add prometheus host

unify logging into lib/logging
cleanup registry
This commit is contained in:
Daniel Poelzleithner 2019-07-06 02:10:46 +02:00
parent bf5e0de49c
commit fb9d929bc4
5 changed files with 203 additions and 39 deletions

View File

@ -0,0 +1,108 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
imports =
[ ../../../lib/lxc-container.nix
environment.systemPackages = with pkgs; [
networking = {
hostName = "prometheus";
firewall = {
allowedTCPPorts = [
enable = true;
services.prometheus = {
enable = true;
alertmanager = {
enable = true;
openFirewall = true;
webExternalUrl = "";
listenAddress = "";
configuration = {
"global" = {
"smtp_smarthost" = "";
"smtp_from" = "";
"route" = {
"group_by" = [ "alertname" "alias" ];
"group_wait" = "30s";
"group_interval" = "2m";
"repeat_interval" = "4h";
"receiver" = "team-admins";
"receivers" = [
"name" = "team-admins";
# "email_configs" = [
# {
# "to" = "";
# "send_resolved" = true;
# }
# ];
# "webhook_configs" = [
# {
# "url" = "";
# "send_resolved" = true;
# }
# ];
alertmanagerURL = [ "" ];
pushgateway = {
enable = true;
web.external-url = "";
exporters.collectd.enable = true;
exporters.collectd.openFirewall = true;
exporters.nginx.enable = true;
services.nginx = {
enable = true;
virtualHosts."" = {
# serverAliases = [ "" ];
enableACME = true;
enableSSL = true;
# forceSSL = true;
locations.".well-known/acme-challenge/" = {
root = "/var/lib/acme/acme-challenge/.well-known/acme-challenge/";
locations."/" = {
proxyPass = "http://localhost:9090";
system.stateVersion = "19.03"; # Did you read the comment?

View File

@ -1,19 +1,15 @@
[ <nixpkgs/nixos/modules/profiles/minimal.nix> # Edit this configuration file to define what should be installed on
]; # your system. Help is available in the configuration.nix(5) man page
nix.useSandbox = false; # and in the NixOS manual (accessible by running nixos-help).
nix.maxJobs = lib.mkDefault 4;
boot.isContainer = true; { config, pkgs, lib, ... }:
# /sbin/init
boot.loader.initScript.enable = true;
boot.loader.grub.enable = false;
#boot.supportedFilesystems = ["zfs" "ext2" "ext3" "vfat" "fat32" "bcache" "bcachefs"];
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; }; {
imports =
#networking.hostName = "docker-registry"; # Define your hostname. [ ../../../lib/lxc-container.nix
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. ../../../lib/shared.nix
#networking.useNetworkd = true; ../../../lib/admins.nix
networking = { networking = {
hostName = "registry"; hostName = "registry";
@ -29,8 +25,6 @@
dhcpcd.denyInterfaces = [ "eth0" ]; dhcpcd.denyInterfaces = [ "eth0" ];
nameservers = [ "" "" ];
defaultGateway = { defaultGateway = {
address = ""; address = "";
interface = "eth0"; interface = "eth0";
@ -42,8 +36,6 @@
#}; #};
}; };
services.openssh.enable = true;
# Open ports in the firewall. # Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
22 22
@ -52,13 +44,6 @@
5000 5000
]; ];
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Select internationalisation properties.
i18n = {
defaultLocale = "en_US.UTF-8";
supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
@ -66,21 +51,17 @@
wget wget
vim vim
]; ];
# Create a few files early before packing tarball for Proxmox
# architecture/OS detection.
system.extraSystemBuilderCmds =
mkdir -m 0755 -p $out/bin
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
mkdir -m 0755 -p $out/sbin
ln -s ../init $out/sbin/init
services.dockerRegistry.enable = true; services.dockerRegistry = {
enable = true;
storagePath = "/srv/docker-registry";
enableGarbageCollect = true;
enableDelete = true;
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.virtualHosts."" = { services.nginx.virtualHosts."" = {
# serverAliases = [ "" ];
enableACME = true; enableACME = true;
enableSSL = true; enableSSL = true;
# forceSSL = true; # forceSSL = true;
@ -91,7 +72,7 @@
proxyPass = "http://localhost:5000"; proxyPass = "http://localhost:5000";
}; };
extraConfig = '' extraConfig = ''
client_max_body_size 2048M; client_max_body_size 4096M;
gzip off; gzip off;
''; '';
}; };
@ -100,7 +81,7 @@
# compatible, in order to avoid breaking some software such as database # compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you # servers. You should change this only after NixOS release notes say you
# should. # should.
system.stateVersion = "18.09"; # Did you read the comment? system.stateVersion = "19.03"; # Did you read the comment?
} }

View File

@ -104,6 +104,28 @@
storeKeysOnMachine = true; storeKeysOnMachine = true;
}; };
}; };
"registry" =
{ ... }:
imports = [
deployment = {
targetHost = "2a02:8106:208:5201::34";
storeKeysOnMachine = true;
"prometheus" =
{ ... }:
imports = [
deployment = {
targetHost = "2a02:8106:208:5282:8c46:d6ff:fe43:6afd";
storeKeysOnMachine = true;
} }

lib/logging.nix Normal file
View File

@ -0,0 +1,52 @@
{ config, pkgs, lib, ... }:
nginxGlobalLogging = ''
log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
'"remote_addr": "$remote_addr", '
'"body_bytes_sent": $body_bytes_sent, '
'"request_time": $request_time, '
'"response_status": $status, '
'"request": "$request", '
'"request_method": "$request_method", '
'"host": "$host",'
'"upstream_cache_status": "$upstream_cache_status",'
'"upstream_addr": "$upstream_addr",'
'"http_x_forwarded_for": "$http_x_forwarded_for",'
'"http_referrer": "$http_referer", '
'"http_user_agent": "$http_user_agent" }';
# replace the hostnames with the IP or hostname of your Graylog2 server
access_log graylog2_json;
# add central logging
services.journalbeat = {
enable = true;
extraConfig = ''
seek_position: cursor
cursor_seek_fallback: tail
write_cursor_state: true
cursor_flush_period: 5s
clean_field_names: true
convert_to_numbers: false
move_metadata_to_field: journal
default_type: journal
kernel: true
# Boolean flag to enable or disable the output module.
enabled: true
hosts: ["", ""]
services.prometheus.exporters.node.enable = true;
services.prometheus.exporters.node.openFirewall = true;

View File

@ -1,6 +1,7 @@
{ lib, ... }: { lib, ... }:
{ {
imports = [./logging.nix];
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
# Select internationalisation properties. # Select internationalisation properties.