NixOS/system/services/telemetry/tempo.nix

{ config, lib, ... }:
let
  cfg = config.profile.services.telemetry.tempo;
  inherit (lib) mkIf;
  domain = "tempo.tigor.web.id";
  basic_auth = {
    username = "tempo/caddy/basic_auth/username";
    password = "tempo/caddy/basic_auth/password";
    template = "tempo/caddy/basic_auth";
  };
  server = config.services.tempo.settings.server;
in
{
  config = mkIf cfg.enable {
    sops = {
      secrets =
        let
          opts = { sopsFile = ../../../secrets/telemetry.yaml; owner = "grafana"; };
        in
        {
          ${basic_auth.username} = opts;
          ${basic_auth.password} = opts;
        };
      templates = {
        ${basic_auth.template}.content = /*sh*/ ''
          TEMPO_USERNAME=${config.sops.placeholder.${basic_auth.username}}
          TEMPO_PASSWORD=${config.sops.placeholder.${basic_auth.password}}
        '';
      };
    };

    systemd.services."caddy".serviceConfig = {
      EnvironmentFile = [ config.sops.templates.${basic_auth.template}.path ];
    };

    services.caddy.virtualHosts.${domain}.extraConfig = ''
      @require_auth not remote_ip private_ranges 

      basicauth @require_auth {
          {$TEMPO_USERNAME} {$TEMPO_PASSWORD}
      }

      reverse_proxy ${server.http_listen_address}:3200
    '';

    services.tempo = {
      enable = true;
      settings = {
        server = {
          http_listen_address = "0.0.0.0";
          http_listen_port = 3200;
          grpc_listen_port = 9096;
        };
        distributor = {
          receivers = {
            otlp = {
              protocols = {
                http = { };
              };
            };
          };
        };
        storage.trace = {
          backend = "local";
          local.path = "/var/lib/tempo/traces";
          wal.path = "/var/lib/tempo/wal";
        };
        ingester = {
          lifecycler.ring.replication_factor = 1;
        };
      };
    };
    services.grafana.provision.datasources.settings.datasources = [
      {
        name = "Tempo";
        type = "tempo";
        access = "proxy";
        url = "http://${server.http_listen_address}:${toString server.http_listen_port}";
        basicAuth = false;
        jsonData = {
          nodeGraph.enabled = true;
          search.hide = false;
          traceQuery = {
            timeShiftEnabled = true;
            spanStartTimeShift = "1h";
            spanEndTimeShift = "1h";
          };
          spanBar = {
            type = "Tag";
            tag = "http.path";
          };
          tracesToLogsV2 = mkIf config.profile.services.telemetry.loki.enable {
            datasourceUid = "loki";
            spanStartTimeShift = "-1h";
            spanEndTimeShift = "1h";
            tags = [ "job" "instance" "pod" "namespace" ];
            filterByTraceID = false;
            filterBySpanID = false;
            customQuery = true;
            query = ''method="$''${__span.tags.method}"'';
          };
        };
      }
    ];
  };
}
telemetry: added tempo service 2024-09-02 18:17:03 +07:00			`{ config, lib, ... }:`
			`let`
			`cfg = config.profile.services.telemetry.tempo;`
			`inherit (lib) mkIf;`
			`domain = "tempo.tigor.web.id";`
			`basic_auth = {`
			`username = "tempo/caddy/basic_auth/username";`
			`password = "tempo/caddy/basic_auth/password";`
			`template = "tempo/caddy/basic_auth";`
			`};`
			`server = config.services.tempo.settings.server;`
			`in`
			`{`
			`config = mkIf cfg.enable {`
			`sops = {`
			`secrets =`
			`let`
			`opts = { sopsFile = ../../../secrets/telemetry.yaml; owner = "grafana"; };`
			`in`
			`{`
			`${basic_auth.username} = opts;`
			`${basic_auth.password} = opts;`
			`};`
			`templates = {`
			`${basic_auth.template}.content = /sh/ ''`
			`TEMPO_USERNAME=${config.sops.placeholder.${basic_auth.username}}`
			`TEMPO_PASSWORD=${config.sops.placeholder.${basic_auth.password}}`
			`'';`
			`};`
			`};`

			`systemd.services."caddy".serviceConfig = {`
			`EnvironmentFile = [ config.sops.templates.${basic_auth.template}.path ];`
			`};`

			`services.caddy.virtualHosts.${domain}.extraConfig = ''`
tempo: require basic auth for all requests except from private ranges 2024-09-07 09:55:03 +07:00			`@require_auth not remote_ip private_ranges`

			`basicauth @require_auth {`
telemetry: added tempo service 2024-09-02 18:17:03 +07:00			`{$TEMPO_USERNAME} {$TEMPO_PASSWORD}`
			`}`

tempo: require basic auth for all requests except from private ranges 2024-09-07 09:55:03 +07:00			`reverse_proxy ${server.http_listen_address}:3200`
telemetry: added tempo service 2024-09-02 18:17:03 +07:00			`'';`

			`services.tempo = {`
			`enable = true;`
			`settings = {`
			`server = {`
			`http_listen_address = "0.0.0.0";`
			`http_listen_port = 3200;`
			`grpc_listen_port = 9096;`
			`};`
			`distributor = {`
			`receivers = {`
			`otlp = {`
			`protocols = {`
			`http = { };`
			`};`
			`};`
			`};`
			`};`
			`storage.trace = {`
			`backend = "local";`
			`local.path = "/var/lib/tempo/traces";`
			`wal.path = "/var/lib/tempo/wal";`
			`};`
			`ingester = {`
			`lifecycler.ring.replication_factor = 1;`
			`};`
			`};`
			`};`
			`services.grafana.provision.datasources.settings.datasources = [`
			`{`
			`name = "Tempo";`
			`type = "tempo";`
			`access = "proxy";`
			`url = "http://${server.http_listen_address}:${toString server.http_listen_port}";`
			`basicAuth = false;`
			`jsonData = {`
			`nodeGraph.enabled = true;`
			`search.hide = false;`
			`traceQuery = {`
			`timeShiftEnabled = true;`
			`spanStartTimeShift = "1h";`
			`spanEndTimeShift = "1h";`
			`};`
			`spanBar = {`
			`type = "Tag";`
			`tag = "http.path";`
			`};`
			`tracesToLogsV2 = mkIf config.profile.services.telemetry.loki.enable {`
			`datasourceUid = "loki";`
			`spanStartTimeShift = "-1h";`
			`spanEndTimeShift = "1h";`
			`tags = [ "job" "instance" "pod" "namespace" ];`
			`filterByTraceID = false;`
			`filterBySpanID = false;`
			`customQuery = true;`
			`query = ''method="$''${__span.tags.method}"'';`
			`};`
			`};`
			`}`
			`];`
			`};`
			`}`