feat: define global monitoring for each service and automatically configure telegraf based on it

2025-10-11 07:10:39 +02:00 · 2024-07-14 14:11:53 +02:00 · 2024-07-14 14:11:53 +02:00 · e35daee76d
commit e35daee76d
parent 79e1e782c4
23 changed files with 403 additions and 83 deletions
--- a/hosts/sire/guests/ai.nix
+++ b/hosts/sire/guests/ai.nix
@ -51,6 +51,12 @@ in {
  };

  globals.services.open-webui.domain = openWebuiDomain;
+  globals.monitoring.http.ollama-webui = {
+    url = "https://${openWebuiDomain}";
+    location = "home";
+    network = "internet";
+  };
+
  nodes.sentinel = {
    services.nginx = {
      upstreams.open-webui = {
--- a/hosts/sire/guests/grafana.nix
+++ b/hosts/sire/guests/grafana.nix
@ -78,6 +78,12 @@ in {
  };

  globals.services.grafana.domain = grafanaDomain;
+  globals.monitoring.http.grafana = {
+    url = "https://${grafanaDomain}";
+    location = "home";
+    network = "internet";
+  };
+
  nodes.sentinel = {
    age.secrets.loki-basic-auth-hashes.generator.dependencies = [
      config.age.secrets.grafana-loki-basic-auth-password
--- a/hosts/sire/guests/immich.nix
+++ b/hosts/sire/guests/immich.nix
@ -191,6 +191,12 @@ in {
  };

  globals.services.immich.domain = immichDomain;
+  globals.monitoring.http.immich = {
+    url = "https://${immichDomain}";
+    location = "home";
+    network = "internet";
+  };
+
  nodes.sentinel = {
    services.nginx = {
      upstreams.immich = {
--- a/hosts/sire/guests/influxdb.nix
+++ b/hosts/sire/guests/influxdb.nix
@ -28,58 +28,13 @@ in {
  };

  meta.telegraf.secrets."@GITHUB_ACCESS_TOKEN@" = config.age.secrets.github-access-token.path;
+  meta.telegraf.globalMonitoring = {
+    enable = true;
+    availableNetworks = ["internet" "home-wan" "home-lan"];
+  };
  services.telegraf.extraConfig.outputs.influxdb_v2.urls = lib.mkForce ["http://localhost:${toString influxdbPort}"];

-  globals.monitoring.ping.cloudflare-dns = {
-    host = "1.1.1.1";
-    location = "external";
-  };
-
-  globals.monitoring.ping.google-dns = {
-    host = "8.8.8.8";
-    location = "external";
-  };
-
  services.telegraf.extraConfig.inputs = {
-    ping = [
-      {
-        method = "native";
-        urls = [
-          globals.net.home-wan.hosts.fritzbox.ipv4
-          globals.net.home-lan.hosts.ward.ipv4
-        ];
-        tags.type = "internal";
-        fieldpass = [
-          "percent_packet_loss"
-          "average_response_ms"
-        ];
-      }
-      {
-        method = "native";
-        urls = [
-          "1.1.1.1"
-          "8.8.8.8"
-          config.repo.secrets.global.domains.me
-          config.repo.secrets.global.domains.personal
-        ];
-        tags.type = "external";
-        fieldpass = [
-          "percent_packet_loss"
-          "average_response_ms"
-        ];
-      }
-    ];
-
-    # FIXME: pls define this on the relevant hosts. Then we can ping it from multiple other hosts
-    #http_response = [
-    #  {
-    #    urls = [
-    #    ];
-    #    response_string_match = "Index of /";
-    #    response_status_code = 200;
-    #  }
-    #];
-
    github = {
      access_token = "@GITHUB_ACCESS_TOKEN@";
      repositories = [
@ -94,6 +49,12 @@ in {
  };

  globals.services.influxdb.domain = influxdbDomain;
+  globals.monitoring.http.influxdb = {
+    url = "https://${influxdbDomain}";
+    location = "home";
+    network = "internet";
+  };
+
  nodes.sentinel = {
    services.nginx = {
      upstreams.influxdb = {
--- a/hosts/sire/guests/loki.nix
+++ b/hosts/sire/guests/loki.nix
@ -18,6 +18,12 @@ in {
  };

  globals.services.loki.domain = lokiDomain;
+  globals.monitoring.http.loki = {
+    url = "https://${lokiDomain}";
+    location = "home";
+    network = "internet";
+  };
+
  nodes.sentinel = {
    age.secrets.loki-basic-auth-hashes = {
      generator.script = "basic-auth";
--- a/hosts/sire/guests/minecraft.nix
+++ b/hosts/sire/guests/minecraft.nix
@ -1,3 +1,4 @@
+# FIXME: todo: host the proxy on sentinel so the IPs are not lost in natting
 {
  config,
  pkgs,
@ -360,6 +361,13 @@ in {
  ];

  globals.services.minecraft.domain = minecraftDomain;
+  globals.monitoring.tcp.minecraft = {
+    host = minecraftDomain;
+    port = 25565;
+    location = "home";
+    network = "internet";
+  };
+
  nodes.sentinel = {
    # Rewrite destination addr with dnat on incoming connections
    # and masquerade responses to make them look like they originate from this host.
--- a/hosts/sire/guests/paperless.nix
+++ b/hosts/sire/guests/paperless.nix
@ -25,6 +25,12 @@ in {
  };

  globals.services.paperless.domain = paperlessDomain;
+  globals.monitoring.http.paperless = {
+    url = "https://${paperlessDomain}";
+    location = "home";
+    network = "internet";
+  };
+
  nodes.sentinel = {
    services.nginx = {
      upstreams.paperless = {
--- a/hosts/sire/guests/samba.nix
+++ b/hosts/sire/guests/samba.nix
@ -133,6 +133,13 @@ in {
    openFirewall = true;
  };

+  globals.monitoring.tcp.samba = {
+    host = globals.net.home-lan.hosts.sire-samba.ipv4;
+    port = 445;
+    location = "home";
+    network = "home-lan";
+  };
+
  services.samba = {
    enable = true;
    openFirewall = true;
--- a/hosts/sire/net.nix
+++ b/hosts/sire/net.nix
@ -1,10 +1,18 @@
 {
  config,
  globals,
+  lib,
  ...
 }: {
  networking.hostId = config.repo.secrets.local.networking.hostId;

+  globals.monitoring.ping.sire = {
+    hostv4 = lib.net.cidr.ip globals.net.home-lan.hosts.sire.cidrv4;
+    hostv6 = lib.net.cidr.ip globals.net.home-lan.hosts.sire.cidrv6;
+    location = "home";
+    network = "home-lan";
+  };
+
  boot.initrd.systemd.network = {
    enable = true;
    networks."10-lan" = {