more monitoring

2025-04-25 16:08:30 +02:00 · 2024-05-31 14:51:58 +02:00 · 2024-05-31 14:51:58 +02:00 · d58be54704
commit d58be54704
parent 3f206d8fe0
7 changed files with 128 additions and 14 deletions
--- a/hosts/falkenstein/modules/caddy/default.nix
+++ b/hosts/falkenstein/modules/caddy/default.nix
@ -20,6 +20,14 @@ in
    enable = true;
    email = "ca@${config.networking.domain}";
    logFormat = "format console";
+    globalConfig = ''
+      servers {
+        metrics
+      }
+    '';
+    virtualHosts.":2018".extraConfig = ''
+      metrics
+    '';
    virtualHosts."${config.networking.domain}".extraConfig = ''
      file_server browse
      root * /srv/web/${config.networking.domain}
@ -28,6 +36,6 @@ in
    '';
  };
  systemd.services.caddy.environment.XDG_DATA_HOME = "/var/lib";
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 2018 ];
  networking.firewall.allowedUDPPorts = [ 443 ];
 }
--- a/hosts/falkenstein/modules/mail/rspamd.nix
+++ b/hosts/falkenstein/modules/mail/rspamd.nix
@ -8,6 +8,7 @@
      locals = {
        "worker-controller.inc".text = ''
          secure_ip = "0.0.0.0/0";
+          bind_socket = "0.0.0.0:11334";
        '';
        "redis.conf".text = ''
          read_servers = "/run/redis-rspamd/redis.sock";
@ -54,6 +55,7 @@
      reverse_proxy 127.0.0.1:11334
    '';
  };
+  networking.firewall.allowedTCPPorts = [ 11334 ];
  systemd = {
    services.rspamd-dmarc-report = {
      description = "rspamd dmarc reporter";
--- a/hosts/falkenstein/modules/monitoring/default.nix
+++ b/hosts/falkenstein/modules/monitoring/default.nix
@ -3,7 +3,7 @@
  age.secrets."maxmind" = {
    file = ../../../../secrets/shared/maxmind.age;
  };
-  users.users."promtail".extraGroups = [ "caddy" ];
+  users.users."promtail".extraGroups = [ "caddy" "systemd-journal" ];
  services.prometheus = {
    exporters = {
      node = {
@ -42,6 +42,41 @@
        url = "http://nuc.vpn.rfive.de:3030/loki/api/v1/push";
      }];
      scrape_configs = [
+        {
+          job_name = "journal";
+          journal = {
+            json = false;
+            max_age = "12h";
+            path = "/var/log/journal";
+            labels.job = "systemd-journal";
+          };
+          relabel_configs = [
+            {
+              source_labels = [ "__journal__systemd_unit" ];
+              target_label = "unit";
+            }
+            {
+              source_labels = [ "__journal__hostname" ];
+              target_label = "host";
+            }
+            {
+              source_labels = [ "__journal_priority_keyword" ];
+              target_label = "level";
+            }
+            {
+              source_labels = [ "__journal_syslog_identifier" ];
+              target_label = "syslog_identifier";
+            }
+          ];
+          pipeline_stages = [
+            {
+              match = {
+                selector = ''{unit="promtail.servicel"}'';
+                action = "drop";
+              };
+            }
+          ];
+        }
        {
          job_name = "caddy_access_log";
          static_configs = [
@ -55,6 +90,13 @@
            }
          ];
          pipeline_stages = [
+            {
+              # remove :443 from matrix or rspamd logs
+              replace = {
+                expression = ".*(de:443).*";
+                replace = "de";
+              };
+            }
            {
              json.expressions.remote_ip = "request.remote_ip";
            }
--- a/hosts/falkenstein/modules/trucksimulatorbot/default.nix
+++ b/hosts/falkenstein/modules/trucksimulatorbot/default.nix
@ -35,5 +35,6 @@ in
      uri strip_prefix /images
      reverse_proxy unix//run/trucksimulator/images.sock
    }
+    reverse_proxy unix//run/trucksimulator/app.sock
  '';
 }