the-distro/infra
9
0
Fork 5
Code Issues 39 Pull requests 8 Packages Projects 1 Releases Wiki Activity

feat(pyroscope): add secrets and storage

Browse source 
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
This commit is contained in:
raito 2024-08-23 20:19:55 +02:00
parent db46b01ae9
commit ac7815321a
4 changed files with 44 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
secrets.nix
View file

@ -15,6 +15,8 @@ let
grafana-oauth-secret = [ machines.meta01 ]; grafana-oauth-secret = [ machines.meta01 ];
loki-environment = [ machines.meta01 ]; loki-environment = [ machines.meta01 ];
gerrit-prometheus-bearer-token = [ machines.gerrit01 machines.meta01 ]; gerrit-prometheus-bearer-token = [ machines.gerrit01 machines.meta01 ];
pyroscope-secrets = [ machines.meta01 ];
buildbot-worker-password = [ machines.buildbot ]; buildbot-worker-password = [ machines.buildbot ];
buildbot-oauth-secret = [ machines.buildbot ]; buildbot-oauth-secret = [ machines.buildbot ];

BIN
secrets/pyroscope-secrets.age Normal file
View file

Binary file not shown.

36
services/monitoring/pyroscope/default.nix
View file

@ -14,6 +14,40 @@ in
]; ];
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.pyroscope.enable = true; age.secrets.pyroscope-secrets.file = ../../../secrets/pyroscope-secrets.age;
services.pyroscope = {
enable = true;
secretFile = config.age.secrets.pyroscope-secrets.path;
settings = {
target = "all";
multitenancy_enabled = false;
api.base-url = "https://pyroscope.forkos.org";
analytics.reporting_enabled = false;
storage = {
backend = "s3";
s3 = {
endpoint = "s3.delroth.net";
region = "garage";
bucket_name = "bagel-pyroscope";
access_key_id = "\${S3_KEY_ID}";
secret_access_key = "\${S3_KEY}";
force_path_style = true;
};
};
server = {
grpc_listen_port = 9097;
grpc_server_max_recv_msg_size = 104857600;
grpc_server_max_send_msg_size = 104857600;
grpc_server_max_concurrent_streams = 1000;
};
memberlist = {
advertise_port = 7948;
bind_port = 7948;
};
};
};
}; };
} }

8
services/monitoring/pyroscope/module.nix
View file

@ -9,6 +9,9 @@ in
options.services.pyroscope = { options.services.pyroscope = {
enable = mkEnableOption "pyroscope, a continuous profiling platform"; enable = mkEnableOption "pyroscope, a continuous profiling platform";
package = mkPackageOption pkgs "pyroscope" { }; package = mkPackageOption pkgs "pyroscope" { };
secretFile = mkOption {
type = types.path;
};
settings = mkOption { settings = mkOption {
description = "Pyroscope settings. See <>"; description = "Pyroscope settings. See <>";
@ -22,14 +25,17 @@ in
systemd.services.pyroscope = { systemd.services.pyroscope = {
description = "Pyroscope server - a continuous profiling platform"; description = "Pyroscope server - a continuous profiling platform";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/pyroscope -config.file ${configFile}"; ExecStart = "${cfg.package}/bin/pyroscope -config.file ${configFile} -config.expand-env";
WorkingDirectory = "/var/lib/pyroscope"; WorkingDirectory = "/var/lib/pyroscope";
User = "pyroscope"; User = "pyroscope";
DynamicUser = true; DynamicUser = true;
Restart = "on-failure"; Restart = "on-failure";
RuntimeDirectory = "pyroscope"; RuntimeDirectory = "pyroscope";
StateDirectory = "pyroscope"; StateDirectory = "pyroscope";
EnvironmentFile = [ cfg.secretFile ];
}; };
}; };
}; };