diff --git a/.sops.yaml b/.sops.yaml index f004654..383d07e 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,6 +9,7 @@ keys: - &server_inc1 age1g5luz2rtel3surgzuh62rkvtey7lythrvfenyq954vmeyfpxjqkqdj3wt8 - &server_http-proxy age1gq8434ku0xekqmvnseeunv83e779cg03c06gwrusnymdsr3rpufqx6vr3m - &server_ca age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk + - &server_monitoring01 age1vpns76ykll8jgdlu3h05cur4ew2t3k7u03kxdg8y6ypfhsfhq9fqyurjey creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini) key_groups: @@ -23,6 +24,7 @@ creation_rules: - *server_inc1 - *server_http-proxy - *server_ca + - *server_monitoring01 - path_regex: secrets/ns3/[^/]+\.(yaml|json|env|ini) key_groups: - age: @@ -33,6 +35,11 @@ creation_rules: - age: - *admin_torjus - *server_ca + - path_regex: secrets/monitoring01/[^/]+\.(yaml|json|env|ini) + key_groups: + - age: + - *admin_torjus + - *server_monitoring01 - path_regex: secrets/ca/keys/.+ key_groups: - age: diff --git a/flake.nix b/flake.nix index b26f2b8..545ae52 100644 --- a/flake.nix +++ b/flake.nix @@ -215,6 +215,22 @@ sops-nix.nixosModules.sops ]; }; + monitoring01 = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { + inherit inputs self sops-nix; + }; + modules = [ + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ overlay-unstable ]; + } + ) + ./hosts/monitoring01 + sops-nix.nixosModules.sops + ]; + }; }; }; } diff --git a/hosts/monitoring01/configuration.nix b/hosts/monitoring01/configuration.nix new file mode 100644 index 0000000..720d5fe --- /dev/null +++ b/hosts/monitoring01/configuration.nix @@ -0,0 +1,62 @@ +{ + pkgs, + ... +}: + +{ + imports = [ + ../template/hardware-configuration.nix + + ../../system + ]; + + nixpkgs.config.allowUnfree = true; + # Use the systemd-boot EFI boot loader. + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + configurationLimit = 3; + }; + + networking.hostName = "monitoring01"; + networking.domain = "home.2rjus.net"; + networking.useNetworkd = true; + networking.useDHCP = false; + services.resolved.enable = true; + networking.nameservers = [ + "10.69.13.5" + "10.69.13.6" + ]; + + systemd.network.enable = true; + systemd.network.networks."ens18" = { + matchConfig.Name = "ens18"; + address = [ + "10.69.13.13/24" + ]; + routes = [ + { routeConfig.Gateway = "10.69.13.1"; } + ]; + linkConfig.RequiredForOnline = "routable"; + }; + time.timeZone = "Europe/Oslo"; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + nix.settings.tarball-ttl = 0; + environment.systemPackages = with pkgs; [ + vim + wget + git + ]; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/hosts/monitoring01/default.nix b/hosts/monitoring01/default.nix new file mode 100644 index 0000000..dc5ef1f --- /dev/null +++ b/hosts/monitoring01/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ + ./configuration.nix + ../../services/monitoring + ]; +} diff --git a/services/monitoring/default.nix b/services/monitoring/default.nix new file mode 100644 index 0000000..370dba5 --- /dev/null +++ b/services/monitoring/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ + ./loki.nix + ./grafana.nix + ]; +} diff --git a/services/monitoring/grafana.nix b/services/monitoring/grafana.nix new file mode 100644 index 0000000..f72f344 --- /dev/null +++ b/services/monitoring/grafana.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: +{ + services.grafana = { + enable = true; + settings = { + server = { + http_addr = ""; + }; + }; + }; +} diff --git a/services/monitoring/loki.nix b/services/monitoring/loki.nix new file mode 100644 index 0000000..bf37f87 --- /dev/null +++ b/services/monitoring/loki.nix @@ -0,0 +1,42 @@ +{ ... }: +{ + services.loki = { + enable = true; + configuration = { + auth_enabled = false; + + server = { + http_listen_port = 3100; + }; + common = { + ring = { + instance_addr = "127.0.0.1"; + kvstore = { + store = "inmemory"; + }; + }; + replication_factor = 1; + path_prefix = "/var/lib/loki"; + }; + schema_config = { + configs = [ + { + from = "2024-01-01"; + store = "tsdb"; + object_store = "filesystem"; + schema = "v13"; + index = { + prefix = "loki_index_"; + period = "24h"; + }; + } + ]; + }; + storage_config = { + filesystem = { + directory = "/var/lib/loki/chunks"; + }; + }; + }; + }; +} diff --git a/services/monitoring/prometheus.nix b/services/monitoring/prometheus.nix new file mode 100644 index 0000000..5c0d6a5 --- /dev/null +++ b/services/monitoring/prometheus.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + services.prometheus = { + enable = true; + }; +} diff --git a/services/ns/zones-home-2rjus-net.conf b/services/ns/zones-home-2rjus-net.conf index effa67b..a571fb2 100644 --- a/services/ns/zones-home-2rjus-net.conf +++ b/services/ns/zones-home-2rjus-net.conf @@ -1,7 +1,7 @@ $ORIGIN home.2rjus.net. $TTL 1800 @ IN SOA ns1.home.2rjus.net. admin.test.2rjus.net. ( - 2041 ; serial number + 2042 ; serial number 3600 ; refresh 900 ; retry 1209600 ; expire @@ -62,6 +62,7 @@ sonarr IN CNAME http-proxy ha IN CNAME http-proxy z2m IN CNAME http-proxy ca IN A 10.69.13.12 +monitoring01 IN A 10.69.13.13 ; 22_WLAN unifi-ctrl IN A 10.69.22.5