diff options
Diffstat (limited to 'nixos/hosts/tente')
| -rw-r--r-- | nixos/hosts/tente/default.nix | 7 | ||||
| -rw-r--r-- | nixos/hosts/tente/matrix.nix | 39 | ||||
| -rw-r--r-- | nixos/hosts/tente/monitoring.nix | 287 |
3 files changed, 157 insertions, 176 deletions
diff --git a/nixos/hosts/tente/default.nix b/nixos/hosts/tente/default.nix index ac8f438..f03156b 100644 --- a/nixos/hosts/tente/default.nix +++ b/nixos/hosts/tente/default.nix @@ -9,8 +9,10 @@ let acmeEmail = "martin@push-f.com"; sources = import <top/npins>; helpers = import <top/helpers.nix> { inherit config lib pkgs; }; + pkgs-unstable = import sources.nixpkgs-unstable {}; in -{ +rec { + _module.args = { inherit pkgs-unstable; }; imports = [ ./hardware-configuration.nix <top/profiles/server> @@ -116,6 +118,7 @@ in monitoring.grafanaUiPort = 3000; monitoring.alloyUiPort = 3001; + monitoring.grafanaMatrixForwarderPort = 3002; monitoring.lokiPort = 3030; gotify.port = 4000; monitoring.prometheusNodeExporterPort = 9002; @@ -123,6 +126,8 @@ in headscale.port = 8080; matrix.port = 8008; + monitoring.matrixServerUrl = "http://localhost:${toString matrix.port}"; + # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; # boot.loader.grub.efiSupport = true; diff --git a/nixos/hosts/tente/matrix.nix b/nixos/hosts/tente/matrix.nix index 2eb8673..89782fc 100644 --- a/nixos/hosts/tente/matrix.nix +++ b/nixos/hosts/tente/matrix.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, pkgs-unstable, ... }: let cfg = config.matrix; @@ -19,32 +19,19 @@ in config = { services = { - matrix-synapse = { + matrix-conduit = { enable = true; + package = pkgs-unstable.matrix-conduit; settings = { - server_name = cfg.serverName; - listeners = [{ - # This listener matches the default of NixOS 24.11 (replicated here to make the port configurable). - bind_addresses = ["127.0.0.1"]; + global = { + server_name = cfg.serverName; port = cfg.port; - resources = [ - { - compress = true; - names = ["client"]; - } - { - compress = false; - names = ["federation"]; - } - ]; - tls = false; - type = "http"; - x_forwarded = true; - }]; + address = "127.0.0.1"; # this is the default of conduit but the nixos service defaults to ::1 + database_backend = "rocksdb"; + enable_lightning_bolt = false; + allow_registration = false; + }; }; - - # The default is INFO which can easily spam the systemd journal with 500k messages a day. - log.root.level = "WARNING"; }; nginx.virtualHosts.${cfg.apiDomain} = { @@ -54,14 +41,12 @@ in # TODO: add locations."/" with some message - # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash + # Forward all Matrix API calls to the Conduit Matrix homeserver. A trailing slash # *must not* be used here. locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}"; - # Forward requests for e.g. SSO and password-resets. - locations."/_synapse/client".proxyPass = "http://127.0.0.1:${toString cfg.port}"; }; - # I don't really care about these nginx access logs. Synapse has its own + # I don't really care about these nginx access logs. Conduit has its own # log anyway and with the default log rotation (weekly and delaycompress=true) # the access logs from last week took up ~800MB. logrotate.settings.matrix-nginx-access-log = diff --git a/nixos/hosts/tente/monitoring.nix b/nixos/hosts/tente/monitoring.nix index 545ae24..f6ed7cf 100644 --- a/nixos/hosts/tente/monitoring.nix +++ b/nixos/hosts/tente/monitoring.nix @@ -2,12 +2,16 @@ let cfg = config.monitoring; + helpers = import <top/helpers.nix> { inherit config lib pkgs; }; in { options.monitoring = { grafanaUiPort = lib.mkOption { type = lib.types.int; }; + grafanaMatrixForwarderPort = lib.mkOption { + type = lib.types.int; + }; lokiPort = lib.mkOption { type = lib.types.int; }; @@ -20,13 +24,19 @@ in prometheusSqlExporterPort = lib.mkOption { type = lib.types.int; }; + matrixServerUrl = lib.mkOption { + type = lib.types.str; + }; }; imports = [ <top/shared/prometheus-sql-exporter/service.nix> + <top/shared/grafana-matrix-forwarder/service.nix> ]; config = { + age.secrets.grafana-matrix-forwarder-env.file = <top/secrets/grafana-matrix-forwarder-env.age>; + services.grafana = { enable = true; settings = { @@ -53,6 +63,12 @@ in ]; }; }; + services.grafana-matrix-forwarder = { + enable = true; + port = cfg.grafanaMatrixForwarderPort; + homeserver = cfg.matrixServerUrl; + environmentFile = config.age.secrets.grafana-matrix-forwarder-env.path; + }; services.prometheus = { enable = true; @@ -166,159 +182,134 @@ in services.alloy = { enable = true; extraFlags = ["--server.http.listen-addr=0.0.0.0:${toString cfg.alloyUiPort}"]; - # TODO: submit PR to nixpkgs so that the alloy config can be specified as a JSON expression - configPath = pkgs.writeText "config.alloy" '' - loki.source.journal "journal" { - max_age = "12h0m0s" - relabel_rules = discovery.relabel.journal.rules - forward_to = [loki.process.journal.receiver] - labels = { - host = "tente", - job = "systemd-journal", - } - } - - loki.process "journal" { - forward_to = [loki.write.default.receiver] - - stage.match { - // Select messages from systemd services that have LogExtraFields=LOG_FORMAT=logfmt. - selector = "{__journal_LOG_FORMAT=\"logfmt\"}" - stage.logfmt { - mapping = { time = "", level = "" } - } - stage.timestamp { - source = "time" - format = "RFC3339" - } - stage.template { - // The slog package of the Go standard library prints levels as uppercase. - source = "level" - template = "{{ ToLower .Value }}" - } - stage.structured_metadata { - values = { level = "" } - } - } - } - - discovery.relabel "journal" { - targets = [] - - rule { - source_labels = ["__journal__systemd_unit"] - target_label = "unit" - } - } - - loki.source.file "nginx_access" { - targets = local.file_match.nginx_access.targets - forward_to = [loki.process.nginx_access.receiver] - } - - local.file_match "nginx_access" { - path_targets = [{ - __path__ = "/var/log/nginx/*.access.log", - }] - } - - loki.process "nginx_access" { - forward_to = [loki.write.default.receiver] - - stage.static_labels { - values = { - job = "nginx", - } - } - - // Extracting the log file name as vhost because it's more convenient - // to query for than the full filename. We could also use server_name - // but there could be wildcard server_names and Loki labels should have - // a low cardinality for performance reasons. - stage.regex { - source = "filename" - expression = "(?P<vhost>[^/]+)\\.access\\.log$" - } - - stage.labels { - values = { - vhost = "", - } - } - - stage.json { - expressions = { "msec" = "", path = "" } - } - - stage.timestamp { - source = "msec" - format = "Unix" - } - - // Setting level=info to prevent Loki's log level detection from wrongly - // detecting messages with paths containing "error" as errors. - // Creating the filetype entry via stage.template because there's no - // static_structured_metadata stage yet. (https://github.com/grafana/loki/issues/16703) - stage.template { - source = "level" - template = "info" - } - stage.structured_metadata { - values = { level = "" } - } - - stage.labels { - values = { - // Temporarily adding path as a label so that we can use it in the match selectors. - path = "", - } - } - - stage.match { - selector = "{path=~\"/\\\\.well-known/.*\"}" - // Creating the filetype entry via stage.template because there's no - // static_structured_metadata stage yet. (https://github.com/grafana/loki/issues/16703) - stage.template { - source = "filetype" - template = "well-known" - } - } + configPath = + let + ref = helpers.alloyConfigRef; + in + helpers.writeAlloyConfig { + "loki.source.journal".journal = { + max_age = "12h0m0s"; + relabel_rules = ref "discovery.relabel.journal.rules"; + forward_to = [(ref "loki.process.journal.receiver")]; + labels = { + host = "tente"; + job = "systemd-journal"; + }; + }; + "loki.process".journal = { + forward_to = [(ref "loki.write.default.receiver")]; + blocks = [ + { + name = "stage.match"; + # Select messages from systemd services that have LogExtraFields=LOG_FORMAT=logfmt. + selector = ''{__journal_LOG_FORMAT="logfmt"}''; + blocks = [ + { name = "stage.logfmt"; mapping = { time = ""; level = ""; }; } + { name = "stage.timestamp"; source = "time"; format = "RFC3339"; } + { + # The slog package of the Go standard library prints levels as uppercase. + name = "stage.template"; + source = "level"; + template = "{{ ToLower .Value }}"; + } + { name = "stage.structured_metadata"; values = { level = ""; }; } + ]; + } + ]; + }; + "discovery.relabel".journal = { + targets = []; + blocks = [ + { + name = "rule"; + source_labels = ["__journal__systemd_unit"]; + target_label = "unit"; + } + ]; + }; - stage.match { - selector = "{path=\"/robots.txt\"}" - stage.template { - source = "filetype" - template = "robots.txt" - } - } + "loki.source.file".nginx_access = { + targets = ref "local.file_match.nginx_access.targets"; + forward_to = [(ref "loki.process.nginx_access.receiver")]; + }; + "local.file_match".nginx_access = { + path_targets = [{ + __path__ = "/var/log/nginx/*.access.log"; + }]; + }; + "loki.process".nginx_access = { + forward_to = [(ref "loki.write.default.receiver")]; + blocks = [ + { name = "stage.static_labels"; values = { job = "nginx"; }; } - stage.match { - selector = "{path=~\".*\\\\.atom$\"}" - stage.template { - source = "filetype" - template = "feed" - } - } + { + # Extracting the log file name as vhost because it's more convenient + # to query for than the full filename. We could also use server_name + # but there could be wildcard server_names and Loki labels should have + # a low cardinality for performance reasons. + name = "stage.regex"; + source = "filename"; + expression = "(?P<vhost>[^/]+)\\.access\\.log$"; + } - stage.structured_metadata { - values = { - filetype = "", - } - } + { name = "stage.labels"; values = { vhost = ""; }; } + { name = "stage.json"; expressions = { msec = ""; path = ""; }; } + { name = "stage.timestamp"; source = "msec"; format = "Unix"; } + { + # Setting level=info to prevent Loki's log level detection from wrongly + # detecting messages with paths containing "error" as errors. + # Creating the filetype entry via stage.template because there's no + # static_structured_metadata stage yet. (https://github.com/grafana/loki/issues/16703) + name = "stage.template"; + source = "level"; + template = "info"; + } + { name = "stage.structured_metadata"; values = { level = ""; }; } - // Dropping path again because it has a too high cardinality for a label. - stage.label_drop { - values = [ "path" ] - } - } + # Temporarily adding path as a label so that we can use it in the match selectors. + { name = "stage.labels"; values = { path = ""; }; } + { + name = "stage.match"; + selector = "{path=~\"/\\\\.well-known/.*\"}"; + # Creating the filetype entry via stage.template because there's no + # static_structured_metadata stage yet. (https://github.com/grafana/loki/issues/16703) + blocks = [ + { name = "stage.template"; source = "filetype"; template = "well-known"; } + ]; + } + { + name = "stage.match"; + selector = "{path=\"/robots.txt\"}"; + blocks = [ + { name = "stage.template"; source = "filetype"; template = "robots.txt"; } + ]; + } + { + name = "stage.match"; + selector = "{path=~\".*\\\\.atom$\"}"; + blocks = [ + { name = "stage.template"; source = "filetype"; template = "feed"; } + ]; + } + { + name = "stage.structured_metadata"; + values = { filetype = ""; }; + } - loki.write "default" { - endpoint { - url = "http://127.0.0.1:${toString cfg.lokiPort}/loki/api/v1/push" - } - external_labels = {} - } - ''; + # Dropping path again because it has a too high cardinality for a label. + { name = "stage.label_drop"; values = ["path"]; } + ]; + }; + "loki.write".default = { + blocks = [ + { + name = "endpoint"; + url = "http://127.0.0.1:${toString cfg.lokiPort}/loki/api/v1/push"; + } + ]; + external_labels = {}; + }; + }; }; }; } |