125 lines
3.1 KiB
Nix
125 lines
3.1 KiB
Nix
{ config, lib, ... }:
|
|
let
|
|
cfg = config.profile.services.telemetry.mimir;
|
|
inherit (lib) mkIf;
|
|
baseDir = "/var/lib/mimir";
|
|
domain = "mimir.tigor.web.id";
|
|
in
|
|
{
|
|
config = mkIf cfg.enable {
|
|
sops = {
|
|
secrets =
|
|
let
|
|
opts = { };
|
|
in
|
|
{
|
|
"caddy/basic_auth/username" = opts;
|
|
"caddy/basic_auth/password" = opts;
|
|
};
|
|
templates = {
|
|
"mimir-basic-auth".content = # sh
|
|
''
|
|
MIMIR_USERNAME=${config.sops.placeholder."caddy/basic_auth/username"}
|
|
MIMIR_PASSWORD=${config.sops.placeholder."caddy/basic_auth/password"}
|
|
'';
|
|
};
|
|
};
|
|
|
|
systemd.services."caddy".serviceConfig = {
|
|
EnvironmentFile = [ config.sops.templates."mimir-basic-auth".path ];
|
|
};
|
|
|
|
services.caddy.virtualHosts.${domain}.extraConfig =
|
|
let
|
|
mimirServerConfig = config.services.mimir.configuration.server;
|
|
hostAddress = "${mimirServerConfig.http_listen_address}:${toString mimirServerConfig.http_listen_port}";
|
|
in
|
|
''
|
|
@require_auth not remote_ip private_ranges
|
|
|
|
basicauth @require_auth {
|
|
{$ALLOY_USERNAME} {$ALLOY_PASSWORD}
|
|
}
|
|
|
|
reverse_proxy ${hostAddress}
|
|
'';
|
|
|
|
services.mimir = {
|
|
enable = true;
|
|
configuration = {
|
|
multitenancy_enabled = false;
|
|
server = {
|
|
http_listen_address = "0.0.0.0";
|
|
http_listen_port = 4400;
|
|
grpc_listen_port = 4401;
|
|
};
|
|
|
|
common = {
|
|
storage = {
|
|
backend = "filesystem";
|
|
filesystem.dir = "${baseDir}/metrics";
|
|
};
|
|
};
|
|
|
|
blocks_storage = {
|
|
backend = "filesystem";
|
|
bucket_store.sync_dir = "${baseDir}/tsdb-sync";
|
|
filesystem.dir = "${baseDir}/data/tsdb";
|
|
tsdb.dir = "${baseDir}/tsdb";
|
|
};
|
|
|
|
compactor = {
|
|
data_dir = "${baseDir}/data/compactor";
|
|
sharding_ring.kvstore.store = "memberlist";
|
|
};
|
|
|
|
limits = {
|
|
compactor_blocks_retention_period = "90d";
|
|
};
|
|
|
|
distributor = {
|
|
ring = {
|
|
instance_addr = "127.0.0.1";
|
|
kvstore.store = "memberlist";
|
|
};
|
|
};
|
|
|
|
ingester = {
|
|
ring = {
|
|
instance_addr = "127.0.0.1";
|
|
kvstore.store = "memberlist";
|
|
replication_factor = 1;
|
|
};
|
|
};
|
|
|
|
ruler_storage = {
|
|
backend = "filesystem";
|
|
filesystem.dir = "${baseDir}/data/rules";
|
|
};
|
|
|
|
store_gateway.sharding_ring.replication_factor = 1;
|
|
};
|
|
};
|
|
|
|
services.grafana.provision.datasources.settings.datasources =
|
|
let
|
|
server = config.services.mimir.configuration.server;
|
|
in
|
|
[
|
|
{
|
|
name = "Mimir";
|
|
type = "prometheus";
|
|
uid = "mimir";
|
|
access = "proxy";
|
|
url = "http://${server.http_listen_address}:${toString server.http_listen_port}/prometheus";
|
|
basicAuth = false;
|
|
jsonData = {
|
|
httpMethod = "POST";
|
|
prometheusType = "Mimir";
|
|
timeout = 30;
|
|
};
|
|
}
|
|
];
|
|
};
|
|
}
|