From 641feb1b847956faa4f012571cae53c055cbb612 Mon Sep 17 00:00:00 2001
From: goeranh <goeranh@goeranh.de>
Date: Fri, 20 Mar 2026 16:23:34 +0100
Subject: [PATCH] monitoring host#

---
 hosts/monitoring/default.nix | 205 +++++++++++++++++++++++++++++++++++
 1 file changed, 205 insertions(+)
 create mode 100644 hosts/monitoring/default.nix

diff --git a/hosts/monitoring/default.nix b/hosts/monitoring/default.nix
new file mode 100644
index 0000000..e92c246
--- /dev/null
+++ b/hosts/monitoring/default.nix
@@ -0,0 +1,205 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+{
+  imports = [
+    "${modulesPath}/virtualisation/proxmox-lxc.nix"
+  ];
+
+  networking = {
+    hostName = "monitoring";
+    fqdn = "monitoring.adm.htw.stura-dresden.de";
+    interfaces.eth0.ipv4.addresses = [
+      {
+        address = "141.56.51.20";
+        prefixLength = 24;
+      }
+    ];
+    defaultGateway = {
+      address = "141.56.51.254";
+      interface = "eth0";
+    };
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        80
+        443
+      ];
+    };
+  };
+
+  # Loki - Log aggregation system
+  services.loki = {
+    enable = true;
+    configuration = {
+      auth_enabled = false;
+      server = {
+        http_listen_port = 3100;
+        grpc_listen_port = 9096;
+      };
+      common = {
+        path_prefix = "/var/lib/loki";
+        storage.filesystem = {
+          chunks_directory = "/var/lib/loki/chunks";
+          rules_directory = "/var/lib/loki/rules";
+        };
+        replication_factor = 1;
+        ring = {
+          instance_addr = "127.0.0.1";
+          kvstore.store = "inmemory";
+        };
+      };
+      schema_config = {
+        configs = [
+          {
+            from = "2024-01-01";
+            store = "tsdb";
+            object_store = "filesystem";
+            schema = "v13";
+            index = {
+              prefix = "index_";
+              period = "24h";
+            };
+          }
+        ];
+      };
+    };
+  };
+
+  # Mimir - Scalable metrics storage
+  services.mimir = {
+    enable = true;
+    configuration = {
+      multitenancy_enabled = false;
+      blocks_storage = {
+        backend = "filesystem";
+        filesystem = {
+          dir = "/var/lib/mimir/data";
+        };
+      };
+      compactor = {
+        data_dir = "/var/lib/mimir/compactor";
+      };
+      distributor = {
+        ring = {
+          kvstore = {
+            store = "memberlist";
+          };
+        };
+      };
+      ingester = {
+        ring = {
+          kvstore = {
+            store = "memberlist";
+          };
+          replication_factor = 1;
+        };
+      };
+      ruler_storage = {
+        backend = "filesystem";
+        filesystem = {
+          dir = "/var/lib/mimir/rules";
+        };
+      };
+      server = {
+        http_listen_port = 9009;
+        grpc_listen_port = 9095;
+      };
+      store_gateway = {
+        sharding_ring = {
+          replication_factor = 1;
+        };
+      };
+    };
+  };
+
+  # Grafana - Visualization and dashboarding
+  services.grafana = {
+    enable = true;
+    settings = {
+      server = {
+        http_addr = "127.0.0.1";
+        http_port = 3000;
+        domain = "monitoring.adm.htw.stura-dresden.de";
+        root_url = "https://monitoring.adm.htw.stura-dresden.de";
+      };
+      security = {
+        admin_user = "admin";
+        admin_password = "$__file{/var/lib/grafana/admin_password}";
+      };
+    };
+    provision = {
+      enable = true;
+      datasources.settings.datasources = [
+        {
+          name = "Mimir";
+          type = "prometheus";
+          url = "http://localhost:9009/prometheus";
+          isDefault = true;
+        }
+        {
+          name = "Loki";
+          type = "loki";
+          url = "http://localhost:3100";
+        }
+      ];
+    };
+  };
+
+  # Nginx reverse proxy with ACME certificates
+  services.nginx = {
+    enable = true;
+
+    virtualHosts."logs.adm.htw.stura-dresden.de" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:3100";
+        proxyWebsockets = true;
+        extraConfig = ''
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+        '';
+      };
+    };
+
+    virtualHosts."metrics.adm.htw.stura-dresden.de" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:9009";
+        extraConfig = ''
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+        '';
+      };
+    };
+
+    virtualHosts."monitoring.adm.htw.stura-dresden.de" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:3000";
+        proxyWebsockets = true;
+        extraConfig = ''
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+        '';
+      };
+    };
+  };
+
+  services.openssh.enable = true;
+
+  system.stateVersion = "25.11";
+}