add prometheus host
unify logging into lib/logging cleanup registry
Bu işleme şunda yer alıyor:
ebeveyn
bf5e0de49c
işleme
fb9d929bc4
|
@ -0,0 +1,108 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ ../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
];
|
||||
|
||||
networking = {
|
||||
hostName = "prometheus";
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
22
|
||||
80
|
||||
443
|
||||
9090
|
||||
9091
|
||||
9093
|
||||
9094
|
||||
];
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.prometheus = {
|
||||
enable = true;
|
||||
|
||||
alertmanager = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
webExternalUrl = "http://prometheus.serv.zentralwerk.org/alertmanager/";
|
||||
listenAddress = "0.0.0.0";
|
||||
configuration = {
|
||||
"global" = {
|
||||
"smtp_smarthost" = "mail.serv.zentralwerk.org:587";
|
||||
"smtp_from" = "alertmanager@prometheus.serv.zentralwerk.org";
|
||||
};
|
||||
"route" = {
|
||||
"group_by" = [ "alertname" "alias" ];
|
||||
"group_wait" = "30s";
|
||||
"group_interval" = "2m";
|
||||
"repeat_interval" = "4h";
|
||||
"receiver" = "team-admins";
|
||||
};
|
||||
"receivers" = [
|
||||
{
|
||||
"name" = "team-admins";
|
||||
# "email_configs" = [
|
||||
# {
|
||||
# "to" = "devnull@example.com";
|
||||
# "send_resolved" = true;
|
||||
# }
|
||||
# ];
|
||||
# "webhook_configs" = [
|
||||
# {
|
||||
# "url" = "https://example.com/prometheus-alerts";
|
||||
# "send_resolved" = true;
|
||||
# }
|
||||
# ];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
alertmanagerURL = [ "http://prometheus.serv.zentralwerk.org/alertmanager/" ];
|
||||
|
||||
pushgateway = {
|
||||
enable = true;
|
||||
web.external-url = "http://prometheus.serv.zentralwerk.org/push/";
|
||||
};
|
||||
|
||||
exporters.collectd.enable = true;
|
||||
exporters.collectd.openFirewall = true;
|
||||
|
||||
exporters.nginx.enable = true;
|
||||
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
virtualHosts."prometheus.serv.zentralwerk.org" = {
|
||||
# serverAliases = [ "registry.serv.zentralwerk.org" ];
|
||||
enableACME = true;
|
||||
enableSSL = true;
|
||||
# forceSSL = true;
|
||||
locations.".well-known/acme-challenge/" = {
|
||||
root = "/var/lib/acme/acme-challenge/.well-known/acme-challenge/";
|
||||
};
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:9090";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
system.stateVersion = "19.03"; # Did you read the comment?
|
||||
|
||||
}
|
|
@ -1,19 +1,15 @@
|
|||
[ <nixpkgs/nixos/modules/profiles/minimal.nix>
|
||||
];
|
||||
nix.useSandbox = false;
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
boot.isContainer = true;
|
||||
# /sbin/init
|
||||
boot.loader.initScript.enable = true;
|
||||
boot.loader.grub.enable = false;
|
||||
#boot.supportedFilesystems = ["zfs" "ext2" "ext3" "vfat" "fat32" "bcache" "bcachefs"];
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
|
||||
|
||||
#networking.hostName = "docker-registry"; # Define your hostname.
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
#networking.useNetworkd = true;
|
||||
{
|
||||
imports =
|
||||
[ ../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
];
|
||||
|
||||
networking = {
|
||||
hostName = "registry";
|
||||
|
@ -29,8 +25,6 @@
|
|||
|
||||
dhcpcd.denyInterfaces = [ "eth0" ];
|
||||
|
||||
nameservers = [ "8.8.8.8" "9.9.9.9" ];
|
||||
|
||||
defaultGateway = {
|
||||
address = "172.22.99.1";
|
||||
interface = "eth0";
|
||||
|
@ -42,8 +36,6 @@
|
|||
#};
|
||||
};
|
||||
|
||||
services.openssh.enable = true;
|
||||
|
||||
# Open ports in the firewall.
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
22
|
||||
|
@ -52,13 +44,6 @@
|
|||
5000
|
||||
];
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
# Select internationalisation properties.
|
||||
i18n = {
|
||||
defaultLocale = "en_US.UTF-8";
|
||||
supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
|
||||
};
|
||||
|
||||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
|
@ -66,21 +51,17 @@
|
|||
wget
|
||||
vim
|
||||
];
|
||||
|
||||
# Create a few files early before packing tarball for Proxmox
|
||||
# architecture/OS detection.
|
||||
system.extraSystemBuilderCmds =
|
||||
''
|
||||
mkdir -m 0755 -p $out/bin
|
||||
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
|
||||
mkdir -m 0755 -p $out/sbin
|
||||
ln -s ../init $out/sbin/init
|
||||
'';
|
||||
|
||||
services.dockerRegistry.enable = true;
|
||||
services.dockerRegistry = {
|
||||
enable = true;
|
||||
storagePath = "/srv/docker-registry";
|
||||
enableGarbageCollect = true;
|
||||
enableDelete = true;
|
||||
};
|
||||
|
||||
services.nginx.enable = true;
|
||||
services.nginx.virtualHosts."registry.hq.c3d2.de" = {
|
||||
# serverAliases = [ "registry.serv.zentralwerk.org" ];
|
||||
enableACME = true;
|
||||
enableSSL = true;
|
||||
# forceSSL = true;
|
||||
|
@ -91,7 +72,7 @@
|
|||
proxyPass = "http://localhost:5000";
|
||||
};
|
||||
extraConfig = ''
|
||||
client_max_body_size 2048M;
|
||||
client_max_body_size 4096M;
|
||||
gzip off;
|
||||
'';
|
||||
};
|
||||
|
@ -100,7 +81,7 @@
|
|||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "18.09"; # Did you read the comment?
|
||||
system.stateVersion = "19.03"; # Did you read the comment?
|
||||
}
|
||||
|
||||
|
||||
|
|
24
hq.nixops
24
hq.nixops
|
@ -104,6 +104,28 @@
|
|||
storeKeysOnMachine = true;
|
||||
};
|
||||
};
|
||||
"registry" =
|
||||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
hosts/containers/registry/configuration.nix
|
||||
];
|
||||
deployment = {
|
||||
targetHost = "2a02:8106:208:5201::34";
|
||||
storeKeysOnMachine = true;
|
||||
};
|
||||
};
|
||||
"prometheus" =
|
||||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
hosts/containers/prometheus/configuration.nix
|
||||
];
|
||||
deployment = {
|
||||
targetHost = "2a02:8106:208:5282:8c46:d6ff:fe43:6afd";
|
||||
storeKeysOnMachine = true;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
|
||||
nginxGlobalLogging = ''
|
||||
log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
|
||||
'"remote_addr": "$remote_addr", '
|
||||
'"body_bytes_sent": $body_bytes_sent, '
|
||||
'"request_time": $request_time, '
|
||||
'"response_status": $status, '
|
||||
'"request": "$request", '
|
||||
'"request_method": "$request_method", '
|
||||
'"host": "$host",'
|
||||
'"upstream_cache_status": "$upstream_cache_status",'
|
||||
'"upstream_addr": "$upstream_addr",'
|
||||
'"http_x_forwarded_for": "$http_x_forwarded_for",'
|
||||
'"http_referrer": "$http_referer", '
|
||||
'"http_user_agent": "$http_user_agent" }';
|
||||
|
||||
# replace the hostnames with the IP or hostname of your Graylog2 server
|
||||
access_log syslog:server=graylog.server.org:12301 graylog2_json;
|
||||
error_log syslog:server=graylog.server.org:12302;
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
|
||||
# add central logging
|
||||
services.journalbeat = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
journalbeat:
|
||||
seek_position: cursor
|
||||
cursor_seek_fallback: tail
|
||||
write_cursor_state: true
|
||||
cursor_flush_period: 5s
|
||||
clean_field_names: true
|
||||
convert_to_numbers: false
|
||||
move_metadata_to_field: journal
|
||||
default_type: journal
|
||||
kernel: true
|
||||
output.logstash:
|
||||
# Boolean flag to enable or disable the output module.
|
||||
enabled: true
|
||||
hosts: ["logging.serv.zentralwerk.org:5044", "172.20.73.13:5044"]
|
||||
'';
|
||||
};
|
||||
|
||||
services.prometheus.exporters.node.enable = true;
|
||||
services.prometheus.exporters.node.openFirewall = true;
|
||||
|
||||
}
|
|
@ -1,6 +1,7 @@
|
|||
{ lib, ... }:
|
||||
|
||||
{
|
||||
imports = [./logging.nix];
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
# Select internationalisation properties.
|
||||
|
|
Yükleniyor…
Yeni konuda referans