include monitoring module per default

2026-04-20 11:52:57 +02:00 · 2026-04-20 11:52:57 +02:00 · ef8607e38e
commit ef8607e38e
parent 5ef710f8f2
2 changed files with 97 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -193,6 +193,7 @@
              [
                ./hosts/${input}
                ./default.nix
+                ./modules/monitoring.nix
                disko.nixosModules.disko
                authentik.nixosModules.default
                mailserver.nixosModules.mailserver
--- a/modules/monitoring.nix
+++ b/modules/monitoring.nix
@ -0,0 +1,96 @@
+{ pkgs, lib, config, ... }:
+let
+  cfg = config.stura.monitoring;
+in {
+  options.stura.monitoring = {
+    extraLogFiles = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [];
+      description = "Additional log file paths for vector to scrape and forward to Loki.";
+      example = [ "/var/log/nginx/access.log" "/var/log/nginx/error.log" ];
+    };
+
+    extraGroups = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [];
+      description = "Supplementary groups added to the vector systemd service to allow reading protected log files.";
+      example = [ "nginx" "postfix" ];
+    };
+  };
+
+  config = {
+    networking.hosts = {
+      "141.56.51.20" = [
+        "mon.adm.htw.stura-dresden.de"
+        "log.adm.htw.stura-dresden.de"
+        "met.adm.htw.stura-dresden.de"
+      ];
+    };
+    services.vector = {
+      enable = true;
+      settings = {
+        sources = {
+          host_metrics = {
+            type = "host_metrics";
+            collectors = [ "cpu" "disk" "filesystem" "load" "memory" "network" ];
+          };
+
+          journald_logs = {
+            type = "journald";
+            include_units = [];  # empty = collect all units
+          };
+        } // lib.optionalAttrs (cfg.extraLogFiles != [] || config.services.nginx.enable) {
+          extra_log_files = {
+            type = "file";
+            include = lib.optional config.services.nginx.enable "/var/log/nginx/access.log"
+              ++ cfg.extraLogFiles;
+          };
+        };
+
+        transforms = {
+          add_host_label_metrics = {
+            type = "remap";
+            inputs = [ "host_metrics" ];
+            source = ''
+              .tags.host = get_hostname!()
+            '';
+          };
+
+          add_host_label_logs = {
+            type = "remap";
+            inputs = [ "journald_logs" ] ++ lib.optional (cfg.extraLogFiles != [] || config.services.nginx.enable) "extra_log_files";
+            source = ''
+              .host = get_hostname!()
+            '';
+          };
+        };
+
+        sinks = {
+          mimir = {
+            type = "prometheus_remote_write";
+            inputs = [ "add_host_label_metrics" ];
+            endpoint = "https://metrics.adm.htw.stura-dresden.de/api/v1/push";
+            tls.verify_certificate = false;
+          };
+
+          loki = {
+            type = "loki";
+            inputs = [ "add_host_label_logs" ];
+            endpoint = "https://log.adm.htw.stura-dresden.de";
+            labels = {
+              host = "{{ host }}";
+              unit = "{{ _SYSTEMD_UNIT }}";
+            };
+            tls.verify_certificate = false;
+            encoding.codec = "json";
+          };
+        };
+      };
+    };
+
+    systemd.services.vector.serviceConfig.SupplementaryGroups =
+      [ "systemd-journal" ]
+      ++ lib.optional config.services.nginx.enable "nginx"
+      ++ cfg.extraGroups;
+  };
+}