diff --git a/inventories/default.nix b/inventories/default.nix index d41db8b..c720d20 100644 --- a/inventories/default.nix +++ b/inventories/default.nix @@ -7,9 +7,6 @@ }: { clan = { - modules = { - victoria-metrics = ../modules/clan/victoria-metrics; - }; inventory = { machines = { @@ -58,9 +55,9 @@ }; roles.default.machines.b4l = { }; }; - victoria-metrics = { + victoriametrics = { module = { - name = "victoria-metrics"; + name = "victoriametrics"; input = "self"; }; roles.default.machines.b4l = { }; diff --git a/machines/b4l/services/victoriametrics.nix b/machines/b4l/services/victoriametrics.nix new file mode 100644 index 0000000..c7213e0 --- /dev/null +++ b/machines/b4l/services/victoriametrics.nix @@ -0,0 +1,73 @@ +{ config, pkgs, ... }: +let + vmDomain = "${config.clan.core.vars.generators.b4l-victoriametrics.files.subdomain.value}.${config.networking.fqdn}"; +in +{ + clan.core.vars.generators.b4l-victoriametrics = { + files.subdomain.secret = false; + files.adminuser.secret = false; + files.adminpassword.secret = true; + + prompts = { + subdomain = { + persist = true; + type = "line"; + description = "Sub-domain for Victoria Metrics app. Default:(metrics)"; + }; + adminuser = { + persist = true; + type = "line"; + description = "Username for an admin user. Default:(admin)"; + }; + adminpassword = { + persist = true; + type = "hidden"; + description = "Password for the admin user. Leave empty to auto-generate."; + }; + }; + + runtimeInputs = [ + pkgs.xkcdpass + pkgs.coreutils + ]; + + script = '' + prompt_domain=$(cat "$prompts"/subdomain) + if [[ -n "''${prompt_domain-}" ]]; then + echo $prompt_domain | tr -d "\n" > "$out"/subdomain + else + echo -n "metrics" > "$out"/subdomain + fi + + prompt_adminuser=$(cat "$prompts"/adminuser) + if [[ -n "''${prompt_adminuser-}" ]]; then + echo $prompt_adminuser | tr -d "\n" > "$out"/adminuser + else + echo -n "admin" > "$out"/adminuser + fi + + prompt_password=$(cat "$prompts"/adminpassword) + if [[ -n "''${prompt_password-}" ]]; then + echo "$prompt_password" | tr -d "\n" > "$out"/adminpassword + else + xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/adminpassword + fi + ''; + }; + + services.victoriametrics = { + extraOptions = [ + "-httpAuth.username=file://${config.clan.core.vars.generators.b4l-victoriametrics.files.adminuser.path}" + "-httpAuth.password=file://${config.clan.core.vars.generators.b4l-victoriametrics.files.adminpassword.path}" + ]; + }; + + services.nginx.virtualHosts."${vmDomain}" = { + forceSSL = true; + useACMEHost = "${config.networking.fqdn}"; + locations."/" = { + proxyPass = "http://localhost${builtins.toString config.services.victoriametrics.listenAddress}"; + }; + }; + +} diff --git a/modules/clan/victoria-metrics/default.nix b/modules/clan/victoria-metrics/default.nix deleted file mode 100644 index 83bfd11..0000000 --- a/modules/clan/victoria-metrics/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - _class = "clan.service"; - manifest.name = "Victoria Metrics"; - manifest.description = "VictoriaMetrics: fast, cost-effective monitoring solution and time series database"; - manifest.categories = [ "System" ]; - - roles.default = { - perInstance = { - nixosModule = - { - config, - pkgs, - ... - }: - let - defaultUser = "victoriametrics"; - in - { - clan.core.vars.generators.victoria-metrics = { - files = { - username = { - secret = false; - }; - password = { - secret = true; - owner = defaultUser; - group = defaultUser; - }; - }; - script = '' - echo "admin" > "$out"/username - xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/password - ''; - runtimeInputs = [ pkgs.xkcdpass ]; - }; - services.victoriametrics = { - enable = true; - extraOptions = [ - "-httpAuth.username=file://${config.clan.core.vars.generators.victoria-metrics.files.username.path}" - "-httpAuth.password=file://${config.clan.core.vars.generators.victoria-metrics.files.password.path}" - ]; - }; - }; - }; - }; - -} diff --git a/modules/clan/victoriametrics/default.nix b/modules/clan/victoriametrics/default.nix new file mode 100644 index 0000000..107ba8a --- /dev/null +++ b/modules/clan/victoriametrics/default.nix @@ -0,0 +1,25 @@ +{ ... }: +{ + _class = "clan.service"; + manifest.name = "Victoria Metrics"; + manifest.description = "VictoriaMetrics: fast, cost-effective monitoring solution and time series database"; + manifest.categories = [ "System" ]; + + roles.default = { + perInstance.nixosModule = + { + config, + lib, + ... + }: + { + services.victoriametrics = { + enable = lib.mkDefault true; + }; + + clan.core.state.victoriametrics.folders = lib.mkDefault [ + "/var/lib/${config.services.victoriametrics.stateDir}" + ]; + }; + }; +} diff --git a/modules/clan/victoriametrics/flake-module.nix b/modules/clan/victoriametrics/flake-module.nix new file mode 100644 index 0000000..7f10dfe --- /dev/null +++ b/modules/clan/victoriametrics/flake-module.nix @@ -0,0 +1,19 @@ +{ lib, ... }: +let + module = lib.modules.importApply ./default.nix { }; +in +{ + clan.modules = { + victoriametrics = module; + }; + + perSystem = + { ... }: + { + clan.nixosTests.victoriametrics = { + imports = [ ./tests/vm/default.nix ]; + + clan.modules."@clan/victoriametrics" = module; + }; + }; +} diff --git a/modules/clan/victoriametrics/tests/vm/default.nix b/modules/clan/victoriametrics/tests/vm/default.nix new file mode 100644 index 0000000..855cfce --- /dev/null +++ b/modules/clan/victoriametrics/tests/vm/default.nix @@ -0,0 +1,34 @@ +{ + ... +}: +{ + name = "service-victoriametrics"; + + clan = { + directory = ./.; + inventory = { + machines.server = { }; + + instances = { + victoriametrics-test = { + module.name = "@clan/victoriametrics"; + module.input = "self"; + roles.default.machines."server".settings = { }; + }; + }; + }; + }; + + nodes = { + server = { }; + }; + + testScript = '' + start_all() + + server.wait_for_unit("victoriametrics") + + server.succeed("systemctl status victoriametrics") + + ''; +} diff --git a/vars/per-machine/b4l/b4l-victoriametrics/adminpassword/machines/b4l b/vars/per-machine/b4l/b4l-victoriametrics/adminpassword/machines/b4l new file mode 120000 index 0000000..72e1b85 --- /dev/null +++ b/vars/per-machine/b4l/b4l-victoriametrics/adminpassword/machines/b4l @@ -0,0 +1 @@ +../../../../../../sops/machines/b4l \ No newline at end of file diff --git a/vars/per-machine/b4l/b4l-victoriametrics/adminpassword/secret b/vars/per-machine/b4l/b4l-victoriametrics/adminpassword/secret new file mode 100644 index 0000000..d2fc7ea --- /dev/null +++ b/vars/per-machine/b4l/b4l-victoriametrics/adminpassword/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:YpPv9DuLRdwX2CrLIU0Zr14KcrfaK2MW6N7VYBpIvw==,iv:DS2qhq/BMAVXqaGqYDH1cK3mv2nSWHbN6O+KCe/jXBk=,tag:mRvbZv/qSsAWVKmdqxrzpQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDeHFRMXFwd3JMakozY3po\nWUo1eDZRMmVkWGVPemZURk5tUUpKay9tc0ZRCjN6UWZ3OVBIQlRReFJUelEwN25y\nZlNqWGVJZjZtaUFKT3lLOW9CcElOMjQKLS0tIEVUSE16aWhYZHdSemViY3AvRWlN\nMnQ5Yk1rODZLOUpaZWovV0RPTEt5UHMKg9GsMtLAfX5y1yWULgdbj8GrXyYhMIMr\n+G4sLcp+HJjsIo0DFvlp0TJUeRuOTVi5XXw+IsFhFTsSqjV/YFFzjw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBamVSSDNuczB3UTJ1Vmoy\nbnM1Q0VDVlQwYU9NQ29vL3FCbjFsSitLWmxBCld6MlAvV3JNZjlsRjVqaUpzZExp\nUWtRS1o5VDQ2RXl1bHNPWmVLTEVGT0EKLS0tIHhkdmdiNUxBTkNPNldLNnZZOUdl\nTWtyaGFsa0NnMy9lQm5mR3FEMXN0TVkKgWedpfvq46qOOdgeFH76OkO7QQyVor/w\n30Rv1n9cqfNdqBog/gPvI/sTPqFfXPpnFJjYZLNG/rnJjPHAM0+hhA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-07-31T08:48:18Z", + "mac": "ENC[AES256_GCM,data:gXIh/MEkCPoL1tfGYIVQs6e335glFCz1AW0EAdVRX8VVxUk9vwNgf577Sd5fHDBuQsYrqMonRPwRYEACLtjaK37+mk1qa+A2gpg4OfhUJF1inrWXZoTY9SSH2LtlAWddcxDDAKA7n0Itqv0FkQuqVmmr3j3XzMf9fTMgAcgscDA=,iv:RZPNYp/6otR67smbNE+fcQqzO61+NEjp1sIHRTUpTl0=,tag:2Jx1M/Y+ODYRaOtps3KY2w==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/b4l/b4l-victoriametrics/adminpassword/users/kurogeek b/vars/per-machine/b4l/b4l-victoriametrics/adminpassword/users/kurogeek new file mode 120000 index 0000000..970aefa --- /dev/null +++ b/vars/per-machine/b4l/b4l-victoriametrics/adminpassword/users/kurogeek @@ -0,0 +1 @@ +../../../../../../sops/users/kurogeek \ No newline at end of file diff --git a/vars/per-machine/b4l/b4l-victoriametrics/adminuser/value b/vars/per-machine/b4l/b4l-victoriametrics/adminuser/value new file mode 100644 index 0000000..f77b004 --- /dev/null +++ b/vars/per-machine/b4l/b4l-victoriametrics/adminuser/value @@ -0,0 +1 @@ +admin \ No newline at end of file diff --git a/vars/per-machine/b4l/b4l-victoriametrics/subdomain/value b/vars/per-machine/b4l/b4l-victoriametrics/subdomain/value new file mode 100644 index 0000000..6f8aca1 --- /dev/null +++ b/vars/per-machine/b4l/b4l-victoriametrics/subdomain/value @@ -0,0 +1 @@ +metrics \ No newline at end of file