NixOS/system/services/telemetry/mimir.nix

125 lines
3.1 KiB
Nix

{ config, lib, ... }:
let
cfg = config.profile.services.telemetry.mimir;
inherit (lib) mkIf;
baseDir = "/var/lib/mimir";
domain = "mimir.tigor.web.id";
in
{
config = mkIf cfg.enable {
sops = {
secrets =
let
opts = { };
in
{
"caddy/basic_auth/username" = opts;
"caddy/basic_auth/password" = opts;
};
templates = {
"mimir-basic-auth".content = # sh
''
MIMIR_USERNAME=${config.sops.placeholder."caddy/basic_auth/username"}
MIMIR_PASSWORD=${config.sops.placeholder."caddy/basic_auth/password"}
'';
};
};
systemd.services."caddy".serviceConfig = {
EnvironmentFile = [ config.sops.templates."mimir-basic-auth".path ];
};
services.caddy.virtualHosts.${domain}.extraConfig =
let
mimirServerConfig = config.services.mimir.configuration.server;
hostAddress = "${mimirServerConfig.http_listen_address}:${toString mimirServerConfig.http_listen_port}";
in
''
@require_auth not remote_ip private_ranges
basicauth @require_auth {
{$ALLOY_USERNAME} {$ALLOY_PASSWORD}
}
reverse_proxy ${hostAddress}
'';
services.mimir = {
enable = true;
configuration = {
multitenancy_enabled = false;
server = {
http_listen_address = "0.0.0.0";
http_listen_port = 4400;
grpc_listen_port = 4401;
};
common = {
storage = {
backend = "filesystem";
filesystem.dir = "${baseDir}/metrics";
};
};
blocks_storage = {
backend = "filesystem";
bucket_store.sync_dir = "${baseDir}/tsdb-sync";
filesystem.dir = "${baseDir}/data/tsdb";
tsdb.dir = "${baseDir}/tsdb";
};
compactor = {
data_dir = "${baseDir}/data/compactor";
sharding_ring.kvstore.store = "memberlist";
};
limits = {
compactor_blocks_retention_period = "90d";
};
distributor = {
ring = {
instance_addr = "127.0.0.1";
kvstore.store = "memberlist";
};
};
ingester = {
ring = {
instance_addr = "127.0.0.1";
kvstore.store = "memberlist";
replication_factor = 1;
};
};
ruler_storage = {
backend = "filesystem";
filesystem.dir = "${baseDir}/data/rules";
};
store_gateway.sharding_ring.replication_factor = 1;
};
};
services.grafana.provision.datasources.settings.datasources =
let
server = config.services.mimir.configuration.server;
in
[
{
name = "Mimir";
type = "prometheus";
uid = "mimir";
access = "proxy";
url = "http://${server.http_listen_address}:${toString server.http_listen_port}/prometheus";
basicAuth = false;
jsonData = {
httpMethod = "POST";
prometheusType = "Mimir";
timeout = 30;
};
}
];
};
}