From 10d696d3d249d1b4518ed46f0765049411c438eb Mon Sep 17 00:00:00 2001 From: jasmine Date: Tue, 9 Jul 2024 09:47:14 +0800 Subject: [PATCH] Remove SSH Tarpit and SSH logging in grafana --- nixos/viridian/services/default.nix | 3 - nixos/viridian/services/endlessh-go.nix | 30 --------- nixos/viridian/services/loki.nix | 81 ------------------------- nixos/viridian/services/promtail.nix | 31 ---------- 4 files changed, 145 deletions(-) delete mode 100644 nixos/viridian/services/endlessh-go.nix delete mode 100644 nixos/viridian/services/loki.nix delete mode 100644 nixos/viridian/services/promtail.nix diff --git a/nixos/viridian/services/default.nix b/nixos/viridian/services/default.nix index cf5b825..aa4cc04 100644 --- a/nixos/viridian/services/default.nix +++ b/nixos/viridian/services/default.nix @@ -13,8 +13,5 @@ ./grafana.nix ./mysql.nix ./prometheus.nix - ./endlessh-go.nix - ./promtail.nix - ./loki.nix ]; } diff --git a/nixos/viridian/services/endlessh-go.nix b/nixos/viridian/services/endlessh-go.nix deleted file mode 100644 index dcbe0e3..0000000 --- a/nixos/viridian/services/endlessh-go.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, ... }: - -{ - services.endlessh-go = { - enable = true; - port = 22; # SSH port - prometheus = { - enable = true; - listenAddress = "127.0.0.1"; - port = 2112; # Prometheus metrics port - }; - extraOptions = [ - "-interval_ms=1000" - "-logtostderr" - "-v=1" - "-geoip_supplier=ip-api" - ]; - openFirewall = true; - }; - - services.prometheus.scrapeConfigs = [ - { - job_name = "endlessh"; - static_configs = [{ - targets = [ "127.0.0.1:${toString config.services.endlessh-go.prometheus.port}" ]; - }]; - } - ]; -} - diff --git a/nixos/viridian/services/loki.nix b/nixos/viridian/services/loki.nix deleted file mode 100644 index ddce55d..0000000 --- a/nixos/viridian/services/loki.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ ... }: - -{ - services.loki = { - enable = true; - configuration = { - server.http_listen_port = 3030; - auth_enabled = false; - - ingester = { - lifecycler = { - address = "127.0.0.1"; - ring = { - kvstore = { - store = "inmemory"; - }; - replication_factor = 1; - }; - }; - chunk_idle_period = "1h"; - max_chunk_age = "1h"; - chunk_target_size = 999999; - chunk_retain_period = "30s"; - # max_transfer_retries = 0; - }; - - schema_config = { - configs = [{ - from = "2022-06-06"; - store = "boltdb-shipper"; - object_store = "filesystem"; - schema = "v13"; - index = { - prefix = "index_"; - period = "24h"; - }; - }]; - }; - - storage_config = { - boltdb_shipper = { - active_index_directory = "/var/lib/loki/boltdb-shipper-active"; - cache_location = "/var/lib/loki/boltdb-shipper-cache"; - cache_ttl = "24h"; - # shared_store = "filesystem"; - }; - - filesystem = { - directory = "/var/lib/loki/chunks"; - }; - }; - - limits_config = { - reject_old_samples = true; - reject_old_samples_max_age = "168h"; - allow_structured_metadata = false; # IDK it said add this to fix some error - }; - - # chunk_store_config = { - # max_look_back_period = "0s"; - # }; - - table_manager = { - retention_deletes_enabled = false; - retention_period = "0s"; - }; - - compactor = { - working_directory = "/var/lib/loki"; - # shared_store = "filesystem"; - compactor_ring = { - kvstore = { - store = "inmemory"; - }; - }; - }; - }; - # user, group, dataDir, extraFlags, (configFile) - }; -} - diff --git a/nixos/viridian/services/promtail.nix b/nixos/viridian/services/promtail.nix deleted file mode 100644 index 7614208..0000000 --- a/nixos/viridian/services/promtail.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, ... }: - -{ - services.promtail = { - enable = true; - configuration = { - server = { - http_listen_port = 9080; - grpc_listen_port = 0; - }; - positions = { - filename = "/tmp/positions.yaml"; - }; - clients = [{ - url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push"; - }]; - scrape_configs = [{ - job_name = "system"; - static_configs = [{ - targets = [ "localhost" ]; # Promtail target is localhost - labels = { - instance = "viridian.kanto.dev"; # Label identifier for instance - env = "kanto"; # Environment label - job = "secure"; # Job label - __path__ = "/var/log/sshd.log"; - }; - }]; - }]; - }; - }; -}