Raito Bezarius
92560708b8
Lix may have its own secrets and we want to maintain a certain generalization level on the NixOS modules, so we can decorrelate which secret we select dynamically by having a simple tenancy hierarchy system. This unfortunately requires to rewrite all call sites with a floral prefix until we migrate them to the simple internal secret module which is aware of this. Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
74 lines
2 KiB
Nix
74 lines
2 KiB
Nix
{ lib, config, ... }:
|
|
let
|
|
inherit (lib) mkEnableOption mkIf;
|
|
cfg = config.bagel.services.pyroscope;
|
|
pyroscopePort = config.services.pyroscope.settings.server.http_listen_port;
|
|
in
|
|
{
|
|
options.bagel.services.pyroscope = {
|
|
enable = mkEnableOption "pyroscope server";
|
|
};
|
|
|
|
# TODO: send me to nixpkgs
|
|
imports = [
|
|
./module.nix
|
|
];
|
|
|
|
config = mkIf cfg.enable {
|
|
age.secrets.pyroscope-secrets.file = ../../../secrets/floral/pyroscope-secrets.age;
|
|
services.nginx = {
|
|
upstreams.pyroscope = {
|
|
servers."127.0.0.1:${toString pyroscopePort}" = {};
|
|
extraConfig = "keepalive 16;";
|
|
};
|
|
|
|
virtualHosts."pyroscope.forkos.org" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/ingest" = {
|
|
proxyPass = "http://pyroscope";
|
|
basicAuthFile = config.age.secrets.metrics-push-htpasswd.path;
|
|
};
|
|
locations."/push.v1.PusherService/Push" = {
|
|
proxyPass = "http://pyroscope";
|
|
basicAuthFile = config.age.secrets.metrics-push-htpasswd.path;
|
|
};
|
|
};
|
|
};
|
|
services.pyroscope = {
|
|
enable = true;
|
|
secretFile = config.age.secrets.pyroscope-secrets.path;
|
|
settings = {
|
|
target = "all";
|
|
multitenancy_enabled = false;
|
|
|
|
api.base-url = "https://pyroscope.forkos.org";
|
|
analytics.reporting_enabled = false;
|
|
|
|
storage = {
|
|
backend = "s3";
|
|
s3 = {
|
|
endpoint = "s3.delroth.net";
|
|
region = "garage";
|
|
bucket_name = "bagel-pyroscope";
|
|
access_key_id = "\${S3_KEY_ID}";
|
|
secret_access_key = "\${S3_KEY}";
|
|
force_path_style = true;
|
|
};
|
|
};
|
|
server = {
|
|
http_listen_port = 4040;
|
|
grpc_listen_port = 9097;
|
|
grpc_server_max_recv_msg_size = 104857600;
|
|
grpc_server_max_send_msg_size = 104857600;
|
|
grpc_server_max_concurrent_streams = 1000;
|
|
};
|
|
|
|
memberlist = {
|
|
advertise_port = 7948;
|
|
bind_port = 7948;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|