Expose traefik metrics to prometheus.

home-manager/sajenim/features/cli/default.nix

@@ -15,6 +15,7 @@
     matchBlocks."viridian" = {
       hostname = "192.168.1.102";
       identityFile = "/home/sajenim/.ssh/sajenim_sk";
+      port = 62841;
     };
   };
 }

nixos/common/global/ssh.nix

@@ -6,7 +6,9 @@
     settings = {
       PermitRootLogin = "no";
       PasswordAuthentication = false;
+      AllowUsers = [ "sajenim" ];
     };
+    ports = [ 62841 ];
     openFirewall = true;
   };
 }

nixos/viridian/services/default.nix

@@ -6,8 +6,12 @@
     ./minecraft
     ./borgbackup.nix
     ./forgejo.nix
-    ./httpd.nix
+    ./lighttpd.nix
     ./mpd.nix
     ./samba.nix
+    ./grafana.nix
+    ./mysql.nix
+    ./prometheus.nix
+    ./endlessh-go.nix
   ];
 }

nixos/viridian/services/endlessh-go.nix

@@ -0,0 +1,30 @@
+{ config, ... }:
+
+{
+  services.endlessh-go = {
+    enable = true;
+    port = 22;  # SSH port
+    prometheus = {
+      enable = true;
+      listenAddress = "127.0.0.1";
+      port = 2112; # Prometheus metrics port
+    };
+    extraOptions = [
+      "-interval_ms=1000"
+      "-logtostderr"
+      "-v=1"
+      "-geoip_supplier=ip-api"
+    ];
+    openFirewall = true;
+  };
+
+  services.prometheus.scrapeConfigs = [
+    {
+      job_name = "endlessh";
+      static_configs = [{
+        targets = [ "127.0.0.1:${toString config.services.endlessh-go.prometheus.port}" ];
+      }];
+    }
+  ];
+}
+

nixos/viridian/services/forgejo.nix

@@ -1,4 +1,4 @@
-{ ... }:
+{ config, ... }:
 
 {
   services.forgejo = {
@@ -33,7 +33,7 @@
 
   services.traefik.dynamicConfigOptions.http.services = {
     forgejo.loadBalancer.servers = [
-      { url = "http://127.0.0.1:3131"; }
+      { url = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}"; }
     ];
   };
 }

nixos/viridian/services/grafana.nix

@@ -0,0 +1,56 @@
+{ config, ... }:
+
+{
+  # Setup grafana our grafana instance.
+  services.grafana = {
+    enable = true;
+    dataDir = "/srv/services/grafana";
+    settings = {
+      server = {
+        http_addr = "127.0.0.1";
+        http_port = 3400;
+        domain = "kanto.dev";
+        root_url = "https://kanto.dev/grafana/";
+        serve_from_sub_path = true;
+      };
+      database = {
+        type = "mysql";
+        name = "grafana";
+        user = "grafana";
+        host = "/var/run/mysqld/mysqld.sock";
+      };
+    };
+  };
+
+  # Setup our database for grafana.
+  services.mysql = {
+    ensureUsers = [{
+      name = "grafana";
+      ensurePermissions = {
+        "grafana.*" = "ALL PRIVILEGES";
+      };
+    }];
+    ensureDatabases = [ "grafana" ];
+  };
+
+  # Setup our traefik router.
+  services.traefik.dynamicConfigOptions.http.routers = {
+    grafana = {
+      rule = "Host(`kanto.dev`)";
+      entryPoints = [
+        "websecure"
+      ];
+      middlewares = [
+        "admin"
+      ];
+      service = "grafana";
+    };
+  };
+
+  # Setup our traefik service.
+  services.traefik.dynamicConfigOptions.http.services = {
+    grafana.loadBalancer.servers = [
+      { url = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}"; }
+    ];
+  };
+}

nixos/viridian/services/httpd.nix

@@ -1,35 +0,0 @@
-{ ... }:
-
-{
-  services.httpd = {
-    enable = true;
-    virtualHosts."sajenim.dev" = {
-      documentRoot = "/srv/services/httpd/sajenim.dev";
-      listen = [{
-        ip = "192.168.1.102";
-        port = 5624;
-      }];
-      adminAddr = "its.jassy@pm.me";
-    };
-  };
-
-  services.traefik.dynamicConfigOptions.http.routers = {
-    httpd = {
-      rule = "Host(`sajenim.dev`)";
-      entryPoints = [
-        "websecure"
-      ];
-      middlewares = [
-        "geoblock"
-      ];
-      service = "httpd";
-    };
-  };
-
-  services.traefik.dynamicConfigOptions.http.services = {
-    httpd.loadBalancer.servers = [
-      { url = "http://127.0.0.1:5624"; }
-    ];
-  };
-}
-

nixos/viridian/services/lighttpd.nix

@@ -0,0 +1,29 @@
+{ config, ... }:
+
+{
+  services.lighttpd = {
+    enable = true;
+    port = 5624;
+    document-root = "/srv/services/websites/sajenim.dev";
+  };
+
+  services.traefik.dynamicConfigOptions.http.routers = {
+    lighttpd = {
+      rule = "Host(`sajenim.dev`)";
+      entryPoints = [
+        "websecure"
+      ];
+      middlewares = [
+        "geoblock"
+      ];
+      service = "lighttpd";
+    };
+  };
+
+  services.traefik.dynamicConfigOptions.http.services = {
+    lighttpd.loadBalancer.servers = [
+      { url = "http://127.0.0.1:${toString config.services.lighttpd.port}"; }
+    ];
+  };
+}
+

nixos/viridian/services/minecraft/default.nix

@@ -1,4 +1,4 @@
-{ inputs, pkgs, lib, ... }:
+{ inputs, pkgs, lib, config, ... }:
 let
   modpack = pkgs.fetchPackwizModpack rec {
     version = "c9087bf";
@@ -90,7 +90,7 @@ in
 
   services.traefik.dynamicConfigOptions.http.services = {
     minecraft.loadBalancer.servers = [
-      { url = "http://127.0.0.1:25565"; }
+      { url = "http://127.0.0.1:${toString config.services.minecraft-servers.servers.kanto.serverProperties.server-port}"; }
     ];
   };
 }

nixos/viridian/services/mysql.nix

@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+
+{
+  services.mysql = {
+    enable = true;
+    package = pkgs.mariadb;
+    dataDir = "/srv/services/mysql";
+  };
+}
+

nixos/viridian/services/prometheus.nix

@@ -0,0 +1,33 @@
+{ config, ... }:
+
+{
+  services.prometheus = {
+    enable = true;
+    port = 9001;  # Port to listen on.
+
+    # Valid in all configuration contexts, defaults for other configuration sections.
+    globalConfig = {
+      scrape_interval = "15s";
+    };
+
+    # Collect specific metrics, format them, and expose them through HTTP endpoints for prometheus to scrape.
+    exporters = {
+      node = {
+        enable = true;
+        enabledCollectors = [ "systemd" "processes" ];
+        port = 9100;
+      };
+    };
+
+    # Specify a set of targets and parameters describing how to scrape them.
+    scrapeConfigs = [
+      {
+        job_name = "node";
+        static_configs = [{
+          targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
+        }];
+      }
+    ];
+  };
+}
+

nixos/viridian/services/traefik/default.nix

@@ -89,6 +89,21 @@
             ];
           };
         };
+        # Used to expose metrics
+        metrics = {
+          address = ":8082";
+        };
+      };
+
+      # Provide metrics for the prometheus backend
+      metrics = {
+        prometheus = {
+          entryPoint = "metrics";
+          buckets = [ "0.1" "0.3" "1.2" "5.0" ];
+          addEntryPointsLabels = true;
+          addRoutersLabels = true;
+          addServicesLabels = true;
+        };
       };
 
       # Retrieve certificates from an ACME server
@@ -118,6 +133,16 @@
     };
   };
 
+  # Scrape our traefik metrics
+  services.prometheus.scrapeConfigs = [
+    {
+      job_name = "traefik";
+      static_configs = [{
+        targets = [ "127.0.0.1:8082" ];
+      }];
+    }
+  ];
+
   # Persist our traefik data & logs
   environment.persistence."/persist" = {
     directories = [