diff --git a/hardware-configuration/homeserver.nix b/hardware-configuration/homeserver.nix index b766df6..18ae1f2 100644 --- a/hardware-configuration/homeserver.nix +++ b/hardware-configuration/homeserver.nix @@ -84,6 +84,17 @@ "bind" ]; }; + + "/nas/telemetry/mimir" = lib.mkIf config.profile.services.telemetry.mimir.enable { + device = "/var/lib/mimir"; + fsType = "auto"; + options = [ + "defaults" + "nofail" + "nobootwait" + "bind" + ]; + }; }; swapDevices = [ ]; diff --git a/options/services.nix b/options/services.nix index d433b41..2b34506 100644 --- a/options/services.nix +++ b/options/services.nix @@ -47,7 +47,7 @@ in type = types.bool; default = config.profile.services.telemetry.enable; }; - minio.enable = mkOption { + mimir.enable = mkOption { type = types.bool; default = config.profile.services.telemetry.enable; }; diff --git a/system/services/telemetry/default.nix b/system/services/telemetry/default.nix index 6a1e542..62213dd 100644 --- a/system/services/telemetry/default.nix +++ b/system/services/telemetry/default.nix @@ -5,5 +5,6 @@ ./loki.nix ./tempo.nix ./alloy.nix + ./mimir.nix ]; } diff --git a/system/services/telemetry/mimir.nix b/system/services/telemetry/mimir.nix new file mode 100644 index 0000000..418dc9c --- /dev/null +++ b/system/services/telemetry/mimir.nix @@ -0,0 +1,100 @@ +{ config, lib, ... }: +let + cfg = config.profile.services.telemetry.mimir; + inherit (lib) mkIf; + baseDir = "/var/lib/mimir"; + domain = "mimir.tigor.web.id"; +in +{ + config = mkIf cfg.enable { + sops = { + secrets = + let + opts = { }; + in + { + "caddy/basic_auth/username" = opts; + "caddy/basic_auth/password" = opts; + }; + templates = { + "mimir-basic-auth".content = /*sh*/ '' + MIMIR_USERNAME=${config.sops.placeholder."caddy/basic_auth/username"} + MIMIR_PASSWORD=${config.sops.placeholder."caddy/basic_auth/password"} + ''; + }; + }; + + systemd.services."caddy".serviceConfig = { + EnvironmentFile = [ config.sops.templates."mimir-basic-auth".path ]; + }; + + + services.caddy.virtualHosts.${domain}.extraConfig = + let + mimirServerConfig = config.services.mimir.configuration.server; + hostAddress = "${mimirServerConfig.http_listen_address}:${toString mimirServerConfig.http_listen_port}"; + in + '' + @require_auth not remote_ip private_ranges + + basicauth @require_auth { + {$ALLOY_USERNAME} {$ALLOY_PASSWORD} + } + + reverse_proxy ${hostAddress} + ''; + + services.mimir = { + enable = true; + configuration = { + multitenancy_enabled = false; + server = { + http_listen_address = "0.0.0.0"; + http_listen_port = 4400; + grpc_listen_port = 4401; + }; + + common = { + storage = { + backend = "filesystem"; + filesystem.dir = "${baseDir}/metrics"; + }; + }; + + blocks_storage = { + backend = "filesystem"; + bucket_store.sync_dir = "${baseDir}/tsdb-sync"; + filesystem.dir = "${baseDir}/data/tsdb"; + tsdb.dir = "${baseDir}/tsdb"; + }; + + compactor = { + data_dir = "${baseDir}/data/compactor"; + sharding_ring.kvstore.store = "memberlist"; + }; + + distributor = { + ring = { + instance_addr = "127.0.0.1"; + kvstore.store = "memberlist"; + }; + }; + + ingester = { + ring = { + instance_addr = "127.0.0.1"; + kvstore.store = "memberlist"; + replication_factor = 1; + }; + }; + + ruler_storage = { + backend = "filesystem"; + filesystem.dir = "${baseDir}/data/rules"; + }; + + store_gateway.sharding_ring.replication_factor = 1; + }; + }; + }; +}