magic_rb/dotfiles
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/dotfiles synced 2024-11-22 16:04:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enable InfluxDB provider and provision Grafana

Browse source 
Signed-off-by: Magic_RB <magic_rb@redalder.org>
This commit is contained in:
Magic_RB 2023-05-02 14:41:55 +02:00
parent 0804d717fc
commit 30ba25f277
No known key found for this signature in database
GPG key ID: 08D5287CC5DDCA0E
6 changed files with 171 additions and 104 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
flake.nix
View file

@ -192,13 +192,13 @@
p.random p.random
p.null p.null
(hpkgs.terraform.plugins.mkProvider { (hpkgs.terraform.plugins.mkProvider {
owner = "Janrupf"; owner = "MagicRB";
repo = "terraform-provider-influxdb-v2"; repo = "terraform-provider-influxdb-v2";
rev = "ce868cc190d41e459d40152d11220542a6af4eee"; rev = "4f10e465f9526b47d1ef97a8f2e109aa85a7d647";
version = "0.4.6"; version = "0.4.6";
hash = "sha256-NZgKkIvw2H+vP4qawDVyURcl56ze+3K2cqIolm2GM8E="; hash = "sha256-/IQoA1CwYIafHbHKSZq7pZKFxefgd09fm0lnBW3r11Q=";
vendorHash = "sha256-g7Njs7psHFFSWk44CiV+blLrzpnB+L9HgMTx3lLMA8Q="; vendorHash = "sha256-g7Njs7psHFFSWk44CiV+blLrzpnB+L9HgMTx3lLMA8Q=";
provider-source-address = "registry.terraform.io/Janrupf/influxdb-v2"; provider-source-address = "registry.terraform.io/MagicRB/influxdb-v2";
}) })
] ]
); );

244
nixos/systems/blowhole/monitoring.nix
View file

@ -19,68 +19,100 @@ in
output."envoy_grafana".value = tf "vault_consul_secret_backend_role.envoy-grafana"; output."envoy_grafana".value = tf "vault_consul_secret_backend_role.envoy-grafana";
output."envoy_blowhole".value = tf "vault_consul_secret_backend_role.envoy-blowhole"; output."envoy_blowhole".value = tf "vault_consul_secret_backend_role.envoy-blowhole";
# data."influxdb-v2_organization"."redalder" = { data."influxdb-v2_organization"."redalder" = {
# name = "redalder"; name = "redalder";
# }; };
# resource."influxdb-v2_bucket"."metrics_bucket" = { resource."influxdb-v2_bucket"."metrics_bucket" = {
# name = "metrics"; name = "metrics";
# description = "Metrics bucket"; description = "Metrics bucket";
# org_id = "\${data.influxdb-v2_organization.redalder.id}"; org_id = "\${data.influxdb-v2_organization.redalder.id}";
# retention_rules = { retention_rules = {
# every_seconds = 30 * 24 * 60 * 60; # days * h/d * m/h * s/m every_seconds = 30 * 24 * 60 * 60; # days * h/d * m/h * s/m
# }; };
# }; };
# resource."influxdb-v2_bucket"."logs_bucket" = { resource."influxdb-v2_bucket"."logs_bucket" = {
# org_id = "\${data.influxdb-v2_organization.redalder.id}"; org_id = "\${data.influxdb-v2_organization.redalder.id}";
# name = "logs"; name = "logs";
# description = "Logs bucket"; description = "Logs bucket";
# retention_rules = { retention_rules = {
# every_seconds = 30 * 24 * 60 * 60; # days * h/d * m/h * s/m every_seconds = 30 * 24 * 60 * 60; # days * h/d * m/h * s/m
# }; };
# }; };
# resource."influxdb-v2_authorization"."telegraf_authorization" = { resource."influxdb-v2_authorization"."telegraf_authorization" = {
# org_id = "\${data.influxdb-v2_organization.redalder.id}"; org_id = "\${data.influxdb-v2_organization.redalder.id}";
# description = "Token for telegraf ingestion"; description = "Token for telegraf ingestion";
# status = "active"; status = "active";
# permissions = [ permissions = [
# { {
# action = "write"; action = "write";
# resource = { resource = {
# id = "\${influxdb-v2_bucket.logs_bucket.id}"; id = "\${influxdb-v2_bucket.logs_bucket.id}";
# org_id = "\${data.influxdb-v2_organization.redalder.id}"; org_id = "\${data.influxdb-v2_organization.redalder.id}";
# type = "buckets"; type = "buckets";
# }; };
# } }
# { {
# action = "write"; action = "write";
# resource = { resource = {
# id = "\${influxdb-v2_bucket.metrics_bucket.id}"; id = "\${influxdb-v2_bucket.metrics_bucket.id}";
# org_id = "\${data.influxdb-v2_organization.redalder.id}"; org_id = "\${data.influxdb-v2_organization.redalder.id}";
# type = "buckets"; type = "buckets";
# }; };
# } }
# ]; ];
# }; };
# resource."vault_mount"."kvv2" = { resource."influxdb-v2_authorization"."grafana_authorization" = {
# path = "kvv2"; org_id = "\${data.influxdb-v2_organization.redalder.id}";
# type = "kv"; description = "Token for Grefana";
# options = { version = 2; }; status = "active";
# description = "KV Version 2 secret engine mount"; permissions = [
# }; {
action = "read";
resource = {
id = "\${influxdb-v2_bucket.logs_bucket.id}";
org_id = "\${data.influxdb-v2_organization.redalder.id}";
type = "buckets";
};
}
{
action = "read";
resource = {
id = "\${influxdb-v2_bucket.metrics_bucket.id}";
org_id = "\${data.influxdb-v2_organization.redalder.id}";
type = "buckets";
};
}
];
};
resource."vault_mount"."kv" = {
path = "kv";
type = "kv";
options = { version = 2; };
description = "KV Version 2 secret engine mount";
};
# resource."vault_kv_secret_v2"."telegraf_secret" = { resource."vault_kv_secret_v2"."telegraf_secret" = {
# mount = "\${vault_mount.kvv2.path}"; mount = "\${vault_mount.kv.path}";
# name = "homelab-1/blowhole/monitor/telegraf"; name = "homelab-1/blowhole/monitor/telegraf";
# options = { version = 2; }; options = { version = 2; };
# data_json = builtins.toJSON { data_json = builtins.toJSON {
# influxdb_token = "\${influxdb-v2_authorization.telegraf_authorization.token}"; influxdb_token = "\${influxdb-v2_authorization.telegraf_authorization.token}";
# }; };
# }; };
resource."vault_kv_secret_v2"."grafana_secret" = {
mount = "\${vault_mount.kv.path}";
name = "homelab-1/blowhole/monitor/grafana";
options = { version = 2; };
data_json = builtins.toJSON {
influxdb_token = "\${influxdb-v2_authorization.grafana_authorization.token}";
};
};
}; };
nixpkgs.overlays = singleton (_: _: nixpkgs.overlays = singleton (_: _:
@ -147,7 +179,7 @@ in
''; '';
destination = "/run/secrets/envoy-blowhole.token"; destination = "/run/secrets/envoy-blowhole.token";
command = pkgs.writeShellScript "envoy-blowhole-reload.sh" command = pkgs.writeShellScript "envoy-blowhole-reload.sh"
'' ''
sudo systemctl try-reload-or-restart hashicorp-envoy-telegraf sudo systemctl try-reload-or-restart hashicorp-envoy-telegraf
''; '';
} }
@ -156,6 +188,25 @@ in
INFLUXDB_TOKEN={{ with secret "kv/data/homelab-1/blowhole/monitor/telegraf" }}{{ .Data.data.influxdb_token }}{{ end }} INFLUXDB_TOKEN={{ with secret "kv/data/homelab-1/blowhole/monitor/telegraf" }}{{ .Data.data.influxdb_token }}{{ end }}
''; '';
destination = "/run/secrets/monitor/telegraf.env"; destination = "/run/secrets/monitor/telegraf.env";
command = pkgs.writeShellScript "monitor-telegraf-reload.sh"
''
sudo systemd-run -P --machine monitor /run/current-system/sw/bin/bash -l -c \
'systemctl try-reload-or-restart telegraf'
'';
}
{
source = pkgs.writeText "grafana-influx.token.vtmpl" ''
{{ with secret "kv/data/homelab-1/blowhole/monitor/grafana" }}
{{ .Data.data.influxdb_token }}
{{ end }}
'';
destination = "/run/secrets/monitor/grafana-influx.token";
perms = "0644";
command = pkgs.writeShellScript "monitor-telegraf-reload.sh"
''
sudo systemd-run -P --machine monitor /run/current-system/sw/bin/bash -l -c \
'systemctl try-reload-or-restart grafana'
'';
} }
]; ];
}; };
@ -188,7 +239,7 @@ in
}; };
adminBind = "127.0.0.1:19100"; adminBind = "127.0.0.1:19100";
hotRestart = true; hotRestart = false;
}; };
services.telegraf-magic = { services.telegraf-magic = {
@ -198,23 +249,23 @@ in
percpu = true; percpu = true;
totalcpu = true; totalcpu = true;
tags.host = "blowhole"; tags.host = "blowhole";
tags.bucket = "telegraf"; tags.bucket = "metrics";
}; };
inputs.mem = { inputs.mem = {
tags.host = "blowhole"; tags.host = "blowhole";
tags.bucket = "telegraf"; tags.bucket = "metrics";
}; };
inputs.nomad = { inputs.nomad = {
url = "http://${secret.network.ips.blowhole.ip}:4646"; url = "http://${secret.network.ips.blowhole.ip}:4646";
tags.host = "blowhole"; tags.host = "blowhole";
tags.bucket = "telegraf"; tags.bucket = "metrics";
}; };
inputs.zfs = { inputs.zfs = {
tags.host = "blowhole"; tags.host = "blowhole";
tags.bucket = "telegraf"; tags.bucket = "metrics";
}; };
# inputs.tail = [ # inputs.tail = [
@ -239,20 +290,18 @@ in
outputs.influxdb_v2 = [ outputs.influxdb_v2 = [
{ {
urls = [ "http://${secret.network.ips.blowhole.ip}:8086" ]; urls = [ "http://${secret.network.ips.blowhole.ip}:8086" ];
bucket = "telegraf"; bucket = "metrics";
# tagdrop = [ "bucket" ]; tagpass = {
# tagpass = { bucket = [ "metrics" ];
# bucket = "telegraf"; };
# }; }
{
urls = [ "http://${secret.network.ips.blowhole.ip}:8086" ];
bucket = "logs";
tagpass = {
bucket = [ "logs" ];
};
} }
# {
# urls = [ "http://${secret.network.ips.blowhole.ip}:8086" ];
# bucket = "logs";
# tagdrop = [ "bucket" ];
# tagpass = {
# bucket = "logs";
# };
# }
]; ];
}; };
}; };
@ -336,7 +385,7 @@ in
address = "10.64.99.2:19000"; address = "10.64.99.2:19000";
adminBind = "127.0.0.1:19100"; adminBind = "127.0.0.1:19100";
hotRestart = true; hotRestart = false;
}; };
services.postgresql = { services.postgresql = {
@ -382,7 +431,29 @@ in
name = "grafana"; name = "grafana";
user = "grafana"; user = "grafana";
}; };
paths.provisioning = {
datasources.datasources = [
{
name = "InfluxDB";
type = "influxdb";
access = "proxy";
orgId = 1;
uid = "influxdb";
url = "http://127.0.0.1:8086";
jsonData = {
version = "Flux";
organization = "redalder";
defaultBucket = "bucket";
};
secureJsonData = {
token = "$__file{/run/secrets/grafana-influx.token}";
};
}
];
};
}; };
enable = true; enable = true;
}; };
@ -404,7 +475,7 @@ in
address = "10.64.99.2:19001"; address = "10.64.99.2:19001";
adminBind = "127.0.0.1:19101"; adminBind = "127.0.0.1:19101";
hotRestart = true; hotRestart = false;
}; };
services.influxdb2 = { services.influxdb2 = {
@ -434,7 +505,7 @@ in
address = "10.64.99.2:19002"; address = "10.64.99.2:19002";
adminBind = "127.0.0.1:19102"; adminBind = "127.0.0.1:19102";
hotRestart = true; hotRestart = false;
}; };
services.telegraf-magic = { services.telegraf-magic = {
@ -450,29 +521,16 @@ in
unittype = "service"; unittype = "service";
tags = { tags = {
host = "blowhole#monitoring"; host = "blowhole#monitoring";
bucket = "metrics";
}; };
}; };
outputs.influxdb_v2 = [ outputs.influxdb_v2 = [
# {
# urls = [ "http://127.0.0.1:8086" ];
# token = "\${INFLUXDB_TOKEN}";
# organization = "redalder";
# bucket = "logs";
# tagdrop = [ "bucket" ];
# tagpass = {
# bucket = "logs";
# };
# }
{ {
urls = [ "http://127.0.0.1:8086" ]; urls = [ "http://127.0.0.1:8086" ];
token = "\${INFLUXDB_TOKEN}"; token = "\${INFLUXDB_TOKEN}";
organization = "redalder"; organization = "redalder";
bucket = "telegraf"; bucket_tag = "bucket";
tagdrop = [ "bucket" ];
# tagpass = {
# bucket = "telegraf";
# };
} }
]; ];
}; };

5
nixos/systems/blowhole/nomad.nix
View file

@ -82,6 +82,11 @@ in
enabled = true; enabled = true;
}; };
telemetry = {
publish_allocation_metrics = true;
publish_node_metrics = true;
};
client = { client = {
cni_path = "${pkgs.cni-plugins}/bin"; cni_path = "${pkgs.cni-plugins}/bin";

4
nixos/systems/blowhole/vault-agent.nix
View file

@ -7,8 +7,8 @@ in
let let
config = pkgs.writeText "hashicorp-vault-agent-tmpfiles.d" '' config = pkgs.writeText "hashicorp-vault-agent-tmpfiles.d" ''
d /run/secrets 0750 root root 0 d /run/secrets 0750 root root 0
x /run/secrets/monitor 0750 root root - x /run/secrets/monitor 0755 root root -
d /run/secrets/monitor 0750 root root 0 d /run/secrets/monitor 0755 root root 0
''; '';
in in
{ {

4
terranix/blowhole.nix
View file

@ -78,6 +78,10 @@ in
path "${vaultKvMount}/data/homelab-1/blowhole/monitor/telegraf" { path "${vaultKvMount}/data/homelab-1/blowhole/monitor/telegraf" {
capabilities = ["read"] capabilities = ["read"]
} }
path "${vaultKvMount}/data/homelab-1/blowhole/monitor/grafana" {
capabilities = ["read"]
}
''; '';
}; };

10
terranix/default.nix
View file

@ -34,9 +34,9 @@ in
address = "http://10.64.2.1:4646"; address = "http://10.64.2.1:4646";
}; };
# provider."influxdb-v2" = { provider."influxdb-v2" = {
# url = "http://influx.in.redalder.org"; url = "http://influx.in.redalder.org";
# }; };
imports = [ imports = [
./modules/push_approles.nix ./modules/push_approles.nix
@ -55,7 +55,7 @@ in
terraform.required_providers = { terraform.required_providers = {
influxdb-v2 = { influxdb-v2 = {
source = "Janrupf/influxdb-v2"; source = "MagicRB/influxdb-v2";
}; };
}; };
@ -78,7 +78,7 @@ in
path = "kv"; path = "kv";
type = "kv"; type = "kv";
options.version = "2"; options.version = "2";
description = "KV Version 2 secret envine mount"; description = "KV Version 2 secret engine mount";
}; };
resource."vault_kv_secret_backend_v2"."config" = { resource."vault_kv_secret_backend_v2"."config" = {