Compare commits

..

38 commits

Author SHA1 Message Date
Ilya K cae763e8dd ofborg: enable nginx for certs 2024-11-17 14:48:08 +03:00
Ilya K 4f1378937f Disable nixos-option, it breaks 2024-11-17 14:39:25 +03:00
Ilya K 7e3074a769 Update everything again 2024-11-17 14:39:19 +03:00
Ilya K 3182a036c0 chore: bump everything 2024-11-12 23:42:51 +03:00
Ilya K 54e8282aac fix: use promtool to verify rules, fix format 2024-11-12 23:21:30 +03:00
Ilya K 41be8dc170 fix: pin pyroscope to go 1.22 2024-11-12 23:16:46 +03:00
Ilya K b08330c42b fix: allow insecure netbox 2024-11-12 22:52:11 +03:00
Ilya K 268422f653 fix: update grapevine to build with current nixpkgs 2024-11-12 22:49:33 +03:00
Yureka 4e03cf2309 increase zram on build-coord 2024-11-04 08:48:40 +01:00
Yureka 00a5d373f3 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e2f08f4d8b3ecb5cf5c9fd9cb2d53bb3c71807da' (2024-10-05)
  → 'github:NixOS/nixpkgs/7ffd9ae656aec493492b44d0ddfb28e79a1ea25d' (2024-11-02)
2024-11-04 08:46:51 +01:00
Yureka ec93c94e7e revert default shell to bash
zsh is unbearably slow on some machines
2024-10-30 13:29:27 +01:00
raito f56576d644 fix: add util-linux in git-gc-preserve
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-28 12:07:54 +01:00
raito 1ae3d7c396 chore: move to forkos branch for buildbot
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-28 12:07:06 +01:00
raito cca8156e52 Revert "chore: move to faster-depinfo branch for Buildbot"
This reverts commit 7df7eaeb9b because
there was a missing intersection in the code and this broke Buildbot
entirely by exhausting all the resources.
2024-10-27 22:01:34 +01:00
raito 7df7eaeb9b chore: move to faster-depinfo branch for Buildbot
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-27 19:39:18 +01:00
Kiara Grouwstra 5ae71fff99 chore: add lorri to prevent direnv from blocking, closes #147 2024-10-27 09:42:11 +00:00
raito 02f8bc7ca4 chore(o11y): filter by tenancy on node_exporter
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:37 +02:00
raito e0c029ba43 fix: make all buildbot postgres faster
work_mem was effectively absurdly low.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:24 +02:00
raito 3ed36f74fd onboarding: add pennae keys on lix infra
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:06 +02:00
raito b1f4674da0 chore: add tenancy in postgres
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:06 +02:00
raito 226eacdeec chore: add tenancy in node_exporter
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-22 16:57:06 +02:00
Ilya K 14935c5e92 fix: update grapevine config 2024-10-21 16:31:26 +03:00
raito bee402fecc fix: ensure that pg_stat_statements is always created as an ext
Otherwise, we will have issues with this exporter.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-21 14:33:18 +02:00
raito 3efdd0f6c9 fix: disable gitiles on gerrit01
It is generating too much traffic and CPU load for no good reason.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-20 11:24:58 +02:00
raito 8c0c7b517f feat: block automatically crawlers if the blocker is enabled
This help us getting rid of useless traffic by crawlers.

It is enabled for gerrit01 which is suffering the most from this.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-19 19:12:10 +02:00
raito d5500d7c4e fix(buildbot): bring back the old Gerrit reporting
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
raito eaf48a0cdd fix(buildbot): use builder-9 as builder-10 is down
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
raito e3129fec51 fix(buildbot): fix CORS properly
wildcards are not allowed in the headers.
We need to include credentials as well.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
raito 437293bdaa fix(buildbot): remove CORS wildcards for their precise Gerrit hosts
wildcards are not supported in CORS headers, so this design was quite
wrong actually.

We can just use the actual Gerrit hostname for now.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-18 23:22:51 +00:00
mei (ckie) df8a57f91a
users: add ckie 2024-10-18 14:43:25 +03:00
Yureka 97bee26977 new ssh key for yureka 2024-10-10 13:42:29 +00:00
Luke Granger-Brown 84cfbdb050 feat: check formatting and validity of alerts
Fixes #94.
2024-10-07 20:00:54 +00:00
Luke Granger-Brown 6a8f49f180 feat(gerrit): add some basic theming
This is based on some of the preliminary colour work done by @ckie in
the the-distro/floral.systems repo.
2024-10-07 19:27:13 +00:00
Yureka 06dd4d6e85 update hydra 2024-10-07 19:25:51 +02:00
Luke Granger-Brown de085155a6 fix: update paths to floral secrets to secrets/floral/ 2024-10-07 15:48:05 +00:00
Luke Granger-Brown 2001012325 feat(uptime-kuma): status.forkos.org should point at the ForkOS page 2024-10-07 15:47:33 +00:00
raito fbf26302b6 hotfix(lix): use build01 features for build02 remote builder
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-07 15:26:27 +02:00
raito 1701a2b388 hotfix: bump buildbot-nix to restore backward compat with Lix deployments
We oopsie dropped `hydraJobs` support to move to `buildbotJobs`.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-07 15:26:19 +02:00
42 changed files with 1132 additions and 1251 deletions

11
.envrc
View file

@ -1,2 +1,11 @@
#!/usr/bin/env bash
# the shebang is ignored, but nice for editors
# shellcheck shell=bash # shellcheck shell=bash
use flake if type -P lorri &>/dev/null; then
eval "$(lorri direnv --flake .)"
else
echo 'while direnv evaluated .envrc, could not find the command "lorri" [https://github.com/nix-community/lorri]'
use flake
fi

View file

@ -19,12 +19,14 @@ in
"thubrecht" "thubrecht"
"winter" "winter"
"yuka" "yuka"
"ckie"
]; ];
lix-infra.members = [ lix-infra.members = [
"raito" "raito"
"hexchen" "hexchen"
"jade" "jade"
"pennae"
]; ];
}; };
bagel.users = genAttrs [ bagel.users = genAttrs [
@ -39,5 +41,7 @@ in
"thubrecht" "thubrecht"
"winter" "winter"
"yuka" "yuka"
"ckie"
"pennae"
] (name: {}); ] (name: {});
} }

View file

@ -7,6 +7,7 @@
nixpkgs.overlays = import ../overlays; nixpkgs.overlays = import ../overlays;
nix.package = lib.mkDefault pkgs.lix; nix.package = lib.mkDefault pkgs.lix;
system.tools.nixos-option.enable = false;
services.openssh.enable = lib.mkForce true; services.openssh.enable = lib.mkForce true;
networking.nftables.enable = true; networking.nftables.enable = true;

View file

@ -61,7 +61,12 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU"
]; ];
thubrecht = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn" ]; thubrecht = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn" ];
yuka = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKath4/fDnlv/4fzxkPrQN1ttmoPRNu/m9bEtdPJBDfY cardno:16_933_242" ]; yuka = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIxQ3NYBi8v1f/vhxLKDcA6upmX0pctRDbnK6SER5OUR yureka" ];
winter = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH/LDRUG+U+++UmlxvA2kspioTjktQZ8taDcHq8gVlkfAAAABHNzaDo=" ]; winter = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH/LDRUG+U+++UmlxvA2kspioTjktQZ8taDcHq8gVlkfAAAABHNzaDo=" ];
ckie = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3uTwzSSMAPg84fwbNp2cq9+BdLFeA1VzDGth4zCAbz https://mei.puppycat.house" ];
pennae = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wf5/IbyFpdziWfwxkQqxOf3r1L9pYn6xQBEKFwmMY"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIK8icXjHkb4XzbIVN3djH4CE7RvgGd+3xbG4cgh0Yls5AAAABHNzaDo="
];
}; };
} }

View file

@ -1,5 +1,4 @@
{ lib, pkgs, config, ... }: { { lib, pkgs, config, ... }: {
users.defaultUserShell = pkgs.zsh;
programs.zsh = { programs.zsh = {
enable = true; enable = true;
enableCompletion = true; enableCompletion = true;

View file

@ -27,16 +27,17 @@
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2", "flake-parts": "flake-parts_2",
"nix-github-actions": "nix-github-actions_2",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1711742460, "lastModified": 1730257295,
"narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=", "narHash": "sha256-OQl+aAsKiyygvpzck1u0sZf/R4T9zM903CgNDFmmzA8=",
"owner": "zhaofengli", "owner": "zhaofengli",
"repo": "attic", "repo": "attic",
"rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0", "rev": "48c8b395bfbc6b76c7eae74df6c74351255a095c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -49,11 +50,11 @@
"bats-assert": { "bats-assert": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1636059754, "lastModified": 1692829535,
"narHash": "sha256-ewME0l27ZqfmAwJO4h5biTALc9bDLv7Bl3ftBzBuZwk=", "narHash": "sha256-oDqhUQ6Xg7a3xx537SWLGRzqP3oKKeyY4UYGCdz9z/Y=",
"owner": "bats-core", "owner": "bats-core",
"repo": "bats-assert", "repo": "bats-assert",
"rev": "34551b1d7f8c7b677c1a66fc0ac140d6223409e5", "rev": "e2d855bc78619ee15b0c702b5c30fb074101159f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -65,11 +66,11 @@
"bats-support": { "bats-support": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1548869839, "lastModified": 1693050811,
"narHash": "sha256-Gr4ntadr42F2Ks8Pte2D4wNDbijhujuoJi4OPZnTAZU=", "narHash": "sha256-PxJaH16+QrsfZqtkWVt5K6TwJB5gjIXnbGo+MB84WIU=",
"owner": "bats-core", "owner": "bats-core",
"repo": "bats-support", "repo": "bats-support",
"rev": "d140a65044b2d6810381935ae7f0c94c7023c8c3", "rev": "9bf10e876dd6b624fe44423f0b35e064225f7556",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -87,11 +88,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1728162115, "lastModified": 1730064416,
"narHash": "sha256-O95Nv81XlYZjltq009951gwYHGo+Kjt9EBhh/6cYGDw=", "narHash": "sha256-Opbtu9hKijGkEx+GYbSu3MJms3lFxZmAGTFyckguWMM=",
"ref": "refs/heads/forkos", "ref": "refs/heads/forkos",
"rev": "ed8f940717724af853efcafcd82cf4d10f32ede5", "rev": "79137b14f3cb376204f739f44b05aebfc288ca89",
"revCount": 298, "revCount": 310,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/buildbot-nix.git" "url": "https://git.lix.systems/lix-project/buildbot-nix.git"
}, },
@ -125,17 +126,18 @@
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"stable": "stable" "stable": "stable"
}, },
"locked": { "locked": {
"lastModified": 1711386353, "lastModified": 1731527002,
"narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=", "narHash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=",
"owner": "zhaofengli", "owner": "zhaofengli",
"repo": "colmena", "repo": "colmena",
"rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db", "rev": "e3ad42138015fcdf2524518dd564a13145c72ea1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -153,11 +155,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1702918879, "lastModified": 1722960479,
"narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=", "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb", "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -167,18 +169,12 @@
} }
}, },
"crane_2": { "crane_2": {
"inputs": {
"nixpkgs": [
"grapevine",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1716569590, "lastModified": 1730060262,
"narHash": "sha256-5eDbq8TuXFGGO3mqJFzhUbt5zHVTf5zilQoyW5jnJwo=", "narHash": "sha256-RMgSVkZ9H03sxC+Vh4jxtLTCzSjPq18UWpiM0gq6shQ=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "109987da061a1bf452f435f1653c47511587d919", "rev": "498d9f122c413ee1154e8131ace5a35a80d8fa76",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -219,11 +215,11 @@
"rust-analyzer-src": "rust-analyzer-src" "rust-analyzer-src": "rust-analyzer-src"
}, },
"locked": { "locked": {
"lastModified": 1716359173, "lastModified": 1730442928,
"narHash": "sha256-pYcjP6Gy7i6jPWrjiWAVV0BCQp+DdmGaI/k65lBb/kM=", "narHash": "sha256-U1DWb5c3EfkA7pqx5V1H4AWRA+EaE6UJ0lIRvK1RxgM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "b6fc5035b28e36a98370d0eac44f4ef3fd323df6", "rev": "87b4d20f896c99018dde4702a9c6157b516f2a76",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -252,11 +248,11 @@
"flake-compat_2": { "flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1696426674,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -320,6 +316,28 @@
} }
}, },
"flake-parts_2": { "flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"grapevine",
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"hydra", "hydra",
@ -341,6 +359,23 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1727826117,
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
"type": "github"
},
"original": {
"id": "flake-parts",
"type": "indirect"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1659877975,
@ -357,30 +392,15 @@
} }
}, },
"flake-utils_2": { "flake-utils_2": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1726560853,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -390,21 +410,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_4": {
"locked": {
"lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c91f3de5adaf1de973b797ef7485e441a65b8935",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gerrit-dashboard": { "gerrit-dashboard": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -427,20 +432,21 @@
"crane": "crane_2", "crane": "crane_2",
"fenix": "fenix", "fenix": "fenix",
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_2",
"nix-filter": "nix-filter", "nix-filter": "nix-filter",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rocksdb": "rocksdb",
"rust-manifest": "rust-manifest" "rust-manifest": "rust-manifest"
}, },
"locked": { "locked": {
"host": "gitlab.computer.surgery", "host": "gitlab.computer.surgery",
"lastModified": 1727994504, "lastModified": 1731820516,
"narHash": "sha256-FC6M1KKX58HbU9LG+cG6EJRr02J9lE/o0iiDi6m1gv8=", "narHash": "sha256-BJiFq5meQMwOLhVS9/m2HCZoNUIN5u5weJXr94dkIRU=",
"owner": "matrix", "owner": "matrix",
"repo": "grapevine-fork", "repo": "grapevine-fork",
"rev": "5a490a4397f0c6a36dab1cb631dadc67a849deab", "rev": "887e59cf03efb70bfa68b56dda32c411ba6cd5fa",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -480,11 +486,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1728163965, "lastModified": 1728321752,
"narHash": "sha256-vHA2qZWoTY4DQUWFktq8DYfCOlm8rd1bNZpiIzpFBCk=", "narHash": "sha256-GbBAoBF7ZObz0IP+g0LZKxMafpMvNKjTEu9haiZbV54=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "e4d466ffcdc0e43f3bd005de3913a7e9ed4a58f5", "rev": "ee1234c15cdcb427dbd4828e0add09d02cd606c9",
"revCount": 4216, "revCount": 4220,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/hydra.git" "url": "https://git.lix.systems/lix-project/hydra.git"
}, },
@ -505,11 +511,11 @@
"pre-commit-hooks": "pre-commit-hooks" "pre-commit-hooks": "pre-commit-hooks"
}, },
"locked": { "locked": {
"lastModified": 1728159440, "lastModified": 1728163191,
"narHash": "sha256-8DW+VfSIk5xYpYj1VDKMmUjXhMooIlAOwYG4J9PLbbg=", "narHash": "sha256-SW0IEBsPN1EysqzvfDT+8Kimtzy03O1BxQQm7ZB6fRY=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "7ff60b7445ccb599edcbf0078d181034f61a0859", "rev": "ed9b7f4f84fd60ad8618645cc1bae2d686ff0db6",
"revCount": 16318, "revCount": 16323,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/lix" "url": "https://git.lix.systems/lix-project/lix"
}, },
@ -520,12 +526,12 @@
}, },
"nix-eval-jobs": { "nix-eval-jobs": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_3",
"lix": [ "lix": [
"hydra", "hydra",
"lix" "lix"
], ],
"nix-github-actions": "nix-github-actions", "nix-github-actions": "nix-github-actions_3",
"nixpkgs": [ "nixpkgs": [
"hydra", "hydra",
"nixpkgs" "nixpkgs"
@ -548,11 +554,11 @@
}, },
"nix-filter": { "nix-filter": {
"locked": { "locked": {
"lastModified": 1710156097, "lastModified": 1730207686,
"narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=", "narHash": "sha256-SCHiL+1f7q9TAnxpasriP6fMarWE5H43t25F5/9e28I=",
"owner": "numtide", "owner": "numtide",
"repo": "nix-filter", "repo": "nix-filter",
"rev": "3342559a24e85fc164b295c3444e8a139924675b", "rev": "776e68c1d014c3adde193a18db9d738458cd2ba4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -583,6 +589,49 @@
} }
}, },
"nix-github-actions": { "nix-github-actions": {
"inputs": {
"nixpkgs": [
"colmena",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729742964,
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-github-actions_2": {
"inputs": {
"nixpkgs": [
"grapevine",
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729742964,
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-github-actions_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"hydra", "hydra",
@ -622,11 +671,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1711401922, "lastModified": 1726042813,
"narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=", "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "07262b18b97000d16a4bdb003418bd2fb067a932", "rev": "159be5db480d1df880a0135ca0bfed84c2f88353",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -636,6 +685,18 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": {
"locked": {
"lastModified": 1727825735,
"narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
}
},
"nixpkgs-regression": { "nixpkgs-regression": {
"locked": { "locked": {
"lastModified": 1643052045, "lastModified": 1643052045,
@ -654,32 +715,32 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1711460390, "lastModified": 1724316499,
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434", "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-23.11", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1728093190, "lastModified": 1731676054,
"narHash": "sha256-CAZF2NRuHmqTtRTNAruWpHA43Gg2UvuCNEIzabP0l6M=", "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e2f08f4d8b3ecb5cf5c9fd9cb2d53bb3c71807da", "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixpkgs-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -700,6 +761,23 @@
"type": "github" "type": "github"
} }
}, },
"rocksdb": {
"flake": false,
"locked": {
"lastModified": 1730475155,
"narHash": "sha256-u5uuShM2SxHc9/zL4UU56IhCcR/ZQbzde0LgOYS44bM=",
"owner": "facebook",
"repo": "rocksdb",
"rev": "3c27a3dde0993210c5cc30d99717093f7537916f",
"type": "github"
},
"original": {
"owner": "facebook",
"ref": "v9.7.4",
"repo": "rocksdb",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
@ -722,11 +800,11 @@
"rust-analyzer-src": { "rust-analyzer-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1716107283, "lastModified": 1730386175,
"narHash": "sha256-NJgrwLiLGHDrCia5AeIvZUHUY7xYGVryee0/9D3Ir1I=", "narHash": "sha256-0Uq+/B8eu7pw8B8pxuGdFYKjcVLwNMcHfDxU9sXh7rg=",
"owner": "rust-lang", "owner": "rust-lang",
"repo": "rust-analyzer", "repo": "rust-analyzer",
"rev": "21ec8f523812b88418b2bfc64240c62b3dd967bd", "rev": "0ba893e1a00d92557ac91efb771d72eee36ca687",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -750,16 +828,16 @@
}, },
"stable": { "stable": {
"locked": { "locked": {
"lastModified": 1696039360, "lastModified": 1730883749,
"narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=", "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "32dcb45f66c0487e92db8303a798ebc548cadedc", "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-23.05", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -767,11 +845,11 @@
"stateless-uptime-kuma": { "stateless-uptime-kuma": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1727622797, "lastModified": 1728243069,
"narHash": "sha256-JRvy5zsPsk1ChmEB1UHKOlnzAKCPdtBLCcx+LXh3e4c=", "narHash": "sha256-l9fgwesnmFxasCaYUCD7L9bGGJXytLuwtx3CZMgpwJg=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "390363e6a977d71a96c53d7f8b252038dfee2e2e", "rev": "880f444ff7862d6127b051cf1a993ad1585b1652",
"revCount": 23, "revCount": 25,
"type": "git", "type": "git",
"url": "https://git.dgnum.eu/DGNum/stateless-uptime-kuma.git" "url": "https://git.dgnum.eu/DGNum/stateless-uptime-kuma.git"
}, },
@ -810,22 +888,38 @@
"type": "github" "type": "github"
} }
}, },
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"terranix": { "terranix": {
"inputs": { "inputs": {
"bats-assert": "bats-assert", "bats-assert": "bats-assert",
"bats-support": "bats-support", "bats-support": "bats-support",
"flake-utils": "flake-utils_4", "flake-parts": "flake-parts_4",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"systems": "systems_3",
"terranix-examples": "terranix-examples" "terranix-examples": "terranix-examples"
}, },
"locked": { "locked": {
"lastModified": 1695406838, "lastModified": 1728959489,
"narHash": "sha256-xiUfVD6rtsVWFotVtUW3Q1nQh4obKzgvpN1wqZuGXvM=", "narHash": "sha256-1Pu2j5xsBTuoyga08ZVf+rKp3FOMmJh/0fXen/idOrA=",
"owner": "terranix", "owner": "terranix",
"repo": "terranix", "repo": "terranix",
"rev": "fc9077ca02ab5681935dbf0ecd725c4d889b9275", "rev": "7734e2ee6a1472807a33ce1e7da794bed2aaf91c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -836,11 +930,11 @@
}, },
"terranix-examples": { "terranix-examples": {
"locked": { "locked": {
"lastModified": 1636300201, "lastModified": 1637156952,
"narHash": "sha256-0n1je1WpiR6XfCsvi8ZK7GrpEnMl+DpwhWaO1949Vbc=", "narHash": "sha256-KqvXIe1yiKOEP9BRYqNQN+LOWPCsWojh0WjEgv5jfEI=",
"owner": "terranix", "owner": "terranix",
"repo": "terranix-examples", "repo": "terranix-examples",
"rev": "a934aa1cf88f6bd6c6ddb4c77b77ec6e1660bd5e", "rev": "921680efb8af0f332d8ad73718d53907f9483e24",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -2,7 +2,7 @@
description = "Bagel cooking infrastructure"; description = "Bagel cooking infrastructure";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
terranix.url = "github:terranix/terranix"; terranix.url = "github:terranix/terranix";
terranix.inputs.nixpkgs.follows = "nixpkgs"; terranix.inputs.nixpkgs.follows = "nixpkgs";
@ -199,8 +199,6 @@
build01-aarch64-lix.imports = lixInfraModules ++ [ ./hosts/build01-aarch64-lix ]; build01-aarch64-lix.imports = lixInfraModules ++ [ ./hosts/build01-aarch64-lix ];
buildbot-lix.imports = lixInfraModules ++ [ ./hosts/buildbot-lix ]; buildbot-lix.imports = lixInfraModules ++ [ ./hosts/buildbot-lix ];
# This is Lix's Garage S3.
cache-lix.imports = lixInfraModules ++ [ ./hosts/cache-lix ];
} // builders; } // builders;
hydraJobs = builtins.mapAttrs (n: v: v.config.system.build.netbootDir or v.config.system.build.toplevel) self.nixosConfigurations; hydraJobs = builtins.mapAttrs (n: v: v.config.system.build.netbootDir or v.config.system.build.toplevel) self.nixosConfigurations;

View file

@ -38,7 +38,7 @@
zramSwap = { zramSwap = {
enable = true; enable = true;
memoryPercent = 25; memoryPercent = 100;
}; };
networking.useNetworkd = true; networking.useNetworkd = true;

View file

@ -38,7 +38,9 @@
port = 2022; port = 2022;
username = "buildbot"; username = "buildbot";
}; };
cors.allowedOrigin = "*.lix.systems"; cors.allowedOrigins = [
"https://*.lix.systems"
];
projects = [ projects = [
"lix" "lix"
"lix-installer" "lix-installer"

View file

@ -36,13 +36,15 @@
port = cfgGerrit.port; port = cfgGerrit.port;
username = "buildbot"; username = "buildbot";
}; };
cors.allowedOrigin = "*.forkos.org"; cors.allowedOrigins = [
"https://*.forkos.org"
];
projects = [ projects = [
"buildbot-test" "buildbot-test"
"nixpkgs" "nixpkgs"
"infra" "infra"
]; ];
builders = [ "builder-10" ]; builders = [ "builder-9" ];
}; };
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";

View file

@ -1,125 +0,0 @@
# Configuration for a virtual machine in Raito's micro-DC basement.
# 8 vCPU (2014 grade Xeon though)
# 8GB RAM
# 100GB SSD
# 1TB HDD
# All specifications can be upgraded to a certain extent, just ask Raito.
# Hosts the Garage S3 instance for the Lix project.
# Our "binary cache".
#
# vim: et:ts=2:sw=2:
#
{ config, pkgs, lib, ... }: {
networking.hostName = "cache";
networking.domain = "lix.systems";
system.stateVersion = "24.05";
zramSwap.enable = true;
i18n.defaultLocale = "en_US.UTF-8";
# All the objects are stored there.
# Metadata is on the fast SSD.
fileSystems."/data" = {
device = "/dev/disk/by-label/data";
fsType = "ext4";
};
bagel.s3 = {
rootDomain = "lix.systems";
garage.enable = true;
web = {
buckets = [
"install"
"cache"
"releases"
"docs"
];
subdomains = {
"cache.lix.systems" = "cache";
"install.lix.systems" = "install";
};
};
reverse-proxy = {
enable = true;
buckets = [
"docs"
"releases"
"install"
];
web = {
"releases.lix.systems" = "releases";
"docs.lix.systems" = "docs";
};
};
};
# Fix up the manual path so it enables having multiple manuals
services.nginx.virtualHosts."docs.lix.systems".locations.${''~ ^/manual/nightly(/[^\s]*)$''} =
{
extraConfig = ''
return 301 /manual/lix/nightly$1;
'';
};
systemd.network.links."10-nat-lan".matchConfig.MACAddress = "BC:24:11:1E:7C:9B";
systemd.network.networks."10-wan".networkConfig.Address = [ "2001:bc8:38ee:100::210/56" ];
systemd.network.links."10-wan".matchConfig.MACAddress = "BC:24:11:42:72:79";
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
# Debugging stuff.
virtualisation.vmVariant = {
systemd.network.enable = lib.mkForce false;
networking.useDHCP = true;
environment.systemPackages = with pkgs; [
tcpdump
];
system.activationScripts.agenixInstall.text = lib.mkForce ''
echo "lol gotcha"
_agenix_generation="$(basename "$(readlink ${config.age.secretsDir})" || echo 0)"
(( ++_agenix_generation ))
p=${config.age.secretsMountPoint}/$_agenix_generation
> $p/garage
echo "GARAGE_RPC_SECRET=$(${lib.getExe pkgs.openssl.bin} rand -hex 32)" >> $p/garage
echo "GARAGE_METRICS_TOKEN=$(${lib.getExe pkgs.openssl.bin} rand -base64 32)" >> $p/garage
echo "GARAGE_ADMIN_TOKEN=$(${lib.getExe pkgs.openssl.bin} rand -base64 32)" >> $p/garage
ln -sfT /var/secrets/garage-s3-api-key $p/s3-revproxy-api-key-env
ln -sfT $p ${config.age.secretsDir}
'';
virtualisation.forwardPorts = [
{
from = "host";
guest.port = 443;
host.port = 4043;
proto = "tcp";
}
{
from = "host";
guest.port = 1337;
host.port = 1337;
proto = "tcp";
}
{
from = "host";
guest.port = 22;
host.port = 2022;
proto = "tcp";
}
];
security.acme = {
defaults.server = "http://127.0.0.1/failfailfail";
extraLegoFlags = ["--lol-fail"];
extraLegoRenewFlags = ["--lol-fail"];
extraLegoRunFlags = ["--lol-fail"];
};
systemd.tmpfiles.rules = [
"d /data/s3 700 garage - - -"
];
};
}

View file

@ -23,6 +23,9 @@
}; };
}; };
# Block all these crawlers!!
bagel.services.nginx.crawler-blocker.enable = true;
fileSystems."/gerrit-data" = { fileSystems."/gerrit-data" = {
device = "/dev/disk/by-uuid/d1062305-0dea-4740-9a27-b6b1691862a4"; device = "/dev/disk/by-uuid/d1062305-0dea-4740-9a27-b6b1691862a4";
fsType = "ext4"; fsType = "ext4";
@ -121,7 +124,7 @@
}; };
}; };
age.secrets.s3-channel-staging-keys.file = ../../secrets/s3-channel-staging-keys.age; age.secrets.s3-channel-staging-keys.file = ../../secrets/floral/s3-channel-staging-keys.age;
bagel.nixpkgs.channel-scripts = { bagel.nixpkgs.channel-scripts = {
enable = true; enable = true;
otlp.enable = true; otlp.enable = true;

View file

@ -1,9 +1,10 @@
{ lib { lib
, buildGoModule , buildGo122Module
, fetchFromGitHub , fetchFromGitHub
}: }:
buildGoModule rec { # FIXME: update, remove this pin
buildGo122Module rec {
pname = "pyroscope"; pname = "pyroscope";
version = "1.7.1"; version = "1.7.1";

View file

@ -0,0 +1,40 @@
AI2Bot
Ai2Bot-Dolma
Amazonbot
anthropic-ai
Applebot
Applebot-Extended
Bytespider
CCBot
ChatGPT-User
Claude-Web
ClaudeBot
cohere-ai
Diffbot
FacebookBot
facebookexternalhit
FriendlyCrawler
Google-Extended
GoogleOther
GoogleOther-Image
GoogleOther-Video
GPTBot
iaskspider/2.0
ICC-Crawler
ImagesiftBot
img2dataset
ISSCyberRiskCrawler
Kangaroo Bot
Meta-ExternalAgent
Meta-ExternalFetcher
OAI-SearchBot
omgili
omgilibot
PerplexityBot
PetalBot
Scrapy
Sidetrade indexer bot
Timpibot
VelenPublicWebCrawler
Webzio-Extended
YouBot

View file

@ -0,0 +1,32 @@
{ pkgs, config, lib, ... }:
let
inherit (lib) mkEnableOption mkIf mkOption types concatStringsSep mkDefault splitString;
cfg = config.bagel.services.nginx.crawler-blocker;
mkRobotsFile = blockedUAs: pkgs.writeText "robots.txt" ''
${concatStringsSep "\n" (map (ua: "User-agent: ${ua}") blockedUAs)}
Disallow: /
'';
in
{
options = {
bagel.services.nginx.crawler-blocker = {
enable = mkEnableOption "the crawler blocker";
userAgents = mkOption {
type = types.listOf types.str;
default = splitString "\n" (builtins.readFile ./blocked-ua.txt);
};
};
services.nginx.virtualHosts = mkOption {
type = types.attrsOf (types.submodule {
config = {
locations."= /robots.txt" = mkIf cfg.enable (mkDefault {
alias = mkRobotsFile cfg.userAgents;
});
};
});
};
};
}

View file

@ -53,9 +53,9 @@ in
}; };
}; };
cors.allowedOrigin = mkOption { cors.allowedOrigins = mkOption {
type = types.str; type = types.listOf types.str;
example = "*.forkos.org"; example = [ "*.forkos.org" ];
description = "Allowed origin for Buildbot and NGINX for CORS without the protocol"; description = "Allowed origin for Buildbot and NGINX for CORS without the protocol";
}; };
@ -100,6 +100,7 @@ in
}; };
services.nginx = { services.nginx = {
recommendedProxySettings = true;
appendHttpConfig = '' appendHttpConfig = ''
# Our session stuff is too big with the TWISTED_COOKIE in addition. # Our session stuff is too big with the TWISTED_COOKIE in addition.
# Default is usually 4k or 8k. # Default is usually 4k or 8k.
@ -109,8 +110,8 @@ in
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = '' extraConfig = ''
# This is needed so that logged-in users in Buildbot can include their credentials in their requests.
add_header Access-Control-Allow-Credentials 'true' always; add_header Access-Control-Allow-Credentials 'true' always;
add_header Access-Control-Allow-Origin 'https://${cfg.cors.allowedOrigin}' always;
''; '';
}; };
}; };
@ -155,9 +156,8 @@ in
# we can replace all of this with automatic localworker generation on buildbot-nix side. # we can replace all of this with automatic localworker generation on buildbot-nix side.
workersFile = config.age.secrets.buildbot-workers.path; workersFile = config.age.secrets.buildbot-workers.path;
allowedOrigins = [ # We rely on NGINX to do the CORS dance.
cfg.cors.allowedOrigin allowedOrigins = cfg.cors.allowedOrigins;
];
buildMachines = map (n: { buildMachines = map (n: {
hostName = nodes.${n}.config.networking.fqdn; hostName = nodes.${n}.config.networking.fqdn;
@ -194,6 +194,32 @@ in
RestartSteps = 10; RestartSteps = 10;
}; };
services.postgresql.settings = {
# DB Version: 15
# OS Type: linux
# DB Type: web
# Total Memory (RAM): 64 GB
# CPUs num: 16
# Connections num: 100
# Data Storage: ssd
max_connections = 100;
shared_buffers = "16GB";
effective_cache_size = "48GB";
maintenance_work_mem = "2GB";
checkpoint_completion_target = 0.9;
wal_buffers = "16MB";
default_statistics_target = 100;
random_page_cost = 1.1;
effective_io_concurrency = 200;
work_mem = "41943kB";
huge_pages = "try";
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 16;
max_parallel_workers_per_gather = 4;
max_parallel_workers = 16;
max_parallel_maintenance_workers = 4;
};
nix.settings.keep-derivations = true; nix.settings.keep-derivations = true;
nix.gc = { nix.gc = {

View file

@ -21,7 +21,8 @@ in
sshUser = "nix"; sshUser = "nix";
systems = [ "aarch64-linux" ]; systems = [ "aarch64-linux" ];
publicHostKey = ssh-keys.machines.build02-aarch64-lix; publicHostKey = ssh-keys.machines.build02-aarch64-lix;
supportedFeatures = nodes.build02-aarch64-lix.config.nix.settings.system-features; # TODO: use build02 features.
supportedFeatures = nodes.build01-aarch64-lix.config.nix.settings.system-features;
} }
{ {
hostName = "build01.aarch64-darwin.lix.systems"; hostName = "build01.aarch64-darwin.lix.systems";

View file

@ -1,5 +1,6 @@
{ {
imports = [ imports = [
./block-crawlers
./gerrit ./gerrit
./channel-scripts ./channel-scripts
./hydra ./hydra

View file

@ -129,7 +129,9 @@ in
serverId = "9e5216ad-038d-4d74-a4e8-716515834a94"; serverId = "9e5216ad-038d-4d74-a4e8-716515834a94";
builtinPlugins = [ builtinPlugins = [
"gitiles" # Disable gitiles as it generates too much traffic.
# Prefer git.forkos.org.
# "gitiles"
"codemirror-editor" "codemirror-editor"
"reviewnotes" "reviewnotes"
"download-commands" "download-commands"
@ -141,7 +143,9 @@ in
plugins = with pkgs.gerritPlugins; [ plugins = with pkgs.gerritPlugins; [
oauth oauth
metrics-reporter-prometheus metrics-reporter-prometheus
# Buildbot checks plugin (writeText because services.gerrit.plugins expects packages) # Theme plugin
(pkgs.concatText "theme.js" [ ./theme.js ])
# Buildbot checks plugin
(pkgs.runCommand "checks.js" { (pkgs.runCommand "checks.js" {
BASE_URI = builtins.toJSON "https://buildbot.forkos.org"; BASE_URI = builtins.toJSON "https://buildbot.forkos.org";
SUPPORTED_PROJECTS = builtins.toJSON [ SUPPORTED_PROJECTS = builtins.toJSON [
@ -326,7 +330,7 @@ in
}; };
}; };
age.secrets.gerrit-prometheus-bearer-token.file = ../../secrets/gerrit-prometheus-bearer-token.age; age.secrets.gerrit-prometheus-bearer-token.file = ../../secrets/floral/gerrit-prometheus-bearer-token.age;
bagel.monitoring.grafana-agent.exporters.gerrit = { bagel.monitoring.grafana-agent.exporters.gerrit = {
port = 4778; # grrt port = 4778; # grrt
bearerTokenFile = config.age.secrets.gerrit-prometheus-bearer-token.path; bearerTokenFile = config.age.secrets.gerrit-prometheus-bearer-token.path;

View file

@ -57,6 +57,7 @@ in
name = "git-gc-preserve-${name}"; name = "git-gc-preserve-${name}";
value = { value = {
description = "Git-GC-Preserve Service - ${name}"; description = "Git-GC-Preserve Service - ${name}";
path = [ pkgs.util-linux ];
serviceConfig = { serviceConfig = {
WorkingDirectory = gcConfig.repoPath; WorkingDirectory = gcConfig.repoPath;
Type = "oneshot"; Type = "oneshot";

69
services/gerrit/theme.js Normal file
View file

@ -0,0 +1,69 @@
/* Set up theming for Floral.
* vim: set et ts=2 sw=2:
*/
Gerrit.install((plugin) => {
const stylesheet = new CSSStyleSheet();
stylesheet.replace(`
html {
--header-title-content: 'floral.systems';
--blue-50: #f3f4fb;
--blue-100: #e3e6f6;
--blue-200: #ced5ef;
--blue-300: #acb8e4;
--blue-400: #8495d6;
--blue-500: #6775ca;
--blue-600: #5158bb;
--blue-700: #494bac;
--blue-800: #41408d;
--blue-900: #383870;
--blue-950: #252546;
--coral-50: #fff1f1;
--coral-100: #ffe0e0;
--coral-200: #ffc5c5;
--coral-300: #ff9e9d;
--coral-400: #ff6665;
--coral-500: #fe4a49;
--coral-600: #ec1716;
--coral-700: #c70f0e;
--coral-800: #a41110;
--coral-900: #881514;
--coral-950: #4a0505;
--teal-50: #eefbf5;
--teal-100: #d6f5e5;
--teal-200: #b1e9d0;
--teal-300: #7ed7b5;
--teal-400: #49be95;
--teal-500: #27a27b;
--teal-600: #188162;
--teal-700: #136951;
--teal-800: #125342;
--teal-900: #104437;
--teal-950: #08261f;
--zinc-50: #fafafa;
--zinc-100: #f4f4f5;
--zinc-200: #e4e4e7;
--zinc-300: #d4d4d8;
--zinc-400: #a1a1aa;
--zinc-500: #71717a;
--zinc-600: #52525b;
--zinc-700: #3f3f46;
--zinc-800: #27272a;
--zinc-900: #18181b;
--zinc-950: #09090b;
}
html.lightTheme {
--header-background-color: var(--teal-700);
--header-text-color: var(--coral-50);
}
html.darkTheme {
--header-background-color: var(--teal-900);
--header-text-color: var(--coral-50);
}
`).then(() => {
document.adoptedStyleSheets = [...document.adoptedStyleSheets, stylesheet];
});
});

View file

@ -29,10 +29,6 @@ in
# NGINX should not give up super fast. Things can take time. # NGINX should not give up super fast. Things can take time.
proxy_read_timeout 3600; proxy_read_timeout 3600;
} }
location = /robots.txt {
return 200 'User-agent: *\nAllow: /';
}
''; '';
}; };

View file

@ -1,33 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) mkOption types;
cfg = config.bagel.s3;
in
{
options.bagel.s3 = {
rootDomain = mkOption {
type = types.str;
};
webRootDomain = mkOption {
type = types.str;
default = "web.${cfg.rootDomain}";
};
s3RootDomain = mkOption {
type = types.str;
default = "s3.${cfg.rootDomain}";
};
};
imports = [
# Generic frontend stuff
# e.g. static redirects, etc.
./web.nix
# Garage implementation for our S3
# In the future, we could be using Ceph store.
./garage.nix
# S3 reverse proxy
./s3-revproxy.nix
];
}

View file

@ -1,63 +0,0 @@
{ wrap }:
{ lib, pkgs, config, ... }:
let
garage-ephemeral-key = pkgs.writers.writePython3Bin
"garage-ephemeral-key"
{ libraries = [ pkgs.python3.pkgs.requests ]; }
(builtins.readFile ./garage_ephemeral_key.py);
# the usual copy pasta of systemd-analyze security satisfying rules
containment = {
DynamicUser = true;
CapabilityBoundingSet = "";
NoNewPrivileges = true;
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true;
ProtectHome = true;
ProtectClock = true;
ProtectProc = "noaccess";
ProcSubset = "pid";
UMask = "0077";
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProtectHostname = true;
RestrictSUIDSGID = true;
RestrictRealtime = true;
RestrictNamespaces = true;
LockPersonality = true;
RemoveIPC = true;
SystemCallFilter = [ "@system-service" "~@privileged" ];
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
MemoryDenyWriteExecute = true;
SystemCallArchitectures = "native";
};
in
{
_file = ./garage-ephemeral-key.nix;
environment.systemPackages = [
(wrap garage-ephemeral-key "garage-ephemeral-key")
];
# Clean expired ephemeral keys every 2 minutes
systemd.timers.garage-ephemeral-key-clean = {
wantedBy = [ "multi-user.target" ];
timerConfig = {
# Every 2 minutes.
OnCalendar = "*-*-* *:00/2";
};
};
systemd.services.garage-ephemeral-key-clean = {
after = [ "garage.service" ];
wants = [ "garage.service" ];
serviceConfig = {
ExecStart = "${lib.getExe garage-ephemeral-key} clean";
EnvironmentFile = config.age.secrets.garage.path;
} // containment;
};
}

View file

@ -1,106 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.bagel.s3.garage;
inherit (lib) mkEnableOption mkIf mkOption types;
# TODO: send me back upstream to cl.forkos.org.
wrap = pkg: name: pkgs.writeShellScriptBin name ''
set -a
[[ -z "''${GARAGE_RPC_SECRET:-}" ]] && source ${config.age.secrets.garage.path}
set +a
exec ${lib.getExe pkg} "$@"
'';
# TODO: generalize this idea
rootDomains = {
lix = "lix.systems";
floral = "floral.systems";
};
in
{
options.bagel.s3.garage = {
enable = mkEnableOption "the Garage implementation of S3";
tenant = mkOption {
type = types.enum [ "lix" "floral" ];
};
api.address = mkOption {
type = types.str;
default = "127.0.0.1:3900";
};
rootDomain = mkOption {
type = types.str;
default = rootDomains.${cfg.tenant};
};
dataDir = mkOption {
type = types.str;
};
metadataDir = mkOption {
default = "/var/lib/garage/metadata";
};
};
imports = [
(import ./garage-ephemeral-key.nix { inherit wrap; })
];
config = mkIf cfg.enable {
bagel.secrets.files = [
"garage-environment"
];
services.garage = {
enable = true;
# Slightly evil, but we have to wrap it here so the garage cli Just
# Works(tm) from the shell. It will no-op in the wrapper if the env is
# already set.
package = wrap pkgs.garage_0_9 "garage";
settings = {
data_dir = cfg.dataDir;
metadata_dir = cfg.metadataDir;
db_engine = "lmdb";
replication_mode = "none";
compression_level = 7;
rpc_bind_addr = "[::]:3901";
rpc_public_addr = "127.0.0.1:3901";
s3_api = {
s3_region = "garage";
api_bind_addr = cfg.api.address;
root_domain = ".s3.${cfg.rootDomain}";
};
s3_web = {
bind_addr = "127.0.0.1:3902";
root_domain = ".web.${cfg.rootDomain}";
index = "index.html";
};
k2v_api.api_bind_addr = "[::]:3904";
# FIXME(raito): api bind address should be secured.
# admin.api_bind_addr = "[${wnlib.generateIPv6Address "monitoring" "cache"}]:3903";
};
environmentFile = config.age.secrets.garage-environment.path;
};
systemd.services.garage.serviceConfig = {
User = "garage";
ReadWriteDirectories = [
cfg.dataDir
];
StateDirectory = "garage";
};
users.users.garage = {
isSystemUser = true;
group = "garage";
};
users.groups.garage = { };
};
}

View file

@ -1,106 +0,0 @@
{ lib, config, ... }:
let
inherit (lib) mkOption mkIf types mapAttrs;
cfgParent = config.bagel.s3;
cfg = config.bagel.s3.reverse-proxy;
mkTarget = { name, bucket ? name }: {
mount = {
host = "${name}.${cfgParent.webRootDomain}";
path = [ "/" ];
};
actions.GET = {
enabled = true;
config = {
# e.g. /2.90 will 404, so it will redirect to /2.90/ if it is a directory
redirectWithTrailingSlashForNotFoundFile = true;
indexDocument = "index.html";
};
};
bucket = {
name = bucket;
region = "garage";
s3Endpoint = "https://${cfgParent.s3RootDomain}";
credentials = {
accessKey.env = "AWS_ACCESS_KEY_ID";
secretKey.env = "AWS_SECRET_KEY";
};
};
};
in
{
options.bagel.s3.reverse-proxy = {
targets = mkOption {
type = types.attrsOf (types.submodule ({ name, ... }: {
bucket = mkOption {
type = types.str;
default = name;
};
}));
default = { };
};
port = mkOption {
type = types.port;
default = 10652;
};
};
config = mkIf cfg.enable {
age.secrets.s3-revproxy-api-key-env.file = ./s3-revproxy-env.age;
# this solves garage supporting neither anonymous access nor automatic
# directory indexing by simply ignoring garage's web server and replacing it
# with overengineered golang instead.
services.s3-revproxy = {
enable = true;
settings = {
templates = {
helpers = [ ./s3-revproxy-templates/_helpers.tpl ];
notFoundError = {
headers = {
"Content-Type" = "{{ template \"main.headers.contentType\" . }}";
};
status = "404";
};
folderList = {
path = ./s3-revproxy-templates/folder-list.tpl;
headers = {
"Content-Type" = "{{ template \"main.headers.contentType\" . }}";
};
# empty s3 directories are not real and cannot hurt you.
# due to redirectWithTrailingSlashForNotFoundFile, garbage file names
# get redirected as folders, which then appear as empty, yielding
# poor UX.
status = ''
{{- if eq (len .Entries) 0 -}}
404
{{- else -}}
200
{{- end -}}
'';
};
};
/* For metrics and debugging (e.g. pulling the config)
internalServer = {
listenAddr = "127.0.0.1";
port = 1337;
};
*/
server = {
listenAddr = "127.0.0.1";
port = cfg.port;
# it's going right into nginx, so no point
compress.enabled = false;
cors = {
enabled = true;
allowMethods = [ "GET" ];
allowOrigins = [ "*" ];
};
};
targets = mapAttrs mkTarget cfg.targets;
};
environmentFile = config.age.secrets.s3-revproxy-api-key-env.path;
};
};
}

View file

@ -1,81 +0,0 @@
{ config, lib, ... }:
# TODO: move to wildcard TLS.
let
cfgParent = config.bagel.s3;
cfg = config.bagel.s3.web;
buckets = [ "install" "cache" "releases" "docs" ];
mkWebLocationBlock = host: {
proxyPass = "http://127.0.0.1:3902";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host ${host};
'';
};
mkDirectSubdomain = subdomain: {
enableACME = true;
forceSSL = true;
locations."/" = mkWebLocationBlock "${subdomain}.${webHost}";
};
# Makes a subdomain that gets proxied through s3-proxy to provide directory
# listings and reasonable 404 pages.
# This is not used on cache, since there a directory listing for cache is a
# liability at best.
mkProxiedSubdomain = subdomain: {
enableACME = true;
forceSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:${toString s3RevproxyPort}/";
};
};
in
{
options.bagel.s3.web = {
};
config = {
services.nginx = {
enable = true;
virtualHosts = {
${host} = {
enableACME = true;
forceSSL = true;
serverAliases = builtins.map (b: "${b}.${host}") buckets;
locations."/" = {
proxyPass = "http://127.0.0.1:3900";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
# Disable buffering to a temporary file.
proxy_max_temp_file_size 0;
client_max_body_size 20G;
'';
};
};
${webHost} = {
enableACME = true;
forceSSL = true;
locations."/" = mkWebLocationBlock "$host";
# Create a subdomain for each bucket; and include special aliases
# for our special buckets 'cache' and 'install'.
serverAliases =
(builtins.map (b: "${b}.${webHost}") buckets);
};
};
};
networking.firewall.allowedTCPPorts = [
80 443
];
};
}

View file

@ -32,6 +32,11 @@ in
]; ];
server_name = "forkos.org"; server_name = "forkos.org";
database.backend = "rocksdb"; database.backend = "rocksdb";
server_discovery = {
server.authority = "matrix.forkos.org:443";
client.base_url = "https://matrix.forkos.org";
};
}; };
}; };
@ -48,18 +53,7 @@ in
"forkos.org" = { "forkos.org" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations = { locations."/.well-known/matrix".proxyPass = "http://grapevine";
"= /.well-known/matrix/server".extraConfig = ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{"m.server": "matrix.forkos.org:443"}';
'';
"= /.well-known/matrix/client".extraConfig = ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{"m.homeserver": {"base_url": "https://matrix.forkos.org/"}, "m.identity_server": {"base_url": "https://matrix.org/"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.forkos.org"}}';
'';
};
}; };
}; };
}; };

View file

@ -23,6 +23,9 @@ in
}; };
services.postgresql.settings.shared_preload_libraries = "pg_stat_statements"; services.postgresql.settings.shared_preload_libraries = "pg_stat_statements";
systemd.services.postgresql.postStart = lib.mkAfter ''
${config.services.postgresql.package}/bin/psql -U postgres -c "CREATE EXTENSION IF NOT EXISTS pg_stat_statements;";
'';
bagel.monitoring.grafana-agent.exporters.postgres.port = 9104; bagel.monitoring.grafana-agent.exporters.postgres.port = 9104;
}; };

View file

@ -1,11 +1,11 @@
groups: groups:
- name: ForkOS automation - name: ForkOS automation
rules: rules:
- alert: SyncFailedTooOften - alert: SyncFailedTooOften
expr: 'changes(node_systemd_unit_state{name=~"ows.*.service",state="failed"}[24h]) > 2' expr: 'changes(node_systemd_unit_state{name=~"ows.*.service",state="failed"}[1d]) > 2'
for: 30m for: 30m
labels: labels:
severity: critical severity: critical
annotations: annotations:
summary: "Synchronization job {{ $labels.name }} has failed more than twice in the last 24 hours" description: On {{ $labels.instance }}, the synchronization job has failed more than twice in the last 24 hours, check if there's a conflict or a stdenv change.
description: "On {{ $labels.instance }}, the synchronization job has failed more than twice in the last 24 hours, check if there's a conflict or a stdenv change." summary: Synchronization job {{ $labels.name }} has failed more than twice in the last 24 hours

View file

@ -1,102 +1,118 @@
groups: groups:
- name: PostgreSQL - name: PostgreSQL
rules: rules:
- alert: PostgresqlTableNotAutoVacuumed
- alert: PostgresqlTableNotAutoVacuumed expr: '(pg_stat_user_tables_last_autovacuum > 0) and (time() - pg_stat_user_tables_last_autovacuum) > 60 * 60 * 24 * 10'
expr: '(pg_stat_user_tables_last_autovacuum > 0) and (time() - pg_stat_user_tables_last_autovacuum) > 60 * 60 * 24 * 10' labels:
for: 0m severity: warning
labels: annotations:
severity: warning description: |-
annotations: Table {{ $labels.relname }} has not been auto vacuumed for 10 days
summary: Postgresql table not auto vacuumed (instance {{ $labels.instance }}) VALUE = {{ $value }}
description: "Table {{ $labels.relname }} has not been auto vacuumed for 10 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" LABELS = {{ $labels }}
summary: Postgresql table not auto vacuumed (instance {{ $labels.instance }})
- alert: PostgresqlTableNotAutoAnalyzed - alert: PostgresqlTableNotAutoAnalyzed
expr: '(pg_stat_user_tables_last_autoanalyze > 0) and (time() - pg_stat_user_tables_last_autoanalyze) > 24 * 60 * 60 * 10' expr: '(pg_stat_user_tables_last_autoanalyze > 0) and (time() - pg_stat_user_tables_last_autoanalyze) > 24 * 60 * 60 * 10'
for: 0m labels:
labels: severity: warning
severity: warning annotations:
annotations: description: |-
summary: Postgresql table not auto analyzed (instance {{ $labels.instance }}) Table {{ $labels.relname }} has not been auto analyzed for 10 days
description: "Table {{ $labels.relname }} has not been auto analyzed for 10 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" VALUE = {{ $value }}
LABELS = {{ $labels }}
- alert: PostgresqlDeadLocks summary: Postgresql table not auto analyzed (instance {{ $labels.instance }})
expr: 'increase(pg_stat_database_deadlocks{datname!~"template.*|postgres"}[1m]) > 5' - alert: PostgresqlDeadLocks
for: 0m expr: 'increase(pg_stat_database_deadlocks{datname!~"template.*|postgres"}[1m]) > 5'
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: Postgresql dead locks (instance {{ $labels.instance }}) description: |-
description: "PostgreSQL has dead-locks\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" PostgreSQL has dead-locks
VALUE = {{ $value }}
- alert: PostgresqlHighRollbackRate LABELS = {{ $labels }}
expr: 'sum by (namespace,datname) ((rate(pg_stat_database_xact_rollback{datname!~"template.*|postgres",datid!="0"}[3m])) / ((rate(pg_stat_database_xact_rollback{datname!~"template.*|postgres",datid!="0"}[3m])) + (rate(pg_stat_database_xact_commit{datname!~"template.*|postgres",datid!="0"}[3m])))) > 0.02' summary: Postgresql dead locks (instance {{ $labels.instance }})
for: 0m - alert: PostgresqlHighRollbackRate
labels: expr: 'sum by (namespace, datname) ((rate(pg_stat_database_xact_rollback{datid!="0",datname!~"template.*|postgres"}[3m])) / ((rate(pg_stat_database_xact_rollback{datid!="0",datname!~"template.*|postgres"}[3m])) + (rate(pg_stat_database_xact_commit{datid!="0",datname!~"template.*|postgres"}[3m])))) > 0.02'
severity: warning labels:
annotations: severity: warning
summary: Postgresql high rollback rate (instance {{ $labels.instance }}) annotations:
description: "Ratio of transactions being aborted compared to committed is > 2 %\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" description: |-
Ratio of transactions being aborted compared to committed is > 2 %
- alert: PostgresqlHighRateStatementTimeout VALUE = {{ $value }}
expr: 'rate(postgresql_errors_total{type="statement_timeout"}[1m]) > 3' LABELS = {{ $labels }}
for: 0m summary: Postgresql high rollback rate (instance {{ $labels.instance }})
labels: - alert: PostgresqlHighRateStatementTimeout
severity: critical expr: 'rate(postgresql_errors_total{type="statement_timeout"}[1m]) > 3'
annotations: labels:
summary: Postgresql high rate statement timeout (instance {{ $labels.instance }}) severity: critical
description: "Postgres transactions showing high rate of statement timeouts\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" annotations:
description: |-
- alert: PostgresqlHighRateDeadlock Postgres transactions showing high rate of statement timeouts
expr: 'increase(postgresql_errors_total{type="deadlock_detected"}[1m]) > 1' VALUE = {{ $value }}
for: 0m LABELS = {{ $labels }}
labels: summary: Postgresql high rate statement timeout (instance {{ $labels.instance }})
severity: critical - alert: PostgresqlHighRateDeadlock
annotations: expr: 'increase(postgresql_errors_total{type="deadlock_detected"}[1m]) > 1'
summary: Postgresql high rate deadlock (instance {{ $labels.instance }}) labels:
description: "Postgres detected deadlocks\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" severity: critical
annotations:
- alert: PostgresqlTooManyDeadTuples description: |-
expr: '((pg_stat_user_tables_n_dead_tup > 10000) / (pg_stat_user_tables_n_live_tup + pg_stat_user_tables_n_dead_tup)) >= 0.1' Postgres detected deadlocks
for: 2m VALUE = {{ $value }}
labels: LABELS = {{ $labels }}
severity: warning summary: Postgresql high rate deadlock (instance {{ $labels.instance }})
annotations: - alert: PostgresqlTooManyDeadTuples
summary: Postgresql too many dead tuples (instance {{ $labels.instance }}) expr: '((pg_stat_user_tables_n_dead_tup > 10000) / (pg_stat_user_tables_n_live_tup + pg_stat_user_tables_n_dead_tup)) >= 0.1'
description: "PostgreSQL dead tuples is too large\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" for: 2m
labels:
- alert: PostgresqlTooManyLocksAcquired severity: warning
expr: '((sum (pg_locks_count)) / (pg_settings_max_locks_per_transaction * pg_settings_max_connections)) > 0.20' annotations:
for: 2m description: |-
labels: PostgreSQL dead tuples is too large
severity: critical VALUE = {{ $value }}
annotations: LABELS = {{ $labels }}
summary: Postgresql too many locks acquired (instance {{ $labels.instance }}) summary: Postgresql too many dead tuples (instance {{ $labels.instance }})
description: "Too many locks acquired on the database. If this alert happens frequently, we may need to increase the postgres setting max_locks_per_transaction.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" - alert: PostgresqlTooManyLocksAcquired
expr: '((sum(pg_locks_count)) / (pg_settings_max_locks_per_transaction * pg_settings_max_connections)) > 0.2'
- alert: PostgresqlBloatIndexHigh(>80%) for: 2m
expr: 'pg_bloat_btree_bloat_pct > 80 and on (idxname) (pg_bloat_btree_real_size > 100000000)' labels:
for: 1h severity: critical
labels: annotations:
severity: warning description: |-
annotations: Too many locks acquired on the database. If this alert happens frequently, we may need to increase the postgres setting max_locks_per_transaction.
summary: Postgresql bloat index high (> 80%) (instance {{ $labels.instance }}) VALUE = {{ $value }}
description: "The index {{ $labels.idxname }} is bloated. You should execute `REINDEX INDEX CONCURRENTLY {{ $labels.idxname }};`\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" LABELS = {{ $labels }}
summary: Postgresql too many locks acquired (instance {{ $labels.instance }})
- alert: PostgresqlBloatTableHigh(>80%) - alert: PostgresqlBloatIndexHigh(>80%)
expr: 'pg_bloat_table_bloat_pct > 80 and on (relname) (pg_bloat_table_real_size > 200000000)' expr: 'pg_bloat_btree_bloat_pct > 80 and on (idxname) (pg_bloat_btree_real_size > 1e+08)'
for: 1h for: 1h
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: Postgresql bloat table high (> 80%) (instance {{ $labels.instance }}) description: |-
description: "The table {{ $labels.relname }} is bloated. You should execute `VACUUM {{ $labels.relname }};`\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" The index {{ $labels.idxname }} is bloated. You should execute `REINDEX INDEX CONCURRENTLY {{ $labels.idxname }};`
VALUE = {{ $value }}
- alert: PostgresqlInvalidIndex LABELS = {{ $labels }}
expr: 'pg_genaral_index_info_pg_relation_size{indexrelname=~".*ccnew.*"}' summary: Postgresql bloat index high (> 80%) (instance {{ $labels.instance }})
for: 6h - alert: PostgresqlBloatTableHigh(>80%)
labels: expr: 'pg_bloat_table_bloat_pct > 80 and on (relname) (pg_bloat_table_real_size > 2e+08)'
severity: warning for: 1h
annotations: labels:
summary: Postgresql invalid index (instance {{ $labels.instance }}) severity: warning
description: "The table {{ $labels.relname }} has an invalid index: {{ $labels.indexrelname }}. You should execute `DROP INDEX {{ $labels.indexrelname }};`\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" annotations:
description: |-
The table {{ $labels.relname }} is bloated. You should execute `VACUUM {{ $labels.relname }};`
VALUE = {{ $value }}
LABELS = {{ $labels }}
summary: Postgresql bloat table high (> 80%) (instance {{ $labels.instance }})
- alert: PostgresqlInvalidIndex
expr: 'pg_genaral_index_info_pg_relation_size{indexrelname=~".*ccnew.*"}'
for: 6h
labels:
severity: warning
annotations:
description: |-
The table {{ $labels.relname }} has an invalid index: {{ $labels.indexrelname }}. You should execute `DROP INDEX {{ $labels.indexrelname }};`
VALUE = {{ $value }}
LABELS = {{ $labels }}
summary: Postgresql invalid index (instance {{ $labels.instance }})

View file

@ -1,76 +1,100 @@
groups: groups:
- name: Host & hardware - name: Host & hardware
rules: rules:
- alert: HostOutOfMemory - alert: HostOutOfMemory
expr: (node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes * 100 < 10) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"} expr: (node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes * 100 < 10) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
for: 2m for: 2m
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: Host out of memory (instance {{ $labels.instance }}) description: |-
description: "Node memory is filling up (< 10% left)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" Node memory is filling up (< 10% left)
- alert: HostMemoryUnderMemoryPressure VALUE = {{ $value }}
expr: (rate(node_vmstat_pgmajfault[1m]) > 1000) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"} LABELS = {{ $labels }}
for: 2m summary: Host out of memory (instance {{ $labels.instance }})
labels: - alert: HostMemoryUnderMemoryPressure
severity: warning expr: (rate(node_vmstat_pgmajfault[1m]) > 1000) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
annotations: for: 2m
summary: Host memory under memory pressure (instance {{ $labels.instance }}) labels:
description: "The node is under heavy memory pressure. High rate of major page faults\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" severity: warning
- alert: HostMemoryIsUnderutilized annotations:
expr: (100 - (avg_over_time(node_memory_MemAvailable_bytes[30m]) / node_memory_MemTotal_bytes * 100) < 20) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"} description: |-
for: 1w The node is under heavy memory pressure. High rate of major page faults
labels: VALUE = {{ $value }}
severity: info LABELS = {{ $labels }}
annotations: summary: Host memory under memory pressure (instance {{ $labels.instance }})
summary: Host Memory is underutilized (instance {{ $labels.instance }}) - alert: HostMemoryIsUnderutilized
description: "Node memory is < 20% for 1 week. Consider reducing memory space. (instance {{ $labels.instance }})\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" expr: (100 - (avg_over_time(node_memory_MemAvailable_bytes[30m]) / node_memory_MemTotal_bytes * 100) < 20) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
- alert: HostOutOfDiskSpace for: 1w
expr: ((node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"} labels:
for: 2m severity: info
labels: annotations:
severity: warning description: |-
annotations: Node memory is < 20% for 1 week. Consider reducing memory space. (instance {{ $labels.instance }})
summary: Host out of disk space (instance {{ $labels.instance }}) VALUE = {{ $value }}
description: "Disk is almost full (< 10% left)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" LABELS = {{ $labels }}
- alert: HostDiskWillFillIn24Hours summary: Host Memory is underutilized (instance {{ $labels.instance }})
expr: ((node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) predict_linear(node_filesystem_avail_bytes{fstype!~"tmpfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly == 0) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"} - alert: HostOutOfDiskSpace
for: 2m expr: ((node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and on (instance, device, mountpoint) node_filesystem_readonly == 0) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
labels: for: 2m
severity: warning labels:
annotations: severity: warning
summary: Host disk will fill in 24 hours (instance {{ $labels.instance }}) annotations:
description: "Filesystem is predicted to run out of space within the next 24 hours at current write rate\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" description: |-
- alert: HostCpuIsUnderutilized Disk is almost full (< 10% left)
expr: (100 - (rate(node_cpu_seconds_total{mode="idle"}[30m]) * 100) < 20) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"} VALUE = {{ $value }}
for: 1w LABELS = {{ $labels }}
labels: summary: Host out of disk space (instance {{ $labels.instance }})
severity: info - alert: HostDiskWillFillIn24Hours
annotations: expr: ((node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and on (instance, device, mountpoint) predict_linear(node_filesystem_avail_bytes{fstype!~"tmpfs"}[1h], 24 * 3600) < 0 and on (instance, device, mountpoint) node_filesystem_readonly == 0) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
summary: Host CPU is underutilized (instance {{ $labels.instance }}) for: 2m
description: "CPU load is < 20% for 1 week. Consider reducing the number of CPUs.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" labels:
- alert: HostCpuStealNoisyNeighbor severity: warning
expr: (avg by(instance) (rate(node_cpu_seconds_total{mode="steal"}[5m])) * 100 > 10) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"} annotations:
for: 0m description: |-
labels: Filesystem is predicted to run out of space within the next 24 hours at current write rate
severity: warning VALUE = {{ $value }}
annotations: LABELS = {{ $labels }}
summary: Host CPU steal noisy neighbor (instance {{ $labels.instance }}) summary: Host disk will fill in 24 hours (instance {{ $labels.instance }})
description: "CPU steal is > 10%. A noisy neighbor is killing VM performances or a spot instance may be out of credit.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" - alert: HostCpuIsUnderutilized
- alert: HostOomKillDetected expr: (100 - (rate(node_cpu_seconds_total{mode="idle"}[30m]) * 100) < 20) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
expr: (increase(node_vmstat_oom_kill[1m]) > 0) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"} for: 1w
for: 0m labels:
labels: severity: info
severity: warning annotations:
annotations: description: |-
summary: Host OOM kill detected (instance {{ $labels.instance }}) CPU load is < 20% for 1 week. Consider reducing the number of CPUs.
description: "OOM kill detected\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" VALUE = {{ $value }}
- alert: HostNetworkInterfaceSaturated LABELS = {{ $labels }}
expr: ((rate(node_network_receive_bytes_total{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"}[1m]) + rate(node_network_transmit_bytes_total{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"}[1m])) / node_network_speed_bytes{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"} > 0.8 < 10000) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"} summary: Host CPU is underutilized (instance {{ $labels.instance }})
for: 1m - alert: HostCpuStealNoisyNeighbor
labels: expr: (avg by (instance) (rate(node_cpu_seconds_total{mode="steal"}[5m])) * 100 > 10) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
severity: warning labels:
annotations: severity: warning
summary: Host Network Interface Saturated (instance {{ $labels.instance }}) annotations:
description: "The network interface \"{{ $labels.device }}\" on \"{{ $labels.instance }}\" is getting overloaded.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" description: |-
CPU steal is > 10%. A noisy neighbor is killing VM performances or a spot instance may be out of credit.
VALUE = {{ $value }}
LABELS = {{ $labels }}
summary: Host CPU steal noisy neighbor (instance {{ $labels.instance }})
- alert: HostOomKillDetected
expr: (increase(node_vmstat_oom_kill[1m]) > 0) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
labels:
severity: warning
annotations:
description: |-
OOM kill detected
VALUE = {{ $value }}
LABELS = {{ $labels }}
summary: Host OOM kill detected (instance {{ $labels.instance }})
- alert: HostNetworkInterfaceSaturated
expr: ((rate(node_network_receive_bytes_total{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"}[1m]) + rate(node_network_transmit_bytes_total{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"}[1m])) / node_network_speed_bytes{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"} > 0.8 < 10000) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
for: 1m
labels:
severity: warning
annotations:
description: |-
The network interface "{{ $labels.device }}" on "{{ $labels.instance }}" is getting overloaded.
VALUE = {{ $value }}
LABELS = {{ $labels }}
summary: Host Network Interface Saturated (instance {{ $labels.instance }})

File diff suppressed because it is too large Load diff

View file

@ -20,7 +20,6 @@
"fiscalYearStartMonth": 0, "fiscalYearStartMonth": 0,
"gnetId": 9628, "gnetId": 9628,
"graphTooltip": 0, "graphTooltip": 0,
"id": 27,
"links": [], "links": [],
"liveNow": false, "liveNow": false,
"panels": [ "panels": [
@ -101,6 +100,7 @@
"graphMode": "none", "graphMode": "none",
"justifyMode": "auto", "justifyMode": "auto",
"orientation": "horizontal", "orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": { "reduceOptions": {
"calcs": [ "calcs": [
"mean" "mean"
@ -112,14 +112,14 @@
"textMode": "name", "textMode": "name",
"wideLayout": true "wideLayout": true
}, },
"pluginVersion": "11.0.0", "pluginVersion": "11.2.1",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_static{hostname=\"$hostname\"}", "expr": "pg_static{tenant=\"$tenant\",hostname=\"$hostname\"}",
"format": "time_series", "format": "time_series",
"instant": true, "instant": true,
"intervalFactor": 1, "intervalFactor": 1,
@ -182,6 +182,7 @@
"graphMode": "none", "graphMode": "none",
"justifyMode": "auto", "justifyMode": "auto",
"orientation": "horizontal", "orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": { "reduceOptions": {
"calcs": [ "calcs": [
"mean" "mean"
@ -193,14 +194,14 @@
"textMode": "auto", "textMode": "auto",
"wideLayout": true "wideLayout": true
}, },
"pluginVersion": "11.0.0", "pluginVersion": "11.2.1",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_postmaster_start_time_seconds{hostname=\"$hostname\"} * 1000", "expr": "pg_postmaster_start_time_seconds{tenant=\"$tenant\",hostname=\"$hostname\"} * 1000",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "", "legendFormat": "",
@ -261,6 +262,7 @@
"graphMode": "none", "graphMode": "none",
"justifyMode": "auto", "justifyMode": "auto",
"orientation": "horizontal", "orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": { "reduceOptions": {
"calcs": [ "calcs": [
"lastNotNull" "lastNotNull"
@ -272,14 +274,14 @@
"textMode": "auto", "textMode": "auto",
"wideLayout": true "wideLayout": true
}, },
"pluginVersion": "11.0.0", "pluginVersion": "11.2.1",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "SUM(pg_stat_database_tup_fetched{datname=~\"$datname\", hostname=~\"$hostname\"})", "expr": "SUM(pg_stat_database_tup_fetched{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\"})",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"refId": "A", "refId": "A",
@ -340,6 +342,7 @@
"graphMode": "none", "graphMode": "none",
"justifyMode": "auto", "justifyMode": "auto",
"orientation": "horizontal", "orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": { "reduceOptions": {
"calcs": [ "calcs": [
"lastNotNull" "lastNotNull"
@ -351,14 +354,14 @@
"textMode": "auto", "textMode": "auto",
"wideLayout": true "wideLayout": true
}, },
"pluginVersion": "11.0.0", "pluginVersion": "11.2.1",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "SUM(pg_stat_database_tup_inserted{datname=~\"$datname\", hostname=~\"$hostname\"})", "expr": "SUM(pg_stat_database_tup_inserted{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\"})",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"refId": "A", "refId": "A",
@ -419,6 +422,7 @@
"graphMode": "none", "graphMode": "none",
"justifyMode": "auto", "justifyMode": "auto",
"orientation": "horizontal", "orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": { "reduceOptions": {
"calcs": [ "calcs": [
"lastNotNull" "lastNotNull"
@ -430,14 +434,14 @@
"textMode": "auto", "textMode": "auto",
"wideLayout": true "wideLayout": true
}, },
"pluginVersion": "11.0.0", "pluginVersion": "11.2.1",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "SUM(pg_stat_database_tup_updated{datname=~\"$datname\", hostname=~\"$hostname\"})", "expr": "SUM(pg_stat_database_tup_updated{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\"})",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"refId": "A", "refId": "A",
@ -498,6 +502,7 @@
"graphMode": "none", "graphMode": "none",
"justifyMode": "auto", "justifyMode": "auto",
"orientation": "horizontal", "orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": { "reduceOptions": {
"calcs": [ "calcs": [
"mean" "mean"
@ -509,14 +514,14 @@
"textMode": "auto", "textMode": "auto",
"wideLayout": true "wideLayout": true
}, },
"pluginVersion": "11.0.0", "pluginVersion": "11.2.1",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_settings_max_connections{hostname=\"$hostname\"}", "expr": "pg_settings_max_connections{tenant=\"$tenant\",hostname=\"$hostname\"}",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"refId": "A" "refId": "A"
@ -602,6 +607,7 @@
"graphMode": "none", "graphMode": "none",
"justifyMode": "auto", "justifyMode": "auto",
"orientation": "horizontal", "orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": { "reduceOptions": {
"calcs": [ "calcs": [
"lastNotNull" "lastNotNull"
@ -613,14 +619,14 @@
"textMode": "auto", "textMode": "auto",
"wideLayout": true "wideLayout": true
}, },
"pluginVersion": "11.0.0", "pluginVersion": "11.2.1",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_settings_shared_buffers_bytes{hostname=\"$hostname\"}", "expr": "pg_settings_shared_buffers_bytes{tenant=\"$tenant\",hostname=\"$hostname\"}",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"refId": "A" "refId": "A"
@ -680,6 +686,7 @@
"graphMode": "none", "graphMode": "none",
"justifyMode": "auto", "justifyMode": "auto",
"orientation": "horizontal", "orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": { "reduceOptions": {
"calcs": [ "calcs": [
"lastNotNull" "lastNotNull"
@ -691,14 +698,14 @@
"textMode": "auto", "textMode": "auto",
"wideLayout": true "wideLayout": true
}, },
"pluginVersion": "11.0.0", "pluginVersion": "11.2.1",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_settings_effective_cache_size_bytes{hostname=\"$hostname\"}", "expr": "pg_settings_effective_cache_size_bytes{tenant=\"$tenant\",hostname=\"$hostname\"}",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"refId": "A" "refId": "A"
@ -758,6 +765,7 @@
"graphMode": "none", "graphMode": "none",
"justifyMode": "auto", "justifyMode": "auto",
"orientation": "horizontal", "orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": { "reduceOptions": {
"calcs": [ "calcs": [
"lastNotNull" "lastNotNull"
@ -769,14 +777,14 @@
"textMode": "auto", "textMode": "auto",
"wideLayout": true "wideLayout": true
}, },
"pluginVersion": "11.0.0", "pluginVersion": "11.2.1",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_settings_maintenance_work_mem_bytes{hostname=\"$hostname\"}", "expr": "pg_settings_maintenance_work_mem_bytes{tenant=\"$tenant\",hostname=\"$hostname\"}",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"refId": "A" "refId": "A"
@ -836,6 +844,7 @@
"graphMode": "none", "graphMode": "none",
"justifyMode": "auto", "justifyMode": "auto",
"orientation": "horizontal", "orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": { "reduceOptions": {
"calcs": [ "calcs": [
"lastNotNull" "lastNotNull"
@ -847,14 +856,14 @@
"textMode": "auto", "textMode": "auto",
"wideLayout": true "wideLayout": true
}, },
"pluginVersion": "11.0.0", "pluginVersion": "11.2.1",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_settings_work_mem_bytes{hostname=\"$hostname\"}", "expr": "pg_settings_work_mem_bytes{tenant=\"$tenant\",hostname=\"$hostname\"}",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "", "legendFormat": "",
@ -916,6 +925,7 @@
"graphMode": "none", "graphMode": "none",
"justifyMode": "auto", "justifyMode": "auto",
"orientation": "horizontal", "orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": { "reduceOptions": {
"calcs": [ "calcs": [
"lastNotNull" "lastNotNull"
@ -927,14 +937,14 @@
"textMode": "auto", "textMode": "auto",
"wideLayout": true "wideLayout": true
}, },
"pluginVersion": "11.0.0", "pluginVersion": "11.2.1",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_settings_max_wal_size_bytes{hostname=\"$hostname\"}", "expr": "pg_settings_max_wal_size_bytes{tenant=\"$tenant\",hostname=\"$hostname\"}",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"refId": "A" "refId": "A"
@ -994,6 +1004,7 @@
"graphMode": "none", "graphMode": "none",
"justifyMode": "auto", "justifyMode": "auto",
"orientation": "horizontal", "orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": { "reduceOptions": {
"calcs": [ "calcs": [
"lastNotNull" "lastNotNull"
@ -1005,14 +1016,14 @@
"textMode": "auto", "textMode": "auto",
"wideLayout": true "wideLayout": true
}, },
"pluginVersion": "11.0.0", "pluginVersion": "11.2.1",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_settings_random_page_cost{hostname=\"$hostname\"}", "expr": "pg_settings_random_page_cost{tenant=\"$tenant\",hostname=\"$hostname\"}",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"refId": "A" "refId": "A"
@ -1072,6 +1083,7 @@
"graphMode": "none", "graphMode": "none",
"justifyMode": "auto", "justifyMode": "auto",
"orientation": "horizontal", "orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": { "reduceOptions": {
"calcs": [ "calcs": [
"lastNotNull" "lastNotNull"
@ -1083,7 +1095,7 @@
"textMode": "auto", "textMode": "auto",
"wideLayout": true "wideLayout": true
}, },
"pluginVersion": "11.0.0", "pluginVersion": "11.2.1",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
@ -1150,6 +1162,7 @@
"graphMode": "none", "graphMode": "none",
"justifyMode": "auto", "justifyMode": "auto",
"orientation": "horizontal", "orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": { "reduceOptions": {
"calcs": [ "calcs": [
"mean" "mean"
@ -1161,14 +1174,14 @@
"textMode": "auto", "textMode": "auto",
"wideLayout": true "wideLayout": true
}, },
"pluginVersion": "11.0.0", "pluginVersion": "11.2.1",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_settings_max_worker_processes{hostname=\"$hostname\"}", "expr": "pg_settings_max_worker_processes{tenant=\"$tenant\",hostname=\"$hostname\"}",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"refId": "A" "refId": "A"
@ -1228,6 +1241,7 @@
"graphMode": "none", "graphMode": "none",
"justifyMode": "auto", "justifyMode": "auto",
"orientation": "horizontal", "orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": { "reduceOptions": {
"calcs": [ "calcs": [
"lastNotNull" "lastNotNull"
@ -1239,14 +1253,14 @@
"textMode": "auto", "textMode": "auto",
"wideLayout": true "wideLayout": true
}, },
"pluginVersion": "11.0.0", "pluginVersion": "11.2.1",
"targets": [ "targets": [
{ {
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_settings_max_parallel_workers{hostname=\"$hostname\"}", "expr": "pg_settings_max_parallel_workers{tenant=\"$tenant\",hostname=\"$hostname\"}",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"refId": "A" "refId": "A"
@ -1298,6 +1312,7 @@
"axisLabel": "", "axisLabel": "",
"axisPlacement": "auto", "axisPlacement": "auto",
"barAlignment": 0, "barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "points", "drawStyle": "points",
"fillOpacity": 10, "fillOpacity": 10,
"gradientMode": "none", "gradientMode": "none",
@ -1372,7 +1387,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_stat_activity_count{datname=~\"$datname\", hostname=~\"$hostname\", state=\"active\"} !=0", "expr": "pg_stat_activity_count{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\", state=\"active\"} !=0",
"format": "time_series", "format": "time_series",
"interval": "", "interval": "",
"intervalFactor": 2, "intervalFactor": 2,
@ -1401,6 +1416,7 @@
"axisLabel": "", "axisLabel": "",
"axisPlacement": "auto", "axisPlacement": "auto",
"barAlignment": 0, "barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line", "drawStyle": "line",
"fillOpacity": 10, "fillOpacity": 10,
"gradientMode": "none", "gradientMode": "none",
@ -1474,7 +1490,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "irate(pg_stat_database_xact_commit{hostname=\"$hostname\", datname=~\"$datname\"}[5m])", "expr": "irate(pg_stat_database_xact_commit{tenant=\"$tenant\",hostname=\"$hostname\", datname=~\"$datname\"}[5m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "{{datname}} commits", "legendFormat": "{{datname}} commits",
@ -1485,7 +1501,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "irate(pg_stat_database_xact_rollback{hostname=\"$hostname\", datname=~\"$datname\"}[5m])", "expr": "irate(pg_stat_database_xact_rollback{tenant=\"$tenant\",hostname=\"$hostname\", datname=~\"$datname\"}[5m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "{{datname}} rollbacks", "legendFormat": "{{datname}} rollbacks",
@ -1512,6 +1528,7 @@
"axisLabel": "", "axisLabel": "",
"axisPlacement": "auto", "axisPlacement": "auto",
"barAlignment": 0, "barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line", "drawStyle": "line",
"fillOpacity": 10, "fillOpacity": 10,
"gradientMode": "none", "gradientMode": "none",
@ -1585,7 +1602,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_stat_database_tup_updated{datname=~\"$datname\", hostname=~\"$hostname\"} != 0", "expr": "pg_stat_database_tup_updated{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\"} != 0",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "{{datname}}", "legendFormat": "{{datname}}",
@ -1613,6 +1630,7 @@
"axisLabel": "", "axisLabel": "",
"axisPlacement": "auto", "axisPlacement": "auto",
"barAlignment": 0, "barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line", "drawStyle": "line",
"fillOpacity": 10, "fillOpacity": 10,
"gradientMode": "none", "gradientMode": "none",
@ -1686,7 +1704,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_stat_database_tup_fetched{datname=~\"$datname\", hostname=~\"$hostname\"} != 0", "expr": "pg_stat_database_tup_fetched{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\"} != 0",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "{{datname}}", "legendFormat": "{{datname}}",
@ -1714,6 +1732,7 @@
"axisLabel": "", "axisLabel": "",
"axisPlacement": "auto", "axisPlacement": "auto",
"barAlignment": 0, "barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line", "drawStyle": "line",
"fillOpacity": 10, "fillOpacity": 10,
"gradientMode": "none", "gradientMode": "none",
@ -1787,7 +1806,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_stat_database_tup_inserted{datname=~\"$datname\", hostname=~\"$hostname\"} != 0", "expr": "pg_stat_database_tup_inserted{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\"} != 0",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "{{datname}}", "legendFormat": "{{datname}}",
@ -1815,6 +1834,7 @@
"axisLabel": "", "axisLabel": "",
"axisPlacement": "auto", "axisPlacement": "auto",
"barAlignment": 0, "barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line", "drawStyle": "line",
"fillOpacity": 10, "fillOpacity": 10,
"gradientMode": "none", "gradientMode": "none",
@ -1890,7 +1910,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_locks_count{datname=~\"$datname\", hostname=~\"$hostname\", mode=~\"$mode\"} != 0", "expr": "pg_locks_count{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\", mode=~\"$mode\"} != 0",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "{{datname}},{{mode}}", "legendFormat": "{{datname}},{{mode}}",
@ -1948,8 +1968,7 @@
"mode": "absolute", "mode": "absolute",
"steps": [ "steps": [
{ {
"color": "green", "color": "green"
"value": null
}, },
{ {
"color": "red", "color": "red",
@ -1991,7 +2010,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_stat_database_tup_returned{datname=~\"$datname\", hostname=~\"$hostname\"} != 0", "expr": "pg_stat_database_tup_returned{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\"} != 0",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "{{datname}}", "legendFormat": "{{datname}}",
@ -2050,8 +2069,7 @@
"mode": "absolute", "mode": "absolute",
"steps": [ "steps": [
{ {
"color": "green", "color": "green"
"value": null
}, },
{ {
"color": "red", "color": "red",
@ -2092,7 +2110,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_stat_activity_count{datname=~\"$datname\", hostname=~\"$hostname\", state=~\"idle|idle in transaction|idle in transaction (aborted)\"}", "expr": "pg_stat_activity_count{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\", state=~\"idle|idle in transaction|idle in transaction (aborted)\"}",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "{{datname}}, s: {{state}}", "legendFormat": "{{datname}}, s: {{state}}",
@ -2150,8 +2168,7 @@
"mode": "absolute", "mode": "absolute",
"steps": [ "steps": [
{ {
"color": "green", "color": "green"
"value": null
}, },
{ {
"color": "red", "color": "red",
@ -2193,7 +2210,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_stat_database_tup_deleted{datname=~\"$datname\", hostname=~\"$hostname\"} != 0", "expr": "pg_stat_database_tup_deleted{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\"} != 0",
"format": "time_series", "format": "time_series",
"intervalFactor": 2, "intervalFactor": 2,
"legendFormat": "{{datname}}", "legendFormat": "{{datname}}",
@ -2252,8 +2269,7 @@
"mode": "absolute", "mode": "absolute",
"steps": [ "steps": [
{ {
"color": "green", "color": "green"
"value": null
}, },
{ {
"color": "red", "color": "red",
@ -2294,7 +2310,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "pg_stat_database_blks_hit{hostname=\"$hostname\", datname=~\"$datname\"} / (pg_stat_database_blks_read{hostname=\"$hostname\", datname=~\"$datname\"} + pg_stat_database_blks_hit{hostname=\"$hostname\", datname=~\"$datname\"})", "expr": "pg_stat_database_blks_hit{tenant=\"$tenant\",hostname=\"$hostname\", datname=~\"$datname\"} / (pg_stat_database_blks_read{tenant=\"$tenant\",hostname=\"$hostname\", datname=~\"$datname\"} + pg_stat_database_blks_hit{tenant=\"$tenant\",hostname=\"$hostname\", datname=~\"$datname\"})",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "{{ datname }}", "legendFormat": "{{ datname }}",
@ -2351,8 +2367,7 @@
"mode": "absolute", "mode": "absolute",
"steps": [ "steps": [
{ {
"color": "green", "color": "green"
"value": null
}, },
{ {
"color": "red", "color": "red",
@ -2395,7 +2410,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "irate(pg_stat_bgwriter_buffers_backend{hostname=\"$hostname\"}[5m])", "expr": "irate(pg_stat_bgwriter_buffers_backend{tenant=\"$tenant\",hostname=\"$hostname\"}[5m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "buffers_backend", "legendFormat": "buffers_backend",
@ -2406,7 +2421,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "irate(pg_stat_bgwriter_buffers_alloc{hostname=\"$hostname\"}[5m])", "expr": "irate(pg_stat_bgwriter_buffers_alloc{tenant=\"$tenant\",hostname=\"$hostname\"}[5m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "buffers_alloc", "legendFormat": "buffers_alloc",
@ -2417,7 +2432,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "irate(pg_stat_bgwriter_buffers_backend_fsync{hostname=\"$hostname\"}[5m])", "expr": "irate(pg_stat_bgwriter_buffers_backend_fsync{tenant=\"$tenant\",hostname=\"$hostname\"}[5m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "backend_fsync", "legendFormat": "backend_fsync",
@ -2428,7 +2443,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "irate(pg_stat_bgwriter_buffers_checkpoint{hostname=\"$hostname\"}[5m])", "expr": "irate(pg_stat_bgwriter_buffers_checkpoint{tenant=\"$tenant\",hostname=\"$hostname\"}[5m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "buffers_checkpoint", "legendFormat": "buffers_checkpoint",
@ -2439,7 +2454,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "irate(pg_stat_bgwriter_buffers_clean{hostname=\"$hostname\"}[5m])", "expr": "irate(pg_stat_bgwriter_buffers_clean{tenant=\"$tenant\",hostname=\"$hostname\"}[5m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "buffers_clean", "legendFormat": "buffers_clean",
@ -2497,8 +2512,7 @@
"mode": "absolute", "mode": "absolute",
"steps": [ "steps": [
{ {
"color": "green", "color": "green"
"value": null
}, },
{ {
"color": "red", "color": "red",
@ -2540,7 +2554,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "irate(pg_stat_database_conflicts{hostname=\"$hostname\", datname=~\"$datname\"}[5m])", "expr": "irate(pg_stat_database_conflicts{tenant=\"$tenant\",hostname=\"$hostname\", datname=~\"$datname\"}[5m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "{{datname}} conflicts", "legendFormat": "{{datname}} conflicts",
@ -2551,7 +2565,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "irate(pg_stat_database_deadlocks{hostname=\"$hostname\", datname=~\"$datname\"}[5m])", "expr": "irate(pg_stat_database_deadlocks{tenant=\"$tenant\",hostname=\"$hostname\", datname=~\"$datname\"}[5m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "{{datname}} deadlocks", "legendFormat": "{{datname}} deadlocks",
@ -2610,8 +2624,7 @@
"mode": "absolute", "mode": "absolute",
"steps": [ "steps": [
{ {
"color": "green", "color": "green"
"value": null
}, },
{ {
"color": "red", "color": "red",
@ -2653,7 +2666,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "irate(pg_stat_database_temp_bytes{hostname=\"$hostname\", datname=~\"$datname\"}[5m])", "expr": "irate(pg_stat_database_temp_bytes{tenant=\"$tenant\",hostname=\"$hostname\", datname=~\"$datname\"}[5m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "{{datname}}", "legendFormat": "{{datname}}",
@ -2710,8 +2723,7 @@
"mode": "absolute", "mode": "absolute",
"steps": [ "steps": [
{ {
"color": "green", "color": "green"
"value": null
}, },
{ {
"color": "red", "color": "red",
@ -2754,7 +2766,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "irate(pg_stat_bgwriter_checkpoint_write_time{hostname=\"$hostname\"}[5m])", "expr": "irate(pg_stat_bgwriter_checkpoint_write_time{tenant=\"$tenant\",hostname=\"$hostname\"}[5m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "write_time - Total amount of time that has been spent in the portion of checkpoint processing where files are written to disk.", "legendFormat": "write_time - Total amount of time that has been spent in the portion of checkpoint processing where files are written to disk.",
@ -2765,7 +2777,7 @@
"type": "prometheus", "type": "prometheus",
"uid": "mimir" "uid": "mimir"
}, },
"expr": "irate(pg_stat_bgwriter_checkpoint_sync_time{hostname=\"$hostname\"}[5m])", "expr": "irate(pg_stat_bgwriter_checkpoint_sync_time{tenant=\"$tenant\",hostname=\"$hostname\"}[5m])",
"format": "time_series", "format": "time_series",
"intervalFactor": 1, "intervalFactor": 1,
"legendFormat": "sync_time - Total amount of time that has been spent in the portion of checkpoint processing where files are synchronized to disk.", "legendFormat": "sync_time - Total amount of time that has been spent in the portion of checkpoint processing where files are synchronized to disk.",
@ -2866,8 +2878,32 @@
{ {
"current": { "current": {
"selected": false, "selected": false,
"text": "bagel-box", "text": "fake",
"value": "bagel-box" "value": "fake"
},
"definition": "label_values(tenant)",
"hide": 0,
"includeAll": true,
"label": "Tenant",
"multi": true,
"name": "tenant",
"options": [],
"query": {
"qryType": 1,
"query": "label_values(tenant)",
"refId": "PrometheusVariableQueryEditor-VariableQuery"
},
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"type": "query"
},
{
"current": {
"selected": true,
"text": "buildbot",
"value": "buildbot"
}, },
"datasource": { "datasource": {
"type": "prometheus", "type": "prometheus",
@ -2962,7 +2998,6 @@
"from": "now-6h", "from": "now-6h",
"to": "now" "to": "now"
}, },
"timeRangeUpdatedDuringEditOrView": false,
"timepicker": { "timepicker": {
"refresh_intervals": [ "refresh_intervals": [
"5s", "5s",

View file

@ -17,7 +17,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
age.secrets.grafana-oauth-secret = { age.secrets.grafana-oauth-secret = {
file = ../../../secrets/grafana-oauth-secret.age; file = ../../../secrets/floral/grafana-oauth-secret.age;
owner = "grafana"; owner = "grafana";
}; };

View file

@ -13,10 +13,10 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
age.secrets = { age.secrets = {
metrics-push-htpasswd = { metrics-push-htpasswd = {
file = ../../../secrets/metrics-push-htpasswd.age; file = ../../../secrets/floral/metrics-push-htpasswd.age;
owner = "nginx"; owner = "nginx";
}; };
loki-environment.file = ../../../secrets/loki-environment.age; loki-environment.file = ../../../secrets/floral/loki-environment.age;
}; };
services.loki = { services.loki = {

View file

@ -9,6 +9,15 @@ let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
mimirPort = config.services.mimir.configuration.server.http_listen_port; mimirPort = config.services.mimir.configuration.server.http_listen_port;
alerts = pkgs.runCommand "mimir-alerts-checked" {
src = ./alerts;
nativeBuildInputs = with pkgs; [ prometheus.cli ];
} ''
promtool check rules $src/*
mkdir $out
cp -R $src $out/anonymous/
'';
in in
{ {
options.bagel.services.prometheus.enable = mkEnableOption "Prometheus scraper"; options.bagel.services.prometheus.enable = mkEnableOption "Prometheus scraper";
@ -16,11 +25,11 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
age.secrets = { age.secrets = {
metrics-push-htpasswd = { metrics-push-htpasswd = {
file = ../../../secrets/metrics-push-htpasswd.age; file = ../../../secrets/floral/metrics-push-htpasswd.age;
owner = "nginx"; owner = "nginx";
}; };
mimir-environment.file = ../../../secrets/mimir-environment.age; mimir-environment.file = ../../../secrets/floral/mimir-environment.age;
mimir-webhook-url.file = ../../../secrets/mimir-webhook-url.age; mimir-webhook-url.file = ../../../secrets/floral/mimir-webhook-url.age;
}; };
services.mimir = { services.mimir = {
@ -60,10 +69,7 @@ in
blocks_storage.backend = "s3"; blocks_storage.backend = "s3";
ruler_storage = { ruler_storage = {
backend = "local"; backend = "local";
local.directory = pkgs.runCommand "mimir-rules" {} '' local.directory = alerts;
mkdir -p $out
ln -s ${./alerts} $out/anonymous
'';
}; };
alertmanager = { alertmanager = {

View file

@ -13,10 +13,10 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
age.secrets = { age.secrets = {
metrics-push-htpasswd = { metrics-push-htpasswd = {
file = ../../../secrets/metrics-push-htpasswd.age; file = ../../../secrets/floral/metrics-push-htpasswd.age;
owner = "nginx"; owner = "nginx";
}; };
tempo-environment.file = ../../../secrets/tempo-environment.age; tempo-environment.file = ../../../secrets/floral/tempo-environment.age;
}; };
services.tempo = { services.tempo = {

View file

@ -20,7 +20,10 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
age.secrets.netbox-environment.file = ../../secrets/netbox-environment.age; # FIXME: why
nixpkgs.config.permittedInsecurePackages = [ pkgs.netbox_3_7.name ];
age.secrets.netbox-environment.file = ../../secrets/floral/netbox-environment.age;
services = { services = {
netbox = { netbox = {
enable = true; enable = true;

View file

@ -26,10 +26,12 @@ in {
webroot = "/var/lib/acme/.challenges"; webroot = "/var/lib/acme/.challenges";
group = "rabbitmq"; group = "rabbitmq";
}; };
services.nginx.enable = true;
services.nginx.virtualHosts.${amqpHost}.locations."/.well-known/acme-challenge".root = services.nginx.virtualHosts.${amqpHost}.locations."/.well-known/acme-challenge".root =
"/var/lib/acme/.challenges"; "/var/lib/acme/.challenges";
systemd.services.rabbitmq.requires = ["acme-finished-${amqpHost}.target"]; systemd.services.rabbitmq.requires = ["acme-finished-${amqpHost}.target"];
networking.firewall.allowedTCPPorts = [ amqpPort ]; networking.firewall.allowedTCPPorts = [ 80 443 amqpPort ];
}; };
} }

View file

@ -70,7 +70,7 @@ in
]; ];
config = mkIf cfg.enable { config = mkIf cfg.enable {
age.secrets.s3-revproxy-api-keys.file = ../../secrets/s3-revproxy-api-keys.age; age.secrets.s3-revproxy-api-keys.file = ../../secrets/floral/s3-revproxy-api-keys.age;
# For each target, generate an entry that passes it to the s3-revproxy. # For each target, generate an entry that passes it to the s3-revproxy.
services.nginx.virtualHosts = mapAttrs' (subdomain: _: nameValuePair "${subdomain}.${cfg.domain}" (mkProxiedSubdomain subdomain)) cfg.targets; services.nginx.virtualHosts = mapAttrs' (subdomain: _: nameValuePair "${subdomain}.${cfg.domain}" (mkProxiedSubdomain subdomain)) cfg.targets;
# this solves garage supporting neither anonymous access nor automatic # this solves garage supporting neither anonymous access nor automatic

View file

@ -59,7 +59,7 @@ in
443 443
]; ];
age.secrets.stateless-uptime-kuma-password.file = ../../secrets/stateless-uptime-kuma-password.age; age.secrets.stateless-uptime-kuma-password.file = ../../secrets/floral/stateless-uptime-kuma-password.age;
statelessUptimeKuma = { statelessUptimeKuma = {
probesConfig = { probesConfig = {
monitors = lib.genAttrs subdomains (name: { monitors = lib.genAttrs subdomains (name: {
@ -83,6 +83,9 @@ in
]; ];
}; };
}; };
settings = {
entryPage = "statusPage-forkos";
};
}; };
extraFlags = [ "-s" ]; extraFlags = [ "-s" ];
host = "http://localhost:${builtins.toString port}/"; host = "http://localhost:${builtins.toString port}/";