From a9b23c823c98094cdde50671425b6cc5b65bfe97 Mon Sep 17 00:00:00 2001 From: kurogeek Date: Fri, 18 Jul 2025 14:09:14 +0700 Subject: [PATCH] victoriametrics service --- inventories/default.nix | 8 ++++ modules/clan/victoria-metrics/default.nix | 47 +++++++++++++++++++ .../victoria-metrics/password/machines/b4l | 1 + .../b4l/victoria-metrics/password/secret | 19 ++++++++ .../victoria-metrics/password/users/kurogeek | 1 + .../b4l/victoria-metrics/username/value | 1 + 6 files changed, 77 insertions(+) create mode 100644 modules/clan/victoria-metrics/default.nix create mode 120000 vars/per-machine/b4l/victoria-metrics/password/machines/b4l create mode 100644 vars/per-machine/b4l/victoria-metrics/password/secret create mode 120000 vars/per-machine/b4l/victoria-metrics/password/users/kurogeek create mode 100644 vars/per-machine/b4l/victoria-metrics/username/value diff --git a/inventories/default.nix b/inventories/default.nix index 40e1deb..f963f1b 100644 --- a/inventories/default.nix +++ b/inventories/default.nix @@ -12,6 +12,7 @@ nextcloud = ../modules/clan/nextcloud; stirling-pdf = ../modules/clan/stirling-pdf; actual-budget = ../modules/clan/actual-budget; + victoria-metrics = ../modules/clan/victoria-metrics; }; inventory = { @@ -46,6 +47,13 @@ }; roles.default.machines.b4l = { }; }; + victoria-metrics = { + module = { + name = "victoria-metrics"; + input = "self"; + }; + roles.default.machines.b4l = { }; + }; }; services = { diff --git a/modules/clan/victoria-metrics/default.nix b/modules/clan/victoria-metrics/default.nix new file mode 100644 index 0000000..83bfd11 --- /dev/null +++ b/modules/clan/victoria-metrics/default.nix @@ -0,0 +1,47 @@ +{ + _class = "clan.service"; + manifest.name = "Victoria Metrics"; + manifest.description = "VictoriaMetrics: fast, cost-effective monitoring solution and time series database"; + manifest.categories = [ "System" ]; + + roles.default = { + perInstance = { + nixosModule = + { + config, + pkgs, + ... + }: + let + defaultUser = "victoriametrics"; + in + { + clan.core.vars.generators.victoria-metrics = { + files = { + username = { + secret = false; + }; + password = { + secret = true; + owner = defaultUser; + group = defaultUser; + }; + }; + script = '' + echo "admin" > "$out"/username + xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/password + ''; + runtimeInputs = [ pkgs.xkcdpass ]; + }; + services.victoriametrics = { + enable = true; + extraOptions = [ + "-httpAuth.username=file://${config.clan.core.vars.generators.victoria-metrics.files.username.path}" + "-httpAuth.password=file://${config.clan.core.vars.generators.victoria-metrics.files.password.path}" + ]; + }; + }; + }; + }; + +} diff --git a/vars/per-machine/b4l/victoria-metrics/password/machines/b4l b/vars/per-machine/b4l/victoria-metrics/password/machines/b4l new file mode 120000 index 0000000..72e1b85 --- /dev/null +++ b/vars/per-machine/b4l/victoria-metrics/password/machines/b4l @@ -0,0 +1 @@ +../../../../../../sops/machines/b4l \ No newline at end of file diff --git a/vars/per-machine/b4l/victoria-metrics/password/secret b/vars/per-machine/b4l/victoria-metrics/password/secret new file mode 100644 index 0000000..9b3a6ef --- /dev/null +++ b/vars/per-machine/b4l/victoria-metrics/password/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:+ZvkraTzVB+ZQHGko1ZeQvW3WyVy/11rOnWftcuv+w==,iv:31F2w64C9Az9o97NWHbIR8kUHHS92hRC+Yys1azQnuE=,tag:2EPSI3s8NV9gMfl3YRO7xw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTY0NlWEk1cG5sU095TmVG\nRDV6SE9nSWNNVjlwanJTS3h1NTYzUzNRT0JrCjdsL21PVUt0OFJmVXRqSFRFZDFT\nbW5yTGViNDBYTWJiTTRkR25ldUhML2MKLS0tIGh2dENzVERZRVArd0ZtU1g1NXRK\nZjFZMXBHMlJpNDFSSWhVcUZRSnZvVUEKLk5T8FXhK2r0QvnFkTbHCu1pFrWaDXjU\n5B5hBQLMuyB3FjPWjlnVfVtGoutRoPitGzq/UwzaXGivjaGnvAjZbQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZHozU2ZWL2RvdTZSL1lO\nSWtweXB5b2Ivay9DZEtTTHM0dkJIL0p5K3kwClV1ZmJpWUUxT05wdHdUZHJtQzYv\nSVNwaWFVNkxONVp3cDVDRHlNZ2ozMkEKLS0tIGFCNVBhdlNWS3BqVG9pV3lZY09h\nOTNtTHM0OURzN1lkUm9JVjRWclZPVjQKwLbN6E62JOrw6Bi0/H3qK06Fszm7Ro0n\nChDA0ujcBwDjz+DNo1num/Pi0+6REaQtphgfSTRHR4Iszy6PXQ8eww==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-07-18T05:04:20Z", + "mac": "ENC[AES256_GCM,data:iDVY4SGGoo+0E24VWL3iM2McUpQA9lG7zTPt55+sI12iSU22b89ap9PP5LkLGgLtm2u8PvtlQHxZrDE61erjAllDe+3ksnctVgeqwN2v7t8qCcXpBSMF2dSqU7ZHGjt0X2S2f6KcugzOl01ME9qLGRv1N0W9SooFUnCeU4sjTfU=,iv:ORu51VKVvz5N8VgpV1FNTawikJOfI6ZNW9cM7yLV9fc=,tag:kigGy8tSsa8GxWw13UsHeQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/b4l/victoria-metrics/password/users/kurogeek b/vars/per-machine/b4l/victoria-metrics/password/users/kurogeek new file mode 120000 index 0000000..970aefa --- /dev/null +++ b/vars/per-machine/b4l/victoria-metrics/password/users/kurogeek @@ -0,0 +1 @@ +../../../../../../sops/users/kurogeek \ No newline at end of file diff --git a/vars/per-machine/b4l/victoria-metrics/username/value b/vars/per-machine/b4l/victoria-metrics/username/value new file mode 100644 index 0000000..7fbe952 --- /dev/null +++ b/vars/per-machine/b4l/victoria-metrics/username/value @@ -0,0 +1 @@ +admin