From ef8607e38e0d203e791ac139f0224e424e499004 Mon Sep 17 00:00:00 2001
From: goeranh <goeranh@goeranh.de>
Date: Mon, 20 Apr 2026 11:52:57 +0200
Subject: [PATCH] include monitoring module per default

---
 flake.nix              |  1 +
 modules/monitoring.nix | 96 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 97 insertions(+)
 create mode 100644 modules/monitoring.nix

diff --git a/flake.nix b/flake.nix
index 2d1426d..f0f177e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -193,6 +193,7 @@
               [
                 ./hosts/${input}
                 ./default.nix
+                ./modules/monitoring.nix
                 disko.nixosModules.disko
                 authentik.nixosModules.default
                 mailserver.nixosModules.mailserver
diff --git a/modules/monitoring.nix b/modules/monitoring.nix
new file mode 100644
index 0000000..09a1bf7
--- /dev/null
+++ b/modules/monitoring.nix
@@ -0,0 +1,96 @@
+{ pkgs, lib, config, ... }:
+let
+  cfg = config.stura.monitoring;
+in {
+  options.stura.monitoring = {
+    extraLogFiles = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [];
+      description = "Additional log file paths for vector to scrape and forward to Loki.";
+      example = [ "/var/log/nginx/access.log" "/var/log/nginx/error.log" ];
+    };
+
+    extraGroups = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [];
+      description = "Supplementary groups added to the vector systemd service to allow reading protected log files.";
+      example = [ "nginx" "postfix" ];
+    };
+  };
+
+  config = {
+    networking.hosts = {
+      "141.56.51.20" = [
+        "mon.adm.htw.stura-dresden.de"
+        "log.adm.htw.stura-dresden.de"
+        "met.adm.htw.stura-dresden.de"
+      ];
+    };
+    services.vector = {
+      enable = true;
+      settings = {
+        sources = {
+          host_metrics = {
+            type = "host_metrics";
+            collectors = [ "cpu" "disk" "filesystem" "load" "memory" "network" ];
+          };
+
+          journald_logs = {
+            type = "journald";
+            include_units = [];  # empty = collect all units
+          };
+        } // lib.optionalAttrs (cfg.extraLogFiles != [] || config.services.nginx.enable) {
+          extra_log_files = {
+            type = "file";
+            include = lib.optional config.services.nginx.enable "/var/log/nginx/access.log"
+              ++ cfg.extraLogFiles;
+          };
+        };
+
+        transforms = {
+          add_host_label_metrics = {
+            type = "remap";
+            inputs = [ "host_metrics" ];
+            source = ''
+              .tags.host = get_hostname!()
+            '';
+          };
+
+          add_host_label_logs = {
+            type = "remap";
+            inputs = [ "journald_logs" ] ++ lib.optional (cfg.extraLogFiles != [] || config.services.nginx.enable) "extra_log_files";
+            source = ''
+              .host = get_hostname!()
+            '';
+          };
+        };
+
+        sinks = {
+          mimir = {
+            type = "prometheus_remote_write";
+            inputs = [ "add_host_label_metrics" ];
+            endpoint = "https://metrics.adm.htw.stura-dresden.de/api/v1/push";
+            tls.verify_certificate = false;
+          };
+
+          loki = {
+            type = "loki";
+            inputs = [ "add_host_label_logs" ];
+            endpoint = "https://log.adm.htw.stura-dresden.de";
+            labels = {
+              host = "{{ host }}";
+              unit = "{{ _SYSTEMD_UNIT }}";
+            };
+            tls.verify_certificate = false;
+            encoding.codec = "json";
+          };
+        };
+      };
+    };
+
+    systemd.services.vector.serviceConfig.SupplementaryGroups =
+      [ "systemd-journal" ]
+      ++ lib.optional config.services.nginx.enable "nginx"
+      ++ cfg.extraGroups;
+  };
+}