80 lines
2.1 KiB
Nix
80 lines
2.1 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.bagel.services.tempo;
|
|
inherit (lib) mkEnableOption mkIf;
|
|
in
|
|
{
|
|
options.bagel.services.tempo.enable = mkEnableOption "Tempo trace store";
|
|
|
|
config = mkIf cfg.enable {
|
|
age.secrets = {
|
|
metrics-push-htpasswd = {
|
|
file = ../../../secrets/floral/metrics-push-htpasswd.age;
|
|
owner = "nginx";
|
|
};
|
|
tempo-environment.file = ../../../secrets/floral/tempo-environment.age;
|
|
};
|
|
|
|
services.tempo = {
|
|
enable = true;
|
|
extraFlags = ["--config.expand-env=true"];
|
|
settings = {
|
|
multitenancy_enabled = false;
|
|
stream_over_http_enabled = true;
|
|
|
|
server = {
|
|
http_listen_port = 9190;
|
|
grpc_listen_port = 9195;
|
|
};
|
|
distributor.receivers.otlp.protocols.http.endpoint = "127.0.0.1:4138";
|
|
|
|
storage.trace = {
|
|
backend = "s3";
|
|
s3 = {
|
|
endpoint = "s3.delroth.net";
|
|
bucket = "bagel-tempo";
|
|
secret_key = "\${S3_KEY}"; # This is a secret injected via an environment variable
|
|
access_key = "\${S3_KEY_ID}";
|
|
};
|
|
wal.path = "/var/lib/tempo/traces-wal";
|
|
};
|
|
|
|
metrics_generator.storage = {
|
|
path = "/var/lib/tempo/metrics-wal";
|
|
remote_write = [
|
|
{
|
|
url = "http://127.0.0.1:9009/api/v1/push";
|
|
}
|
|
];
|
|
};
|
|
|
|
overrides.defaults.metrics_generator.processors = [ "span-metrics" ];
|
|
};
|
|
};
|
|
|
|
systemd.services.tempo.serviceConfig.EnvironmentFile = [ config.age.secrets.tempo-environment.path ];
|
|
|
|
services.nginx = {
|
|
upstreams.tempo = {
|
|
servers."${config.services.tempo.settings.distributor.receivers.otlp.protocols.http.endpoint}" = {};
|
|
extraConfig = "keepalive 16;";
|
|
};
|
|
|
|
virtualHosts."tempo.forkos.org" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
proxyPass = "http://tempo";
|
|
basicAuthFile = config.age.secrets.metrics-push-htpasswd.path;
|
|
};
|
|
};
|
|
};
|
|
|
|
bagel.monitoring.grafana-agent.exporters.tempo.port = 9190;
|
|
};
|
|
}
|