commit e85060860fbd70c2e74ba40e0b8e2d75f4df09fe · soopy.moe/gensokyo

+3 -2

creds/sops/koumakan/default.yaml

···

       73
        
           auth:

     

       74
        
               hosts:

     

       75
        
                   mail: ENC[AES256_GCM,data:2Y0QcFy3u3cdlxGdxcatlBdGWaNEb56rT1Vy5fQesn5Qmz0gxbMcwVFK8geF6NvaEVRuc8jdBUV1fnre57FeXvx6IFYRMdq//GWHlrJI3ng6TL9O3pH/vdDijXlR6ZQEJoUbwY+fwkChqN4nqofBvhzKf4ICP0YyiEMMrArXAA4Hm/ue6gXdc1xsojl1gCLOOEZgtCNKmX9oJr7xAt5k2e48XzvaBus91IXv2w==,iv:Tm93jST/E4PkSlafzMWBfdOZj7g4J0dzBSeLrS8o4Ow=,tag:uYideP23a0yb4h63m4LRXg==,type:str]

     

       0
        
       
     

       76
        
       sops:

     

       77
        
           kms: []

     

       78
        
           gcp_kms: []

     
···

       97
        
                   RVBMYWppWDFxYXVNOEI2K3JzaFRZNE0KdspMlVcjpEG3lWz7P8TT3fCStaIDAqfN

     

       98
        
                   uBx4ISi43uttIAuBht9vncyjTNtVWvt3DTtawPYtBgG9LgnaMOikxQ==

     

       99
        
                   -----END AGE ENCRYPTED FILE-----

     

       100
       -
           lastmodified: "2024-03-29T12:52:36Z"

     

       101
       -
           mac: ENC[AES256_GCM,data:Q9r73U1jZT+LR3vebVfodua56j6vNayDUe2jgQcQkp2Du+NJQ9bzfZl9hWgOTUViFw+AfrTuz9icyY6TSXm47bJZXRYql94+Ht3adM0hev3D65JQxYFxX1/+4z1rnRRE2ZoOkAGmSYMLQ0vC0rfFPGKLORt/ffvo0NvuqHjQW8w=,iv:Omt5CmiloXPKbpnazaGGYdiyHPVaSu3VXX34pmjBAsE=,tag:Xdpefx4ahaYvy8s5E+Pd4g==,type:str]

     

       102
        
           pgp:

     

       103
        
               - created_at: "2024-03-16T15:25:13Z"

     

       104
        
                 enc: |-

···

       73
        
           auth:

     

       74
        
               hosts:

     

       75
        
                   mail: ENC[AES256_GCM,data:2Y0QcFy3u3cdlxGdxcatlBdGWaNEb56rT1Vy5fQesn5Qmz0gxbMcwVFK8geF6NvaEVRuc8jdBUV1fnre57FeXvx6IFYRMdq//GWHlrJI3ng6TL9O3pH/vdDijXlR6ZQEJoUbwY+fwkChqN4nqofBvhzKf4ICP0YyiEMMrArXAA4Hm/ue6gXdc1xsojl1gCLOOEZgtCNKmX9oJr7xAt5k2e48XzvaBus91IXv2w==,iv:Tm93jST/E4PkSlafzMWBfdOZj7g4J0dzBSeLrS8o4Ow=,tag:uYideP23a0yb4h63m4LRXg==,type:str]

     

       76
       +
                   gateway: ENC[AES256_GCM,data:C5X+YPh8MbxPHSqPhKUK+W1/7V95bUulXwS7XOZ5VFWOKmiVTVMHh/7oAT7gi1H+qyQZx+8mFIkUjIV3Q7xngKG6PIjrvsKaaNn+v1Y6HkJmuA0m3CV5DDGXZSJPijE0SHFfwXyJ6x8pyp2XYz1oNyseJPY/1Y8wkjBO2CNQlf0q5fgXi8wBJRgzjXc2we3Huuaeq4dYB773s5GscPWR4VJ10FbJfBluEeA35Q==,iv:OEzDSEfyx1iAGZeP1b9HO7aIy5P0kWFTcSsneRDni70=,tag:J1QQi5+x4GUdIgQTvGuDRw==,type:str]

     

       77
        
       sops:

     

       78
        
           kms: []

     

       79
        
           gcp_kms: []

     
···

       98
        
                   RVBMYWppWDFxYXVNOEI2K3JzaFRZNE0KdspMlVcjpEG3lWz7P8TT3fCStaIDAqfN

     

       99
        
                   uBx4ISi43uttIAuBht9vncyjTNtVWvt3DTtawPYtBgG9LgnaMOikxQ==

     

       100
        
                   -----END AGE ENCRYPTED FILE-----

     

       101
       +
           lastmodified: "2024-03-30T11:54:30Z"

     

       102
       +
           mac: ENC[AES256_GCM,data:jdL6s+kHZp3WOIBoxgnEqVzV3WVOr4XeH26xmQn5vNqo60A7ndq62NTAivwHv1PQ3cEvCJ4Eui++oFtOF5XGpS7Rgr1hj+6g4fa7lltA32/eFUY0HdMmhmRZqptoMarl7GQjT0vuLfH6oB4aI6Rz1JCyoacrSag2tdD/VO+qNGE=,iv:q9SjpGKnD46L6H4TNYV48L3WWWX83Q098Zk8DQFGTGI=,tag:cebPvLZo8QBufR9myHN0HA==,type:str]

     

       103
        
           pgp:

     

       104
        
               - created_at: "2024-03-16T15:25:13Z"

     

       105
        
                 enc: |-

+15 -9

systems/koumakan/services/telemetry/victoriametrics.nix

···

       9
        
             "agent/akkoma"

     

       10
        
       

     

       11
        
             "auth/hosts/mail"

     

       0
        
       
     

       12
        
           ];

     

       13
        
         };

     

       14
        
       in {

     
···

       20
        
       

     

       21
        
           (secrets.mkTemplate "vmauth.env" ''

     

       22
        
             AUTH_MAIL_TOKEN=${secrets.placeholder "auth/hosts/mail"}

     

       0
        
       
     

       23
        
           '')

     

       24
        
         ];

     

       25
        
       

     
···

       41
        
       

     

       42
        
             scrape_configs = [

     

       43
        
               {

     

       44
       -
                 job_name = "vm_koumakan";

     

       45
        
                 scrape_interval = "15s";

     

       46
        
                 static_configs = [{targets = ["${builtins.toString config.services.victoriametrics.listenAddress}"];}];

     

       47
        
               }

     

       48
        
       

     

       49
        
               # node exporters

     

       50
        
               {

     

       51
       -
                 job_name = "koumakan";

     

       52
        
                 scrape_interval = "15s";

     

       53
        
                 static_configs = [{targets = ["localhost:${builtins.toString config.services.prometheus.exporters.node.port}"];}];

     

       0
        
       
     

       54
        
               }

     

       55
        
       

     

       56
       -
               # mail node uses remote write to vmagent.

     

       0
        
       
     

       57
        
       

     

       58
        
               # other services' metrics

     

       59
        
               {

     

       60
       -
                 job_name = "nginx_koumakan";

     

       61
        
                 static_configs = [{targets = ["localhost:${builtins.toString config.services.prometheus.exporters.nginx.port}"];}];

     

       0
        
       
     

       62
        
               }

     

       63
        
       

     

       64
        
               {

     
···

       83
        
           enable = true;

     

       84
        
           listenAddress = "127.0.0.1:21000";

     

       85
        
           authConfig = {

     

       86
       -
             users = [

     

       87
       -
               {

     

       88
       -
                 bearer_token = "%{AUTH_MAIL_TOKEN}";

     

       89
       -
                 url_prefix = "http://${config.services.victoriametrics.listenAddress}"; # send directly to vm

     

       90
       -
               }

     

       0
        
       
     

       91
        
             ];

     

       92
        
           };

     

       93
        
           environmentFile = secrets.getTemplate "vmauth.env";

···

       9
        
             "agent/akkoma"

     

       10
        
       

     

       11
        
             "auth/hosts/mail"

     

       12
       +
             "auth/hosts/gateway"

     

       13
        
           ];

     

       14
        
         };

     

       15
        
       in {

     
···

       21
        
       

     

       22
        
           (secrets.mkTemplate "vmauth.env" ''

     

       23
        
             AUTH_MAIL_TOKEN=${secrets.placeholder "auth/hosts/mail"}

     

       24
       +
             AUTH_GATEWAY_TOKEN=${secrets.placeholder "auth/hosts/gateway"}

     

       25
        
           '')

     

       26
        
         ];

     

       27
        
       

     
···

       43
        
       

     

       44
        
             scrape_configs = [

     

       45
        
               {

     

       46
       +
                 job_name = "victoriametrics";

     

       47
        
                 scrape_interval = "15s";

     

       48
        
                 static_configs = [{targets = ["${builtins.toString config.services.victoriametrics.listenAddress}"];}];

     

       49
        
               }

     

       50
        
       

     

       51
        
               # node exporters

     

       52
        
               {

     

       53
       +
                 job_name = "node";

     

       54
        
                 scrape_interval = "15s";

     

       55
        
                 static_configs = [{targets = ["localhost:${builtins.toString config.services.prometheus.exporters.node.port}"];}];

     

       56
       +
                 relabel_configs = [{target_label = "instance"; replacement = "koumakan";}];

     

       57
        
               }

     

       58
        
       

     

       59
       +
               # external nodes uses remote write

     

       60
       +
               #  [mail, gateway]

     

       61
        
       

     

       62
        
               # other services' metrics

     

       63
        
               {

     

       64
       +
                 job_name = "nginx";

     

       65
        
                 static_configs = [{targets = ["localhost:${builtins.toString config.services.prometheus.exporters.nginx.port}"];}];

     

       66
       +
                 relabel_configs = [{target_label = "instance"; replacement = "koumakan";}];

     

       67
        
               }

     

       68
        
       

     

       69
        
               {

     
···

       88
        
           enable = true;

     

       89
        
           listenAddress = "127.0.0.1:21000";

     

       90
        
           authConfig = {

     

       91
       +
             users = builtins.concatMap (token: [{

     

       92
       +
               bearer_token = token;

     

       93
       +
               url_prefix = "http://${config.services.victoriametrics.listenAddress}"; # send directly to vm

     

       94
       +
             }]) [

     

       95
       +
               "%{AUTH_MAIL_TOKEN}"

     

       96
       +
               "%{AUTH_GATEWAY_TOKEN}"

     

       97
        
             ];

     

       98
        
           };

     

       99
        
           environmentFile = secrets.getTemplate "vmauth.env";