = [{ targets = [ "192.168.1.44:9100" ]; }]; } { job_name = "deluge"; static_configs = [{ targets = [ "192.168.1.18:9100" ]; }]; } { job_name = "netbox"; static_configs = [{ targets = [ "192.168.1.45:9100" ]; }]; } { job_name = "jellyfin"; static_configs = [{ targets = [ "192.168.1.42:9100" ]; }]; } { job_name = "authentik-ldap"; static_configs = [{ targets = [ "192.168.1.41:9100" ]; }]; } { job_name = "authentik"; static_configs = [{ targets = [ "192.168.1.25:9002" ]; }]; } ]; }; services.loki = { enable = true; configuration = { server.http_listen_port = 3100; server.grpc_listen_port = 9096; auth_enabled = false; ingester = { lifecycler = { address = "127.0.0.1"; ring = { kvstore = { store = "inmemory"; }; replication_factor = 1; }; }; chunk_idle_period = "1h"; max_chunk_age = "1h"; chunk_target_size = 999999; chunk_retain_period = "30s"; }; schema_config = { configs = [{ from = "2022-06-06"; store = "boltdb-shipper"; object_store = "filesystem"; schema = "v13"; index = { prefix = "index_"; period = "24h"; }; }]; }; storage_config = { boltdb_shipper = { active_index_directory = "/var/lib/loki/boltdb-shipper-active"; cache_location = "/var/lib/loki/boltdb-shipper-cache"; cache_ttl = "24h"; }; filesystem = { directory = "/var/lib/loki/chunks"; }; }; limits_config = { reject_old_samples = true; reject_old_samples_max_age = "168h"; allow_structured_metadata = false; }; table_manager = { retention_deletes_enabled = false; retention_period = "0s"; }; compactor = { working_directory = "/var/lib/loki"; compactor_ring = { kvstore = { store = "inmemory"; }; }; }; }; }; services.promtail = { enable = true; configuration = { server = { http_listen_port = 3101; grpc_listen_port = 9095; }; positions = { filename = "/tmp/positions.yaml"; }; clients = [{ url = "http://127.0.0.1:3100/loki/api/v1/push"; }]; scrape_configs = [ { job_name = "syslog"; syslog = { listen_address = "0.0.0.0:1514"; listen_protocol = "tcp"; idle_timeout = "60s"; labels = { job = "syslog"; }; }; relabel_configs = [ { source_labels = [ "__syslog_message_hostname" ]; target_label = "host"; } { source_labels = [ "__syslog_message_hostname" ]; target_label = "hostname"; } { source_labels = [ "__syslog_message_severity" ]; target_label = "level"; } { source_labels = [ "__syslog_message_app_name" ]; target_label = "application"; } { source_labels = [ "__syslog_message_facility" ]; target_label = "facility"; } { source_labels = [ "__syslog_connection_hostname" ]; target_label = "connection_hostname"; } ]; } ]; }; }; # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ 3000 3100 3101 8086 9001 1514 514 ]; networking.firewall.allowedUDPPorts = [ 514 ]; }; }