dotfiles/modules/nixos/services/victoriametrics.nix

# VictoriaMetrics is a more efficient drop-in replacement for Prometheus and
# InfluxDB (timeseries databases built for monitoring system metrics).

{
  config,
  pkgs,
  lib,
  ...
}:

let

  username = "prometheus";

  prometheusConfig = (pkgs.formats.yaml { }).generate "prometheus.yml" {
    scrape_configs = [
      {
        job_name = config.networking.hostName;
        stream_parse = true;
        static_configs = [ { targets = config.prometheus.scrapeTargets; } ];
      }
    ];
  };

  authConfig = (pkgs.formats.yaml { }).generate "auth.yml" {
    users = [
      {
        username = username;
        password = "%{PASSWORD}";
        url_prefix = "http://localhost${config.services.victoriametrics.listenAddress}";
      }
    ];
  };

  authPort = "8427";
in
{

  config = {

    services.victoriametrics.extraOptions = [ "-promscrape.config=${prometheusConfig}" ];

    systemd.services.vmauth = lib.mkIf config.services.victoriametrics.enable {
      description = "VictoriaMetrics basic auth proxy";
      after = [ "network.target" ];
      startLimitBurst = 5;
      serviceConfig = {
        Restart = "on-failure";
        RestartSec = 1;
        DynamicUser = true;
        EnvironmentFile = config.secrets.vmauth.dest;
        ExecStart = ''
          ${pkgs.victoriametrics}/bin/vmauth \
                    -auth.config=${authConfig} \
                    -httpListenAddr=:${authPort}'';
      };
      wantedBy = [ "multi-user.target" ];
    };

    secrets.vmauth = lib.mkIf config.services.victoriametrics.enable {
      source = ../../../private/prometheus.age;
      dest = "${config.secretsDirectory}/vmauth";
      prefix = "PASSWORD=";
    };
    systemd.services.vmauth-secret = lib.mkIf config.services.victoriametrics.enable {
      requiredBy = [ "vmauth.service" ];
      before = [ "vmauth.service" ];
    };

    caddy.routes = lib.mkIf config.services.victoriametrics.enable [
      {
        match = [ { host = [ config.hostnames.prometheus ]; } ];
        handle = [
          {
            handler = "reverse_proxy";
            upstreams = [ { dial = "localhost:${authPort}"; } ];
          }
        ];
      }
    ];

    # Configure Cloudflare DNS to point to this machine
    services.cloudflare-dyndns.domains =
      if config.services.victoriametrics.enable then [ config.hostnames.prometheus ] else [ ];

    # VMAgent

    services.vmagent.prometheusConfig = prometheusConfig; # Overwritten below
    systemd.services.vmagent.serviceConfig = lib.mkIf config.services.vmagent.enable {
      ExecStart = lib.mkForce ''
        ${pkgs.victoriametrics}/bin/vmagent \
                -promscrape.config=${prometheusConfig} \
                -remoteWrite.url="https://${config.hostnames.prometheus}/api/v1/write" \
                -remoteWrite.basicAuth.username=${username} \
                -remoteWrite.basicAuth.passwordFile=${config.secrets.vmagent.dest}'';
    };

    secrets.vmagent = lib.mkIf config.services.vmagent.enable {
      source = ../../../private/prometheus.age;
      dest = "${config.secretsDirectory}/vmagent";
      owner = "vmagent";
      group = "vmagent";
    };
    systemd.services.vmagent-secret = lib.mkIf config.services.vmagent.enable {
      requiredBy = [ "vmagent.service" ];
      before = [ "vmagent.service" ];
    };
  };
}
add more services documentation 2024-01-10 04:11:11 +00:00			`# VictoriaMetrics is a more efficient drop-in replacement for Prometheus and`
			`# InfluxDB (timeseries databases built for monitoring system metrics).`

move all files to new nixfmt rfc 2024-04-20 13:42:06 +00:00			`{`
			`config,`
			`pkgs,`
			`lib,`
			`...`
			`}:`
add victoriametrics 2023-07-16 13:50:58 +00:00
			`let`

			`username = "prometheus";`

			`prometheusConfig = (pkgs.formats.yaml { }).generate "prometheus.yml" {`
move all files to new nixfmt rfc 2024-04-20 13:42:06 +00:00			`scrape_configs = [`
			`{`
			`job_name = config.networking.hostName;`
			`stream_parse = true;`
			`static_configs = [ { targets = config.prometheus.scrapeTargets; } ];`
			`}`
			`];`
add victoriametrics 2023-07-16 13:50:58 +00:00			`};`

			`authConfig = (pkgs.formats.yaml { }).generate "auth.yml" {`
move all files to new nixfmt rfc 2024-04-20 13:42:06 +00:00			`users = [`
			`{`
			`username = username;`
			`password = "%{PASSWORD}";`
			`url_prefix = "http://localhost${config.services.victoriametrics.listenAddress}";`
			`}`
			`];`
add victoriametrics 2023-07-16 13:50:58 +00:00			`};`

			`authPort = "8427";`
move all files to new nixfmt rfc 2024-04-20 13:42:06 +00:00			`in`
			`{`
add victoriametrics 2023-07-16 13:50:58 +00:00
			`config = {`

move all files to new nixfmt rfc 2024-04-20 13:42:06 +00:00			`services.victoriametrics.extraOptions = [ "-promscrape.config=${prometheusConfig}" ];`
add victoriametrics 2023-07-16 13:50:58 +00:00
			`systemd.services.vmauth = lib.mkIf config.services.victoriametrics.enable {`
			`description = "VictoriaMetrics basic auth proxy";`
			`after = [ "network.target" ];`
			`startLimitBurst = 5;`
			`serviceConfig = {`
			`Restart = "on-failure";`
			`RestartSec = 1;`
			`DynamicUser = true;`
			`EnvironmentFile = config.secrets.vmauth.dest;`
			`ExecStart = ''`
			`${pkgs.victoriametrics}/bin/vmauth \`
			`-auth.config=${authConfig} \`
			`-httpListenAddr=:${authPort}'';`
			`};`
			`wantedBy = [ "multi-user.target" ];`
			`};`

			`secrets.vmauth = lib.mkIf config.services.victoriametrics.enable {`
			`source = ../../../private/prometheus.age;`
			`dest = "${config.secretsDirectory}/vmauth";`
			`prefix = "PASSWORD=";`
			`};`
move all files to new nixfmt rfc 2024-04-20 13:42:06 +00:00			`systemd.services.vmauth-secret = lib.mkIf config.services.victoriametrics.enable {`
			`requiredBy = [ "vmauth.service" ];`
			`before = [ "vmauth.service" ];`
			`};`
add victoriametrics 2023-07-16 13:50:58 +00:00
move all files to new nixfmt rfc 2024-04-20 13:42:06 +00:00			`caddy.routes = lib.mkIf config.services.victoriametrics.enable [`
			`{`
			`match = [ { host = [ config.hostnames.prometheus ]; } ];`
			`handle = [`
			`{`
			`handler = "reverse_proxy";`
			`upstreams = [ { dial = "localhost:${authPort}"; } ];`
			`}`
			`];`
			`}`
			`];`
add victoriametrics 2023-07-16 13:50:58 +00:00
don't enable dyndns for services not running 2024-03-30 18:48:56 +00:00			`# Configure Cloudflare DNS to point to this machine`
			`services.cloudflare-dyndns.domains =`
move all files to new nixfmt rfc 2024-04-20 13:42:06 +00:00			`if config.services.victoriametrics.enable then [ config.hostnames.prometheus ] else [ ];`
don't enable dyndns for services not running 2024-03-30 18:48:56 +00:00
add victoriametrics 2023-07-16 13:50:58 +00:00			`# VMAgent`

			`services.vmagent.prometheusConfig = prometheusConfig; # Overwritten below`
move all files to new nixfmt rfc 2024-04-20 13:42:06 +00:00			`systemd.services.vmagent.serviceConfig = lib.mkIf config.services.vmagent.enable {`
			`ExecStart = lib.mkForce ''`
			`${pkgs.victoriametrics}/bin/vmagent \`
			`-promscrape.config=${prometheusConfig} \`
			`-remoteWrite.url="https://${config.hostnames.prometheus}/api/v1/write" \`
			`-remoteWrite.basicAuth.username=${username} \`
			`-remoteWrite.basicAuth.passwordFile=${config.secrets.vmagent.dest}'';`
			`};`
add victoriametrics 2023-07-16 13:50:58 +00:00
			`secrets.vmagent = lib.mkIf config.services.vmagent.enable {`
			`source = ../../../private/prometheus.age;`
			`dest = "${config.secretsDirectory}/vmagent";`
			`owner = "vmagent";`
			`group = "vmagent";`
			`};`
			`systemd.services.vmagent-secret = lib.mkIf config.services.vmagent.enable {`
			`requiredBy = [ "vmagent.service" ];`
			`before = [ "vmagent.service" ];`
			`};`
			`};`
			`}`