telemetry: added mimir backend

2024-09-07 10:27:25 +07:00 · 2024-09-07 10:27:25 +07:00 · dda26cfc65
parent 49bbe6364e
commit dda26cfc65
4 changed files with 113 additions and 1 deletions
--- a/hardware-configuration/homeserver.nix
+++ b/hardware-configuration/homeserver.nix
@ -84,6 +84,17 @@
          "bind"
        ];
      };
+
+      "/nas/telemetry/mimir" = lib.mkIf config.profile.services.telemetry.mimir.enable {
+        device = "/var/lib/mimir";
+        fsType = "auto";
+        options = [
+          "defaults"
+          "nofail"
+          "nobootwait"
+          "bind"
+        ];
+      };
    };

    swapDevices = [ ];
--- a/options/services.nix
+++ b/options/services.nix
@ -47,7 +47,7 @@ in
        type = types.bool;
        default = config.profile.services.telemetry.enable;
      };
-      minio.enable = mkOption {
+      mimir.enable = mkOption {
        type = types.bool;
        default = config.profile.services.telemetry.enable;
      };
--- a/system/services/telemetry/default.nix
+++ b/system/services/telemetry/default.nix
@ -5,5 +5,6 @@
    ./loki.nix
    ./tempo.nix
    ./alloy.nix
+    ./mimir.nix
  ];
 }
--- a/system/services/telemetry/mimir.nix
+++ b/system/services/telemetry/mimir.nix
@ -0,0 +1,100 @@
+{ config, lib, ... }:
+let
+  cfg = config.profile.services.telemetry.mimir;
+  inherit (lib) mkIf;
+  baseDir = "/var/lib/mimir";
+  domain = "mimir.tigor.web.id";
+in
+{
+  config = mkIf cfg.enable {
+    sops = {
+      secrets =
+        let
+          opts = { };
+        in
+        {
+          "caddy/basic_auth/username" = opts;
+          "caddy/basic_auth/password" = opts;
+        };
+      templates = {
+        "mimir-basic-auth".content = /*sh*/ ''
+          MIMIR_USERNAME=${config.sops.placeholder."caddy/basic_auth/username"}
+          MIMIR_PASSWORD=${config.sops.placeholder."caddy/basic_auth/password"}
+        '';
+      };
+    };
+
+    systemd.services."caddy".serviceConfig = {
+      EnvironmentFile = [ config.sops.templates."mimir-basic-auth".path ];
+    };
+
+
+    services.caddy.virtualHosts.${domain}.extraConfig =
+      let
+        mimirServerConfig = config.services.mimir.configuration.server;
+        hostAddress = "${mimirServerConfig.http_listen_address}:${toString mimirServerConfig.http_listen_port}";
+      in
+      ''
+        @require_auth not remote_ip private_ranges
+
+        basicauth @require_auth {
+          {$ALLOY_USERNAME} {$ALLOY_PASSWORD}
+        }
+    
+        reverse_proxy ${hostAddress}
+      '';
+
+    services.mimir = {
+      enable = true;
+      configuration = {
+        multitenancy_enabled = false;
+        server = {
+          http_listen_address = "0.0.0.0";
+          http_listen_port = 4400;
+          grpc_listen_port = 4401;
+        };
+
+        common = {
+          storage = {
+            backend = "filesystem";
+            filesystem.dir = "${baseDir}/metrics";
+          };
+        };
+
+        blocks_storage = {
+          backend = "filesystem";
+          bucket_store.sync_dir = "${baseDir}/tsdb-sync";
+          filesystem.dir = "${baseDir}/data/tsdb";
+          tsdb.dir = "${baseDir}/tsdb";
+        };
+
+        compactor = {
+          data_dir = "${baseDir}/data/compactor";
+          sharding_ring.kvstore.store = "memberlist";
+        };
+
+        distributor = {
+          ring = {
+            instance_addr = "127.0.0.1";
+            kvstore.store = "memberlist";
+          };
+        };
+
+        ingester = {
+          ring = {
+            instance_addr = "127.0.0.1";
+            kvstore.store = "memberlist";
+            replication_factor = 1;
+          };
+        };
+
+        ruler_storage = {
+          backend = "filesystem";
+          filesystem.dir = "${baseDir}/data/rules";
+        };
+
+        store_gateway.sharding_ring.replication_factor = 1;
+      };
+    };
+  };
+}