Commit 16d1248

HPCesia <me@hpcesia.com>
2025-10-07 09:34:07
refactor: migrate victoriametrics
1 parent 3f19d06
Changed files (6)
hosts
modules
hosts
chaser-pardofelis
services
hosts/chaser-pardofelis/monitoring/default.nix
@@ -1,5 +0,0 @@
-{...}: {
-  imports = [
-    ./victoriametrics.nix
-  ];
-}
hosts/chaser-pardofelis/monitoring/victoriametrics.nix
@@ -1,100 +0,0 @@
-{
-  lib,
-  config,
-  ...
-}:
-# let
-#   isSecret = v: lib.isAttrs v && v ? "secretName";
-#   hosts = config.modules.my-hosts;
-#   managedHosts = lib.filterAttrs (name: host: !builtins.isNull host.network.ipv4) hosts;
-# in
-lib.mkMerge [
-  {
-    services.victoriametrics = {
-      enable = true;
-      listenAddress = "127.0.0.1:9020";
-      checkConfig = false; # Disable it because env `CREDENTIALS_DIRECTORY` not loaded in check
-
-      extraOptions = [
-        # Allowed percent of system memory VictoriaMetrics caches may occupy.
-        "-memory.allowedPercent=30"
-      ];
-
-      prometheusConfig.scrape_configs = [
-        {
-          job_name = "node-exporter-local";
-          scrape_interval = "30s";
-          metrics_path = "/metrics";
-          static_configs = [
-            {
-              # All my NixOS hosts.
-              targets = ["127.0.0.1:${builtins.toString config.services.prometheus.exporters.node.port}"];
-              labels.type = "node";
-              labels.host = "pardofelis";
-            }
-          ];
-        }
-        {
-          job_name = "gotosocial-trinnon";
-          scrape_interval = "30s";
-          metrics_path = "/metrics";
-          scheme = "https";
-          basic_auth = {
-            username = config.services.gotosocial.settings.metrics-auth-username;
-            password_file = "%{CREDENTIALS_DIRECTORY}/GTS_AUTH_PASSWD";
-          };
-          static_configs = [
-            {
-              targets = ["trin.one"];
-              labels.type = "gotosocial";
-              labels.host = "pardofelis";
-            }
-          ];
-        }
-      ];
-    };
-
-    systemd.services.victoriametrics.serviceConfig = {
-      LoadCredential = "GTS_AUTH_PASSWD:${config.sops.secrets.gotosocial-metrics-password.path}";
-    };
-  }
-  # TODO: Complete below before I have another remote host running NixOS
-  # (
-  #   lib.concatMapAttrs
-  #   (host: cfg: let
-  #     templateName = "prometheus-node-exporter-${host}.json";
-  #     nodeExporterPort = builtins.toString config.services.prometheus.exporters.node.port;
-  #   in {
-  #     services.victoriametrics.prometheusConfig.scrape_configs = [
-  #       {
-  #         job_name = "node-exporter-${host}";
-  #         scrape_interval = "30s";
-  #         metrics_path = "/metrics";
-  #         static_configs = lib.mkIf (!isSecret cfg.network.ipv4) [
-  #           {
-  #             targets = ["${cfg.network.ipv4}:${nodeExporterPort}"];
-  #             labels.type = "node";
-  #             labels.host = host;
-  #           }
-  #         ];
-  #         file_sd_configs = lib.mkIf (isSecret cfg.network.ipv4) [
-  #           {files = config.sops.templates.${templateName}.path;}
-  #         ];
-  #       }
-  #     ];
-  #     sops.templates.${templateName} = lib.mkIf (isSecret cfg.network.ipv4) {
-  #       content = ''
-  #         [${builtins.toJSON {
-  #           targets = ["${config.sops.placeholder."${host}-ipv4"}:${nodeExporterPort}"];
-  #           labels.type = "node";
-  #           labels.host = host;
-  #         }}]
-  #       '';
-  #       user = "root";
-  #       group = "victoriametrics";
-  #       mode = "0440";
-  #     };
-  #   })
-  #   managedHosts
-  # )
-]
hosts/chaser-pardofelis/caddy.nix
@@ -18,7 +18,6 @@ in {
           # Assuming address start with `tcp://`.
           builtins.substring 6 (-1) config.services.authelia.instances.main.settings.server.address
         }";
-        prometheus = "http://${config.services.victoriametrics.listenAddress}";
       };
     in {
       "phanpy.trin.one".extraConfig = ''
@@ -38,10 +37,6 @@ in {
           }
         }
       '';
-      "prometheus.hpcesia.com".extraConfig = ''
-        encode zstd gzip
-        reverse_proxy ${localAddress.prometheus}
-      '';
     };
   };
 }
modules/hosts/chaser-pardofelis/default.nix
@@ -37,6 +37,7 @@
           "podman"
           "restic"
           "vaultwarden"
+          "victoriametrics"
         ]
       )
       ++ (map (lib.path.append config.flake.meta.rootPath) [
modules/services/victoriametrics/default.nix
@@ -0,0 +1,64 @@
+{lib, ...}: {
+  flake.modules.nixos."services/victoriametrics" = {config, ...}: {
+    services.victoriametrics = {
+      enable = true;
+      listenAddress = "127.0.0.1:9020";
+      checkConfig = false; # Disable it because env `CREDENTIALS_DIRECTORY` not loaded in check
+
+      extraOptions = [
+        # Allowed percent of system memory VictoriaMetrics caches may occupy.
+        "-memory.allowedPercent=30"
+      ];
+
+      prometheusConfig.scrape_configs =
+        [
+          {
+            job_name = "gotosocial-trinnon";
+            scrape_interval = "30s";
+            metrics_path = "/metrics";
+            scheme = "https";
+            basic_auth = {
+              username = "trinnon-metrics";
+              password_file = "%{CREDENTIALS_DIRECTORY}/GTS_AUTH_PASSWD";
+            };
+            static_configs = [
+              {
+                targets = ["trin.one"];
+                labels.type = "gotosocial";
+                labels.host = "pardofelis";
+              }
+            ];
+          }
+        ]
+        ++ (lib.optional config.services.prometheus.exporters.node.enable {
+          job_name = "node-exporter-local";
+          scrape_interval = "30s";
+          metrics_path = "/metrics";
+          static_configs = [
+            {
+              targets = ["127.0.0.1:${builtins.toString config.services.prometheus.exporters.node.port}"];
+              labels.type = "node";
+              labels.host = config.networking.hostName;
+            }
+          ];
+        });
+    };
+
+    systemd.services.victoriametrics.serviceConfig = {
+      LoadCredential = "GTS_AUTH_PASSWD:${config.vaultix.secrets.gotosocial-metrics-password.path}";
+    };
+
+    services.caddy.virtualHosts."prometheus.hpcesia.com".extraConfig =
+      lib.mkIf config.services.caddy.enable
+      (let
+        localAddress = "http://${config.services.victoriametrics.listenAddress}";
+      in ''
+        encode zstd gzip
+        reverse_proxy ${localAddress}
+      '');
+
+    # Use mkDefault because GtS defined this secret too.
+    # This secret file is a relative system link to GtS's secret file.
+    vaultix.secrets.gotosocial-metrics-password.file = lib.mkDefault ./gotosocial-metrics-password.age;
+  };
+}
modules/services/victoriametrics/metrics-password.age
@@ -0,0 +1,1 @@
+../gotosocial/metrics-password.age
\ No newline at end of file