mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 23:00:39 +02:00
Code Activity

feat(monitoring): remove location, add nginx upstream monitoring option

Browse source
This commit is contained in:
oddlama 2024-07-15 17:36:04 +02:00
parent 2024c3bfd5
commit 18b2002c27
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
26 changed files with 352 additions and 218 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/envoy/net.nix
View file

@ -12,7 +12,6 @@ in {
globals.monitoring.ping.envoy = {
hostv4 = lib.net.cidr.ip icfg.hostCidrv4;
hostv6 = lib.net.cidr.ip icfg.hostCidrv6;
location = "external";
network = "internet";
};

3
hosts/sentinel/default.nix
View file

@ -55,5 +55,8 @@
bucket = "telegraf";
node = "sire-influxdb";
};
# This node shall monitor the infrastructure
availableMonitoringNetworks = ["internet"];
};
}

1
hosts/sentinel/net.nix
View file

@ -11,7 +11,6 @@ in {
globals.monitoring.ping.sentinel = {
hostv4 = lib.net.cidr.ip icfg.hostCidrv4;
hostv6 = lib.net.cidr.ip icfg.hostCidrv6;
location = "external";
network = "internet";
};

12
hosts/sire/guests/ai.nix
View file

@ -51,10 +51,10 @@ in {
};
globals.services.open-webui.domain = openWebuiDomain;
globals.monitoring.http.ollama-webui = {
url = "https://${openWebuiDomain}";
location = "home";
network = "internet";
globals.monitoring.http.ollama = {
url = config.services.open-webui.environment.OLLAMA_BASE_URL;
expectedBodyRegex = "Ollama is running";
network = "local-${config.node.name}";
};
nodes.sentinel = {
@ -65,6 +65,10 @@ in {
zone open-webui 64k;
keepalive 2;
'';
monitoring = {
enable = true;
expectedBodyRegex = "Open WebUI";
};
};
virtualHosts.${openWebuiDomain} = {
forceSSL = true;

10
hosts/sire/guests/grafana.nix
View file

@ -80,7 +80,7 @@ in {
globals.services.grafana.domain = grafanaDomain;
globals.monitoring.http.grafana = {
url = "https://${grafanaDomain}";
location = "home";
expectedBodyRegex = "Grafana";
network = "internet";
};
@ -96,6 +96,10 @@ in {
zone grafana 64k;
keepalive 2;
'';
monitoring = {
enable = true;
expectedBodyRegex = "Grafana";
};
};
virtualHosts.${grafanaDomain} = {
forceSSL = true;
@ -116,6 +120,10 @@ in {
zone grafana 64k;
keepalive 2;
'';
monitoring = {
enable = true;
expectedBodyRegex = "Grafana";
};
};
virtualHosts.${grafanaDomain} = {
forceSSL = true;

10
hosts/sire/guests/immich.nix
View file

@ -193,7 +193,7 @@ in {
globals.services.immich.domain = immichDomain;
globals.monitoring.http.immich = {
url = "https://${immichDomain}";
location = "home";
expectedBodyRegex = "immutable.entry.app";
network = "internet";
};
@ -205,6 +205,10 @@ in {
zone immich 64k;
keepalive 2;
'';
monitoring = {
enable = true;
expectedBodyRegex = "immutable.entry.app";
};
};
virtualHosts.${immichDomain} = {
forceSSL = true;
@ -228,6 +232,10 @@ in {
zone immich 64k;
keepalive 2;
'';
monitoring = {
enable = true;
expectedBodyRegex = "immutable.entry.app";
};
};
virtualHosts.${immichDomain} = {
forceSSL = true;

18
hosts/sire/guests/influxdb.nix
View file

@ -1,6 +1,5 @@
{
config,
globals,
lib,
nodes,
pkgs,
@ -28,10 +27,6 @@ in {
};
meta.telegraf.secrets."@GITHUB_ACCESS_TOKEN@" = config.age.secrets.github-access-token.path;
meta.telegraf.globalMonitoring = {
enable = true;
availableNetworks = ["internet" "home-wan" "home-lan"];
};
services.telegraf.extraConfig.outputs.influxdb_v2.urls = lib.mkForce ["http://localhost:${toString influxdbPort}"];
services.telegraf.extraConfig.inputs = {
@ -49,11 +44,6 @@ in {
};
globals.services.influxdb.domain = influxdbDomain;
globals.monitoring.http.influxdb = {
url = "https://${influxdbDomain}";
location = "home";
network = "internet";
};
nodes.sentinel = {
services.nginx = {
@ -63,6 +53,10 @@ in {
zone influxdb 64k;
keepalive 2;
'';
monitoring = {
enable = true;
expectedBodyRegex = "InfluxDB";
};
};
virtualHosts.${influxdbDomain} = let
accessRules = ''
@ -97,6 +91,10 @@ in {
zone influxdb 64k;
keepalive 2;
'';
monitoring = {
enable = true;
expectedBodyRegex = "InfluxDB";
};
};
virtualHosts.${influxdbDomain} = let
accessRules = ''

15
hosts/sire/guests/loki.nix
View file

@ -18,11 +18,6 @@ in {
};
globals.services.loki.domain = lokiDomain;
globals.monitoring.http.loki = {
url = "https://${lokiDomain}";
location = "home";
network = "internet";
};
nodes.sentinel = {
age.secrets.loki-basic-auth-hashes = {
@ -38,6 +33,11 @@ in {
zone loki 64k;
keepalive 2;
'';
monitoring = {
enable = true;
path = "/ready";
expectedBodyRegex = "^ready";
};
};
virtualHosts.${lokiDomain} = {
forceSSL = true;
@ -80,6 +80,11 @@ in {
zone loki 64k;
keepalive 2;
'';
monitoring = {
enable = true;
path = "/ready";
expectedBodyRegex = "^ready";
};
};
virtualHosts.${lokiDomain} = {
forceSSL = true;

10
hosts/sire/guests/minecraft.nix
View file

@ -364,7 +364,11 @@ in {
globals.monitoring.tcp.minecraft = {
host = minecraftDomain;
port = 25565;
location = "home";
network = "internet";
};
globals.monitoring.http.minecraft-map = {
url = "https://${minecraftDomain}";
expectedBodyRegex = "Minecraft Dynamic Map";
network = "internet";
};
@ -400,6 +404,10 @@ in {
zone minecraft 64k;
keepalive 2;
'';
monitoring = {
enable = true;
expectedBodyRegex = "Minecraft Dynamic Map";
};
};
virtualHosts.${minecraftDomain} = {
forceSSL = true;

10
hosts/sire/guests/paperless.nix
View file

@ -27,7 +27,7 @@ in {
globals.services.paperless.domain = paperlessDomain;
globals.monitoring.http.paperless = {
url = "https://${paperlessDomain}";
location = "home";
expectedBodyRegex = "Paperless-ngx";
network = "internet";
};
@ -39,6 +39,10 @@ in {
zone paperless 64k;
keepalive 2;
'';
# direct upstream monitoring doesn't work because
# paperless allowed hosts fails for ip-based queries.
# But that's fine, we just monitor it via the domain above anyway.
#monitoring.enable = true;
};
virtualHosts.${paperlessDomain} = {
forceSSL = true;
@ -63,6 +67,10 @@ in {
zone paperless 64k;
keepalive 2;
'';
monitoring = {
enable = true;
expectedBodyRegex = "Paperless-ngx";
};
};
virtualHosts.${paperlessDomain} = {
forceSSL = true;

1
hosts/sire/guests/samba.nix
View file

@ -136,7 +136,6 @@ in {
globals.monitoring.tcp.samba = {
host = globals.net.home-lan.hosts.sire-samba.ipv4;
port = 445;
location = "home";
network = "home-lan";
};

1
hosts/sire/net.nix
View file

@ -9,7 +9,6 @@
globals.monitoring.ping.sire = {
hostv4 = lib.net.cidr.ip globals.net.home-lan.hosts.sire.cidrv4;
hostv6 = lib.net.cidr.ip globals.net.home-lan.hosts.sire.cidrv6;
location = "home";
network = "home-lan";
};

10
hosts/ward/guests/adguardhome.nix
View file

@ -16,14 +16,8 @@ in {
globals.monitoring.dns.adguardhome = {
server = globals.net.home-lan.hosts.ward-adguardhome.ipv4;
domain = ".";
location = "home";
network = "home-lan";
};
globals.monitoring.http.adguardhome = {
url = "https://${adguardhomeDomain}";
location = "home";
network = "internet";
};
nodes.sentinel = {
services.nginx = {
@ -33,6 +27,10 @@ in {
zone adguardhome 64k;
keepalive 2;
'';
monitoring = {
enable = true;
expectedBodyRegex = "AdGuard Home";
};
};
virtualHosts.${adguardhomeDomain} = {
forceSSL = true;

9
hosts/ward/guests/forgejo.nix
View file

@ -24,8 +24,8 @@ in {
globals.services.forgejo.domain = forgejoDomain;
globals.monitoring.http.forgejo = {
url = "https://${forgejoDomain}";
location = "home";
url = "https://${forgejoDomain}/user/login";
expectedBodyRegex = "Redlew Git";
network = "internet";
};
@ -57,6 +57,11 @@ in {
zone forgejo 64k;
keepalive 2;
'';
monitoring = {
enable = true;
path = "/user/login";
expectedBodyRegex = "Redlew Git";
};
};
virtualHosts.${forgejoDomain} = {
forceSSL = true;

12
hosts/ward/guests/kanidm.nix
View file

@ -41,9 +41,10 @@ in {
globals.services.kanidm.domain = kanidmDomain;
globals.monitoring.http.kanidm = {
url = "https://${kanidmDomain}";
location = "home";
url = "https://${kanidmDomain}/status";
network = "internet";
expectedBodyRegex = "true";
skipTlsVerification = true;
};
nodes.sentinel = {
@ -54,6 +55,13 @@ in {
zone kanidm 64k;
keepalive 2;
'';
monitoring = {
enable = true;
path = "/status";
expectedBodyRegex = "true";
skipTlsVerification = true;
useHttps = true;
};
};
virtualHosts.${kanidmDomain} = {
forceSSL = true;

11
hosts/ward/guests/netbird.nix
View file

@ -79,8 +79,9 @@ in {
globals.services.netbird.domain = netbirdDomain;
globals.monitoring.http.netbird = {
url = "https://${netbirdDomain}";
location = "home";
url = "https://${netbirdDomain}/api/users";
expectedStatus = 401;
expectedBodyRegex = "no valid authentication";
network = "internet";
};
@ -92,6 +93,12 @@ in {
zone netbird 64k;
keepalive 5;
'';
monitoring = {
enable = true;
path = "/api/users";
expectedStatus = 401;
expectedBodyRegex = "no valid authentication";
};
};
upstreams.netbird-signal = {

6
hosts/ward/guests/radicale.nix
View file

@ -9,7 +9,7 @@ in {
globals.services.radicale.domain = radicaleDomain;
globals.monitoring.http.radicale = {
url = "https://${radicaleDomain}";
location = "home";
expectedBodyRegex = "Radicale Web Interface";
network = "internet";
};
@ -21,6 +21,10 @@ in {
zone radicale 64k;
keepalive 2;
'';
monitoring = {
enable = true;
expectedBodyRegex = "Radicale Web Interface";
};
};
virtualHosts.${radicaleDomain} = {
forceSSL = true;

7
hosts/ward/guests/vaultwarden.nix
View file

@ -28,8 +28,7 @@ in {
globals.services.vaultwarden.domain = vaultwardenDomain;
globals.monitoring.http.vaultwarden = {
url = "https://${vaultwardenDomain}";
expectedBodyRegex = "Vaultwarden";
location = "home";
expectedBodyRegex = "Vaultwarden Web";
network = "internet";
};
@ -41,6 +40,10 @@ in {
zone vaultwarden 64k;
keepalive 2;
'';
monitoring = {
enable = true;
expectedBodyRegex = "Vaultwarden Web";
};
};
virtualHosts.${vaultwardenDomain} = {
forceSSL = true;

3
hosts/ward/guests/web-proxy.nix
View file

@ -11,6 +11,9 @@ in {
firewallRuleForAll.allowedTCPPorts = [80 443];
};
# This node shall monitor the infrastructure
meta.telegraf.availableMonitoringNetworks = ["internet" "home-wan" "home-lan"];
age.secrets.acme-cloudflare-dns-token = {
rekeyFile = config.node.secretsDir + "/acme-cloudflare-dns-token.age";
mode = "440";

1
hosts/ward/net.nix
View file

@ -9,7 +9,6 @@
globals.monitoring.ping.ward = {
hostv4 = lib.net.cidr.ip globals.net.home-lan.hosts.ward.cidrv4;
hostv6 = lib.net.cidr.ip globals.net.home-lan.hosts.ward.cidrv6;
location = "home";
network = "home-lan";
};

1
hosts/zackbiene/net.nix
View file

@ -12,7 +12,6 @@ in {
globals.monitoring.ping.zackbiene = {
hostv4 = "zackbiene.local";
hostv6 = "zackbiene.local";
location = "home";
network = "home-lan";
};