From a1f172cba8f7de434cc183bb90b92e3812d2bc4f Mon Sep 17 00:00:00 2001 From: John Lotoski Date: Wed, 9 Oct 2024 10:32:51 -0500 Subject: [PATCH 1/8] bump: capkgs for mithril-unstable --- flake.lock | 6 +++--- flakeModules/pkgs.nix | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 9522f4d..328f052 100644 --- a/flake.lock +++ b/flake.lock @@ -158,11 +158,11 @@ }, "capkgs": { "locked": { - "lastModified": 1727968530, - "narHash": "sha256-40vaqMh09VmQo4hBOVjId82U7ASUOmMNR7aGGZbVwdQ=", + "lastModified": 1728397354, + "narHash": "sha256-5AB7mRXKMGDgrR0mbSnQsdBdR6ZwhpMDqYHInxuWC/U=", "owner": "input-output-hk", "repo": "capkgs", - "rev": "cc9373555eb2dd13791adc7128b6869241d33c36", + "rev": "427ccc70c7adcb3dec72bb9f8fd55898e13b931a", "type": "github" }, "original": { diff --git a/flakeModules/pkgs.nix b/flakeModules/pkgs.nix index b798e00..f9912f3 100644 --- a/flakeModules/pkgs.nix +++ b/flakeModules/pkgs.nix @@ -462,9 +462,9 @@ in (mkPkg "metadata-webhook" caPkgs.metadata-webhook-input-output-hk-offchain-metadata-tools-ops-1-0-0-f406c6d) # Mithril unstable tag is unavailable likely due to upstream tag moving; re-assign unstable tag to sanchonet when availability to capkgs returns (mkPkg "mithril-client-cli" (recursiveUpdate caPkgs.mithril-client-cli-input-output-hk-mithril-2437-1-pre-9fd9ae8 {meta.mainProgram = "mithril-client";})) - (mkPkg "mithril-client-cli-ng" (recursiveUpdate caPkgs.mithril-client-cli-input-output-hk-mithril-2437-1-pre-9fd9ae8 {meta.mainProgram = "mithril-client";})) + (mkPkg "mithril-client-cli-ng" (recursiveUpdate caPkgs.mithril-client-cli-input-output-hk-mithril-unstable-ef0c28a {meta.mainProgram = "mithril-client";})) (mkPkg "mithril-signer" (recursiveUpdate caPkgs.mithril-signer-input-output-hk-mithril-2437-1-pre-9fd9ae8 {meta.mainProgram = "mithril-signer";})) - (mkPkg "mithril-signer-ng" (recursiveUpdate caPkgs.mithril-signer-input-output-hk-mithril-2437-1-pre-9fd9ae8 {meta.mainProgram = "mithril-signer";})) + (mkPkg "mithril-signer-ng" (recursiveUpdate caPkgs.mithril-signer-input-output-hk-mithril-unstable-ef0c28a {meta.mainProgram = "mithril-signer";})) (mkPkg "token-metadata-creator" (recursiveUpdate caPkgs.token-metadata-creator-input-output-hk-offchain-metadata-tools-ops-1-0-0-f406c6d {meta.mainProgram = "token-metadata-creator";})) ]; }; From 81f476c2c4ecce65d46ba7fa705c63c45a609f12 Mon Sep 17 00:00:00 2001 From: John Lotoski Date: Fri, 11 Oct 2024 18:36:42 -0500 Subject: [PATCH 2/8] bump/mod: code to drop legacy mn relays+filtering from topo --- flake.lock | 28 +++++------ flake.nix | 4 +- .../profile-cardano-node-group.nix | 7 +-- .../profile-cardano-node-topology.nix | 48 ++++++++----------- 4 files changed, 38 insertions(+), 49 deletions(-) diff --git a/flake.lock b/flake.lock index 328f052..b02fbe1 100644 --- a/flake.lock +++ b/flake.lock @@ -241,16 +241,16 @@ "cardano-node-service": { "flake": false, "locked": { - "lastModified": 1721843629, - "narHash": "sha256-F5wgRA820x16f+8c/LlEEBG0rMJIA1XWw6X0ZwX5UWs=", + "lastModified": 1728686091, + "narHash": "sha256-gc4P+THcnnOEP34az+NncS97ETVlSTbZ/58bAYd2oec=", "owner": "IntersectMBO", "repo": "cardano-node", - "rev": "176f99e51155cb3eaa0711db1c3c969d67438958", + "rev": "6cfedc9ada83f614b86833b6f3530d87f545e95c", "type": "github" }, "original": { "owner": "IntersectMBO", - "ref": "9.1.0", + "ref": "jl/mn-relays-new", "repo": "cardano-node", "type": "github" } @@ -258,16 +258,16 @@ "cardano-node-service-ng": { "flake": false, "locked": { - "lastModified": 1721843629, - "narHash": "sha256-F5wgRA820x16f+8c/LlEEBG0rMJIA1XWw6X0ZwX5UWs=", + "lastModified": 1728686091, + "narHash": "sha256-gc4P+THcnnOEP34az+NncS97ETVlSTbZ/58bAYd2oec=", "owner": "IntersectMBO", "repo": "cardano-node", - "rev": "176f99e51155cb3eaa0711db1c3c969d67438958", + "rev": "6cfedc9ada83f614b86833b6f3530d87f545e95c", "type": "github" }, "original": { "owner": "IntersectMBO", - "ref": "9.1.0", + "ref": "jl/mn-relays-new", "repo": "cardano-node", "type": "github" } @@ -776,11 +776,11 @@ "sodium": "sodium" }, "locked": { - "lastModified": 1721825987, - "narHash": "sha256-PPcma4tjozwXJAWf+YtHUQUulmxwulVlwSQzKItx/n8=", + "lastModified": 1728687575, + "narHash": "sha256-38uD8SqT557eh5yyRYuthKm1yTtiWzAN0FH7L/01QKM=", "owner": "input-output-hk", "repo": "iohk-nix", - "rev": "eb61f2c14e1f610ec59117ad40f8690cddbf80cb", + "rev": "86c2bd46e8a08f62ea38ffe77cb4e9c337b42217", "type": "github" }, "original": { @@ -797,11 +797,11 @@ "sodium": "sodium_2" }, "locked": { - "lastModified": 1721825987, - "narHash": "sha256-PPcma4tjozwXJAWf+YtHUQUulmxwulVlwSQzKItx/n8=", + "lastModified": 1728687575, + "narHash": "sha256-38uD8SqT557eh5yyRYuthKm1yTtiWzAN0FH7L/01QKM=", "owner": "input-output-hk", "repo": "iohk-nix", - "rev": "eb61f2c14e1f610ec59117ad40f8690cddbf80cb", + "rev": "86c2bd46e8a08f62ea38ffe77cb4e9c337b42217", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 6f92b7b..544f1e7 100644 --- a/flake.nix +++ b/flake.nix @@ -58,12 +58,12 @@ }; cardano-node-service = { - url = "github:IntersectMBO/cardano-node/9.1.0"; + url = "github:IntersectMBO/cardano-node/jl/mn-relays-new"; flake = false; }; cardano-node-service-ng = { - url = "github:IntersectMBO/cardano-node/9.1.0"; + url = "github:IntersectMBO/cardano-node/jl/mn-relays-new"; flake = false; }; diff --git a/flake/nixosModules/profile-cardano-node-group.nix b/flake/nixosModules/profile-cardano-node-group.nix index c707675..5a5e671 100644 --- a/flake/nixosModules/profile-cardano-node-group.nix +++ b/flake/nixosModules/profile-cardano-node-group.nix @@ -316,12 +316,7 @@ if (cfg.producers == []) && cfg.publicProducers == [] - # The if can be dropped once a GA release is >= node 8.9.0 for `&& cfg.bootstrapPeers == null` - && ( - if cfg ? bootstrapPeers - then cfg.bootstrapPeers == null - else true - ) + && cfg.bootstrapPeers == null && (flatten (map cfg.instanceProducers iRange)) == [] && (flatten (map cfg.instancePublicProducers iRange)) == [] then mkTopology cardanoLib.environments.${environmentName} diff --git a/flake/nixosModules/profile-cardano-node-topology.nix b/flake/nixosModules/profile-cardano-node-topology.nix index 689f74f..1239676 100644 --- a/flake/nixosModules/profile-cardano-node-topology.nix +++ b/flake/nixosModules/profile-cardano-node-topology.nix @@ -43,8 +43,7 @@ topologyFns = with topologyLib; { edge = - # This can be simplified upon all machines deployed >= node 8.9.0 - if cfgNode ? bootstrapPeers && cfgNode.bootstrapPeers != null + if cfgNode.bootstrapPeers != null then [] else p2pEdgeNodes cfg.edgeNodes; @@ -359,31 +358,26 @@ }; config = { - services.cardano-node = - { - extraNodeConfig = mkIf (cfg.role == "bp") roles.${cfg.role}.extraNodeConfig; - - producers = mkIf (cfg.role != null || cfg.enableProducers) ( - if cfg.role != null - then verboseTrace "producers" (roles.${cfg.role}.producers ++ extraNodeListProducers ++ extraProducers) - else verboseTrace "producers" (topologyFns.${cfg.producerTopologyFn} ++ extraNodeListProducers ++ extraProducers) - ); - - publicProducers = mkIf (cfg.role != null || cfg.enablePublicProducers) ( - # Extra node list public producers and public producers for roles are included in the role defns due to selective mkForce use - if cfg.role != null - then verboseTrace "publicProducers" roles.${cfg.role}.publicProducers - else verboseTrace "publicProducers" (topologyFns.${cfg.publicProducerTopologyFn} ++ extraNodeListPublicProducers ++ extraPublicProducers) - ); - - usePeersFromLedgerAfterSlot = mkIf (cfg.role == "bp") roles.${cfg.role}.usePeersFromLedgerAfterSlot; - } - # This can be simplified upon all machines deployed >= node 8.9.0 - // optionalAttrs (cfgNode ? bootstrapPeers) { - bootstrapPeers = - mkIf (cfg.role == "bp") - null; - }; + services.cardano-node = { + extraNodeConfig = mkIf (cfg.role == "bp") roles.${cfg.role}.extraNodeConfig; + + bootstrapPeers = mkIf (cfg.role == "bp") null; + + producers = mkIf (cfg.role != null || cfg.enableProducers) ( + if cfg.role != null + then verboseTrace "producers" (roles.${cfg.role}.producers ++ extraNodeListProducers ++ extraProducers) + else verboseTrace "producers" (topologyFns.${cfg.producerTopologyFn} ++ extraNodeListProducers ++ extraProducers) + ); + + publicProducers = mkIf (cfg.role != null || cfg.enablePublicProducers) ( + # Extra node list public producers and public producers for roles are included in the role defns due to selective mkForce use + if cfg.role != null + then verboseTrace "publicProducers" roles.${cfg.role}.publicProducers + else verboseTrace "publicProducers" (topologyFns.${cfg.publicProducerTopologyFn} ++ extraNodeListPublicProducers ++ extraPublicProducers) + ); + + usePeersFromLedgerAfterSlot = mkIf (cfg.role == "bp") roles.${cfg.role}.usePeersFromLedgerAfterSlot; + }; }; }; } From 4e07fe9e032e7333db4d9323c1ea5a3a9a1c29fb Mon Sep 17 00:00:00 2001 From: John Lotoski Date: Mon, 14 Oct 2024 14:39:50 -0500 Subject: [PATCH 3/8] imp: update jobs to cli build deprecated era cmds; use build-raw --- flakeModules/jobs.nix | 97 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 78 insertions(+), 19 deletions(-) diff --git a/flakeModules/jobs.nix b/flakeModules/jobs.nix index a1dfdca..1480fd0 100644 --- a/flakeModules/jobs.nix +++ b/flakeModules/jobs.nix @@ -99,6 +99,7 @@ in { # [$DEBUG] # [$ERA] (deprecated `--$ERA-era` flag) # [$ERA_CMD] + # [$FEE] # $KEY_DIR # $NUM_GENESIS_KEYS # $PAYMENT_KEY @@ -109,20 +110,36 @@ in { # [$USE_DECRYPTION] # [$USE_SHELL_BINS] + if [ -z "''${FEE:-}" ]; then + echo "Fee for update proposal tx is defaulting to 500000 lovelace" + FEE="500000" + fi + CHANGE_ADDRESS=$( "''${CARDANO_CLI[@]}" address build \ --payment-verification-key-file "$(decrypt_check "$PAYMENT_KEY".vkey)" \ --testnet-magic "$TESTNET_MAGIC" ) - TXIN=$( + UTXO=$( "''${CARDANO_CLI[@]}" query utxo \ --address "$CHANGE_ADDRESS" \ --testnet-magic "$TESTNET_MAGIC" \ --out-file /dev/stdout \ - | jq -r '(to_entries | sort_by(.value.value.lovelace) | reverse)[0].key' + | jq -r --arg fee "$FEE" 'to_entries + | + [ + sort_by(.value.value.lovelace)[] + | select(.value.value > ($fee | tonumber)) + | {"txin": .key, "address": .value.address, "amount": .value.value.lovelace} + ] + [0]' ) + TXIN=$(jq -r '.txin' <<< "$UTXO") + TXVAL=$(jq -r '.amount' <<< "$UTXO") + CHANGE=$((TXVAL - FEE)) + EPOCH=$( "''${CARDANO_CLI[@]}" query tip \ --testnet-magic "$TESTNET_MAGIC" \ @@ -147,11 +164,11 @@ in { "''${PROPOSAL_KEY_ARGS[@]}" \ --out-file update.proposal - "''${CARDANO_CLI[@]}" transaction build ''${ERA:+$ERA} \ + "''${CARDANO_CLI[@]}" transaction build-raw ''${ERA:+$ERA} \ --tx-in "$TXIN" \ - --change-address "$CHANGE_ADDRESS" \ + --tx-out "$CHANGE_ADDRESS+$CHANGE" \ + --fee "$FEE" \ --update-proposal-file update.proposal \ - --testnet-magic "$TESTNET_MAGIC" \ --out-file tx-proposal.txbody "''${CARDANO_CLI[@]}" transaction sign \ @@ -632,6 +649,7 @@ in { # [$DEBUG] # [$ERA] (deprecated `--$ERA-era` flag) # [$ERA_CMD] + # [$FEE] # [$NO_DEPLOY_DIR] # $PAYMENT_KEY # [$POOL_DELEG_INDEX] @@ -650,6 +668,11 @@ in { ${secretsFns} ${selectCardanoCli} + if [ -z "''${FEE:-}" ]; then + echo "Fee for rewards delegation tx is defaulting to 200000 lovelace" + FEE="200000" + fi + if [ -z "''${POOL_NAMES:-}" ]; then echo "Pool names must be provided as a space delimited string via POOL_NAMES env var" exit 1 @@ -667,7 +690,6 @@ in { NO_DEPLOY_DIR="''${NO_DEPLOY_DIR:-$STAKE_POOL_DIR/no-deploy}" mkdir -p "$STAKE_POOL_DIR"/deploy "$NO_DEPLOY_DIR" - WITNESSES="3" CHANGE_ADDRESS=$( "''${CARDANO_CLI[@]}" address build \ --payment-verification-key-file "$(decrypt_check "$PAYMENT_KEY".vkey)" \ @@ -690,14 +712,25 @@ in { --out-file "$POOL_NAME"-reward-delegation.cert # Generate transaction - TXIN=$( + UTXO=$( "''${CARDANO_CLI[@]}" query utxo \ --address "$CHANGE_ADDRESS" \ --testnet-magic "$TESTNET_MAGIC" \ --out-file /dev/stdout \ - | jq -r '(to_entries | sort_by(.value.value.lovelace) | reverse)[0].key' + | jq -r --arg fee "$FEE" 'to_entries + | + [ + sort_by(.value.value.lovelace)[] + | select(.value.value > ($fee | tonumber)) + | {"txin": .key, "address": .value.address, "amount": .value.value.lovelace} + ] + [0]' ) + TXIN=$(jq -r '.txin' <<< "$UTXO") + TXVAL=$(jq -r '.amount' <<< "$UTXO") + CHANGE=$((TXVAL - FEE)) + # Generate arrays needed for build/sign commands BUILD_TX_ARGS=() SIGN_TX_ARGS=() @@ -707,12 +740,11 @@ in { SIGN_TX_ARGS+=("--signing-key-file" "$(decrypt_check "$NO_DEPLOY_FILE-reward-stake.skey")") SIGN_TX_ARGS+=("--signing-key-file" "$(decrypt_check "$NO_DEPLOY_FILE-cold.skey")") - "''${CARDANO_CLI[@]}" transaction build ''${ERA:+$ERA} \ + "''${CARDANO_CLI[@]}" transaction build-raw \ --tx-in "$TXIN" \ - --change-address "$CHANGE_ADDRESS" \ - --witness-override "$WITNESSES" \ + --tx-out "$CHANGE_ADDRESS+$CHANGE" \ + --fee "$FEE" \ "''${BUILD_TX_ARGS[@]}" \ - --testnet-magic "$TESTNET_MAGIC" \ --out-file "$POOL_NAME"-tx-pool-deleg.txbody "''${CARDANO_CLI[@]}" transaction sign \ @@ -735,6 +767,7 @@ in { # [$DEBUG] # [$ERA] (deprecated `--$ERA-era` flag) # [$ERA_CMD] + # [$FEE] # [$NO_DEPLOY_DIR] # $PAYMENT_KEY # [$POOL_METADATA_BASE_URL] @@ -743,6 +776,8 @@ in { # [$POOL_PLEDGE] # $POOL_RELAY # $POOL_RELAY_PORT + # [$STAKE_ADDRESS_DEPOSIT] + # [$STAKE_POOL_DEPOSIT] # [$STAKE_POOL_DIR] # [$SUBMIT_TX] # [$UNSTABLE] @@ -758,6 +793,11 @@ in { ${secretsFns} ${selectCardanoCli} + if [ -z "''${FEE:-}" ]; then + echo "Fee for stake pool registration tx is defaulting to 300000 lovelace" + FEE="300000" + fi + if [ -z "''${POOL_NAMES:-}" ]; then echo "Pool names must be provided as a space delimited string via POOL_NAMES env var" exit 1 @@ -770,11 +810,20 @@ in { POOL_PLEDGE="10000000000000" fi + if [ -z "''${STAKE_ADDRESS_DEPOSIT:-}" ]; then + echo "Stakepool deposit is defaulting to 2000000 lovelace" + STAKE_ADDRESS_DEPOSIT="2000000" + fi + + if [ -z "''${STAKE_POOL_DEPOSIT:-}" ]; then + echo "Stakepool deposit is defaulting to 500000000 lovelace" + STAKE_POOL_DEPOSIT="500000000" + fi + NO_DEPLOY_DIR="''${NO_DEPLOY_DIR:-$STAKE_POOL_DIR/no-deploy}" mkdir -p "$STAKE_POOL_DIR"/deploy "$NO_DEPLOY_DIR" NUM_POOLS=$((''${#POOLS[@]})) - WITNESSES=$((NUM_POOLS * 2 + 2)) CHANGE_ADDRESS=$( "''${CARDANO_CLI[@]}" address build \ --payment-verification-key-file "$(decrypt_check "$PAYMENT_KEY".vkey)" \ @@ -844,14 +893,25 @@ in { encrypt_check "$NO_DEPLOY_FILE"-reward-payment-stake.addr # Generate transaction - TXIN=$( + UTXO=$( "''${CARDANO_CLI[@]}" query utxo \ --address "$CHANGE_ADDRESS" \ --testnet-magic "$TESTNET_MAGIC" \ --out-file /dev/stdout \ - | jq -r '(to_entries | sort_by(.value.value.lovelace) | reverse)[0].key' + | jq -r --arg fee "$FEE" 'to_entries + | + [ + sort_by(.value.value.lovelace)[] + | select(.value.value > ($fee | tonumber)) + | {"txin": .key, "address": .value.address, "amount": .value.value.lovelace} + ] + [0]' ) + TXIN=$(jq -r '.txin' <<< "$UTXO") + TXVAL=$(jq -r '.amount' <<< "$UTXO") + CHANGE=$((TXVAL - (NUM_POOLS * (POOL_PLEDGE + STAKE_POOL_DEPOSIT)) - ((NUM_POOLS + 1) * STAKE_ADDRESS_DEPOSIT) - FEE)) + # Generate arrays needed for build/sign commands BUILD_TX_ARGS=() SIGN_TX_ARGS=() @@ -887,12 +947,11 @@ in { SIGN_TX_ARGS+=("--signing-key-file" "$(decrypt_check "$NO_DEPLOY_FILE-owner-stake.skey")") done - "''${CARDANO_CLI[@]}" transaction build ''${ERA:+$ERA} \ + "''${CARDANO_CLI[@]}" transaction build-raw \ --tx-in "$TXIN" \ - --change-address "$CHANGE_ADDRESS" \ - --witness-override "$WITNESSES" \ + --tx-out "$CHANGE_ADDRESS+$CHANGE" \ + --fee "$FEE" \ "''${BUILD_TX_ARGS[@]}" \ - --testnet-magic "$TESTNET_MAGIC" \ --out-file "''${POOLS[0]}"-tx-pool-reg.txbody "''${CARDANO_CLI[@]}" transaction sign \ From 859d0f1b7404f8fd6d070510401da0c9561cb832 Mon Sep 17 00:00:00 2001 From: John Lotoski Date: Wed, 16 Oct 2024 18:21:31 -0500 Subject: [PATCH 4/8] imp: add profile-grafana-alloy nixosModule --- flake.lock | 6 +- flake/nixosModules/profile-common.nix | 1 + flake/nixosModules/profile-grafana-alloy.nix | 667 +++++++++++++++++++ 3 files changed, 671 insertions(+), 3 deletions(-) create mode 100644 flake/nixosModules/profile-grafana-alloy.nix diff --git a/flake.lock b/flake.lock index b02fbe1..37a5009 100644 --- a/flake.lock +++ b/flake.lock @@ -1154,11 +1154,11 @@ }, "nixpkgs-unstable_2": { "locked": { - "lastModified": 1727266098, - "narHash": "sha256-AHTKbJ9ffR7Nx+XcR2XP0AYLI4OlUh2IGh4SAkdG5Ig=", + "lastModified": 1728538411, + "narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4f31540079322e6013930b5b2563fd10f96917f0", + "rev": "b69de56fac8c2b6f8fd27f2eca01dcda8e0a4221", "type": "github" }, "original": { diff --git a/flake/nixosModules/profile-common.nix b/flake/nixosModules/profile-common.nix index 8b690de..cd76d92 100644 --- a/flake/nixosModules/profile-common.nix +++ b/flake/nixosModules/profile-common.nix @@ -28,6 +28,7 @@ imports = [ inputs.sops-nix.nixosModules.default inputs.auth-keys-hub.nixosModules.auth-keys-hub + (inputs.nixpkgs-unstable.outPath + "/nixos/modules/services/monitoring/alloy.nix") ]; programs = { diff --git a/flake/nixosModules/profile-grafana-alloy.nix b/flake/nixosModules/profile-grafana-alloy.nix new file mode 100644 index 0000000..f801c1b --- /dev/null +++ b/flake/nixosModules/profile-grafana-alloy.nix @@ -0,0 +1,667 @@ +# nixosModule: profile-grafana-alloy +# +# TODO: Move this to a docs generator +# +# Attributes available on nixos module import: +# config.services.alloy.enableLiveDebugging +# config.services.alloy.labels +# config.services.alloy.logLevel +# config.services.alloy.prometheusExporterUnixNodeSetCollectors +# config.services.alloy.prometheusRelabelNodeKeepRegex +# config.services.alloy.systemdEnableRestartMetrics +# config.services.alloy.systemdEnableStartTimeMetrics +# config.services.alloy.systemdEnableTaskMetrics +# config.services.alloy.systemdUnitExclude +# config.services.alloy.systemdUnitInclude +# config.services.alloy.useSopsSecrets +# +# Tips: +# * This module provides a grafana-alloy service and configures common application metrics hooks +flake @ {moduleWithSystem, ...}: { + flake.nixosModules.profile-grafana-alloy = moduleWithSystem ({inputs'}: { + config, + lib, + name, + pkgs, + self, + ... + }: + with builtins; + with lib; let + inherit (lib.types) attrsOf bool enum listOf str; + inherit (config.cardano-parts.perNode.meta) cardanoDbSyncPrometheusExporterPort cardanoNodePrometheusExporterPort hostAddr; + inherit (groupCfg) groupName groupFlake; + inherit (groupCfg.meta) environmentName; + inherit (opsLib) mkSopsSecret; + + groupCfg = config.cardano-parts.cluster.group; + groupOutPath = groupFlake.self.outPath; + opsLib = flake.config.flake.cardano-parts.lib.opsLib pkgs; + + mkSopsSecretParams = secretName: { + inherit groupOutPath groupName name secretName; + keyName = secretName + ".enc"; + # Setting grafana-alloy service to a non-dynamic user allows constraining the secrets file to non-root ownership + fileOwner = "grafana-alloy"; + fileGroup = "grafana-alloy"; + pathPrefix = "${groupOutPath}/secrets/monitoring/"; + restartUnits = ["alloy.service"]; + }; + + alloyComponentCfg = { + logging = '' + // Log setup + logging { + level = "${toString cfg.logLevel}" + format = "logfmt" + } + + ''; + + livedebugging = '' + // Live debug setup: experimental, but useful for relabel component investigation + livedebugging { + enabled = ${boolToString cfg.enableLiveDebugging} + } + + ''; + + secrets = '' + // Secrets + local.file "remote_write_url" { + filename = "/run/secrets/grafana-alloy-metrics-url" + } + + local.file "remote_write_username" { + filename = "/run/secrets/grafana-alloy-metrics-username" + } + + local.file "remote_write_password" { + filename = "/run/secrets/grafana-alloy-metrics-password" + is_secret = true + } + + ''; + + remoteWrite = '' + // Default prometheus remote write target + prometheus.remote_write "integrations" { + endpoint { + url = local.file.remote_write_url.content + + basic_auth { + username = local.file.remote_write_username.content + password = local.file.remote_write_password.content + } + } + } + + ''; + + alloy = '' + // Default grafana alloy integration components, in lowest to highest dependency order + prometheus.exporter.self "integrations_alloy" {} + + discovery.relabel "integrations_alloy" { + targets = prometheus.exporter.self.integrations_alloy.targets + + rule { + source_labels = ["alloy_hostname"] + target_label = "instance" + } + + rule { + regex = "^alloy_hostname$" + action = "labeldrop" + } + + rule { + target_label = "instance" + replacement = "${name}" + } + + rule { + target_label = "job" + replacement = "integrations/alloy-check" + } + } + + prometheus.scrape "integrations_alloy" { + targets = discovery.relabel.integrations_alloy.output + forward_to = [prometheus.relabel.integrations_alloy.receiver] + job_name = "integrations/alloy" + } + + prometheus.relabel "integrations_alloy" { + forward_to = [prometheus.remote_write.integrations.receiver] + + rule { + source_labels = ["__name__"] + regex = "${cfg.prometheusRelabelAlloyKeepRegex}" + action = "keep" + } + } + + ''; + + exporter = '' + // Default grafana alloy node exporter integration components, in lowest to highest dependency order + prometheus.exporter.unix "integrations_node_exporter" { + set_collectors = [${concatMapStringsSep ", " (s: "\"${s}\"") cfg.prometheusExporterUnixNodeSetCollectors}] + + systemd { + enable_restarts = ${boolToString cfg.systemdEnableRestartMetrics} + start_time = ${boolToString cfg.systemdEnableStartTimeMetrics} + task_metrics = ${boolToString cfg.systemdEnableTaskMetrics} + unit_exclude = "${cfg.systemdUnitExclude}" + unit_include = "${cfg.systemdUnitInclude}" + } + } + + discovery.relabel "integrations_node_exporter" { + targets = prometheus.exporter.unix.integrations_node_exporter.targets + + rule { + source_labels = ["alloy_hostname"] + target_label = "instance" + } + + rule { + regex = "^alloy_hostname$" + action = "labeldrop" + } + + rule { + target_label = "instance" + replacement = "${name}" + } + + rule { + target_label = "job" + replacement = "integrations/node_exporter" + } + } + + prometheus.scrape "integrations_node_exporter" { + targets = discovery.relabel.integrations_node_exporter.output + forward_to = [prometheus.relabel.integrations_node_exporter.receiver] + job_name = "integrations/node_exporter" + } + + prometheus.relabel "integrations_node_exporter" { + forward_to = [prometheus.remote_write.integrations.receiver] + + rule { + source_labels = ["__name__"] + regex = "${cfg.prometheusRelabelNodeKeepRegex}" + action = "keep" + } + + rule { + source_labels = ["__name__"] + regex = "^node_filesystem_readonly$" + action = "drop" + } + + rule { + source_labels = ["mountpoint"] + regex = "^|/|/boot|/state|/home|/nix$" + action = "keep" + } + + rule { + source_labels = ["mode"] + regex = "^|system|user|iowait|steal|idle$" + action = "keep" + } + } + + ''; + }; + + cardanoPartsComponentCfg = { + blockperf = concatStringsSep "\n" (optional (cfgSvc ? blockperf) '' + // Blockperf integration component + prometheus.scrape "integrations_blockperf" { + targets = [{ + __address__ = "127.0.0.1:${toString config.services.blockperf.port}", + ${concatStringsSep ", \n" (mapAttrsToList (n: v: "${n} = \"${v}\"") cfg.labels)}, + }] + forward_to = [prometheus.relabel.integrations_blockperf.receiver] + job_name = "integrations/blockperf" + params = { + format = ["prometheus"], + // Filtering here won't work as grafana-alloy encodes the + // pattern match. Filtering can be configured from the + // profile-cardano-custom-metrics nixosModule with the + // `enableFilter` and `filter` options. + // filter = ["statsd_cardano*"]; + } + metrics_path = "/" + + // Normally we prefer 1 minute default; however, we need + // higher frequency with blockperf to catch large block + // header delays. + scrape_interval = "10s"; + } + + prometheus.relabel "integrations_blockperf" { + forward_to = [prometheus.remote_write.integrations.receiver] + rule { + source_labels = ["__name__"] + regex = "^blockperf_.*$" + action = "keep" + } + } + + ''); + + cardanoCustomMetrics = concatStringsSep "\n" (optional (cfgSvc ? cardano-custom-metrics && cfgSvc.netdata.enable) '' + // Cardano custom metrics integration component + prometheus.scrape "integrations_cardano_custom_metrics" { + targets = [{ + __address__ = "${cfgSvc.cardano-custom-metrics.address}:${toString cfgSvc.cardano-custom-metrics.port}", + ${concatStringsSep ", \n" (mapAttrsToList (n: v: "${n} = \"${v}\"") cfg.labels)}, + }] + forward_to = [prometheus.remote_write.integrations.receiver] + job_name = "integrations/cardano-custom-metrics" + params = { + format = ["prometheus"], + // Filtering here won't work as grafana-alloy encodes the + // pattern match. Filtering can be configured from the + // profile-cardano-custom-metrics nixosModule with the + // `enableFilter` and `filter` options. + // filter = ["statsd_cardano*"]; + } + metrics_path = "/api/v1/allmetrics" + } + + ''); + + cardanoDbSync = concatStringsSep "\n" (optional (cfgSvc ? cardano-db-sync && cfgSvc.cardano-db-sync.enable) '' + // Cardano-db-sync integration component + prometheus.scrape "integrations_cardano_db_sync" { + targets = [{ + __address__ = "${hostAddr}:${toString cardanoDbSyncPrometheusExporterPort}", + ${concatStringsSep ", \n" (mapAttrsToList (n: v: "${n} = \"${v}\"") cfg.labels)}, + }] + forward_to = [prometheus.remote_write.integrations.receiver] + job_name = "integrations/cardano-db-sync" + metrics_path = "/" + } + + ''); + + cardanoFaucet = concatStringsSep "\n" (optional (cfgSvc ? cardano-faucet && cfgSvc.cardano-faucet.enable) '' + // Cardano-faucet integration component + prometheus.scrape "integrations_cardano_faucet" { + targets = [{ + __address__ = "127.0.0.1:${toString cfgSvc.cardano-faucet.faucetPort}", + ${concatStringsSep ", \n" (mapAttrsToList (n: v: "${n} = \"${v}\"") cfg.labels)}, + }] + forward_to = [prometheus.remote_write.integrations.receiver] + job_name = "integrations/cardano-faucet" + metrics_path = "/metrics" + } + + ''); + + cardanoNode = concatStringsSep "\n" (optionals (cfgSvc ? cardano-node && cfgSvc.cardano-node.enable) (map ( + i: let + metricsPath = + if cfgSvc.cardano-node.useLegacyTracing + then "/metrics" + else "/${(cfgSvc.cardano-node.extraNodeInstanceConfig i).TraceOptionNodeName}"; + + serviceName = i: + if i == 0 + then "cardano-node" + else "cardano-node-${toString i}"; + + target = + if cfgSvc.cardano-node.useLegacyTracing + then "${hostAddr}:${toString (cardanoNodePrometheusExporterPort + i)}" + else "${hostAddr}:${toString cardanoNodePrometheusExporterPort}"; + + toUnderscore = s: replaceStrings ["-"] ["_"] s; + in '' + + // Cardano-node instance ${toString i} integration component + prometheus.scrape "integrations_${toUnderscore (serviceName i)}" { + targets = [{ + __address__ = "${target}", + instanceNum = "${toString i}", + ${concatStringsSep ", \n" (mapAttrsToList (n: v: "${n} = \"${v}\"") cfg.labels)}, + }] + forward_to = [prometheus.remote_write.integrations.receiver] + job_name = "integrations/${serviceName i}" + metrics_path = "${metricsPath}" + } + + '' + ) (range 0 (cfgSvc.cardano-node.instances - 1)))); + + cardanoSmash = concatStringsSep "\n" (optional (cfgSvc ? cardano-smash) '' + // Cardano-smash integration component + prometheus.scrape "integrations_cardano_smash" { + targets = [{ + __address__ = "${hostAddr}:${toString cfgSvc.cardano-smash.registeredRelaysExporterPort}", + ${concatStringsSep ", \n" (mapAttrsToList (n: v: "${n} = \"${v}\"") cfg.labels)}, + }] + forward_to = [prometheus.remote_write.integrations.receiver] + job_name = "integrations/cardano-smash" + metrics_path = "/" + } + + ''); + + mithrilSigner = concatStringsSep "\n" (optional (cfgSvc ? mithril-signer && cfgSvc.mithril-signer.enable && cfgSvc.mithril-signer.enableMetrics) '' + // Mithril-signer integration component + prometheus.scrape "integrations_mithril_signer" { + targets = [{ + __address__ = "${cfgSvc.mithril-signer.metricsAddress}:${toString cfgSvc.mithril-signer.metricsPort}", + ${concatStringsSep ", \n" (mapAttrsToList (n: v: "${n} = \"${v}\"") cfg.labels)}, + }] + forward_to = [prometheus.remote_write.integrations.receiver] + job_name = "integrations/mithril-signer" + metrics_path = "/metrics" + } + + ''); + + nginxVts = concatStringsSep "\n" (optional (cfgSvc ? nginx-vhost-exporter && cfgSvc.nginx-vhost-exporter.enable) '' + // Nginx-vts integration component + prometheus.scrape "integrations_nginx_vts" { + targets = [{ + __address__ = "${cfgSvc.nginx-vhost-exporter.address}:${toString cfgSvc.nginx-vhost-exporter.port}", + ${concatStringsSep ", \n" (mapAttrsToList (n: v: "${n} = \"${v}\"") cfg.labels)}, + }] + forward_to = [prometheus.remote_write.integrations.receiver] + job_name = "integrations/nginx-vts" + metrics_path = "/status/format/prometheus" + } + + ''); + + varnishCache = concatStringsSep "\n" (optional (cfgSvc.prometheus.exporters ? varnish && cfgSvc.prometheus.exporters.varnish.enable) '' + // Varnish cache integration components + prometheus.scrape "integrations_varnish_cache" { + targets = [{ + __address__ = "${cfgSvc.prometheus.exporters.varnish.listenAddress}:${toString cfgSvc.prometheus.exporters.varnish.port}", + ${concatStringsSep ", \n" (mapAttrsToList (n: v: "${n} = \"${v}\"") cfg.labels)}, + }] + forward_to = [prometheus.relabel.integrations_varnish_cache.receiver] + job_name = "integrations/varnish-cache" + metrics_path = "${cfgSvc.prometheus.exporters.varnish.telemetryPath}" + } + + prometheus.relabel "integrations_varnish_cache" { + forward_to = [prometheus.remote_write.integrations.receiver] + rule { + source_labels = ["__name__"] + regex = "${"^" + + concatMapStringsSep "|" (s: "${s}") [ + "varnish_backend_beresp_(bodybytes|hdrbytes)" + "varnish_main_backend_(busy|conn|recycle|req|reuse|unhealthy)" + "varnish_main_cache_(hit|hitpass|miss)" + "varnish_main_client_req" + "varnish_main_n_expired" + "varnish_main_n_lru_nuked" + "varnish_main_pools" + "varnish_main_s_resp_(bodybytes|hdrbytes)" + "varnish_main_sessions" + "varnish_main_sessions_total" + "varnish_main_thread_queue_len" + "varnish_main_threads" + "varnish_main_threads_(created|failed|limited)" + "varnish_sma_g_bytes" + "varnish_sma_g_space" + ] + + "$"}" + action = "keep" + } + } + + ''); + }; + + cfgSvc = config.services; + cfg = config.services.alloy; + in { + options = { + services.alloy = { + enableLiveDebugging = mkOption { + type = bool; + default = true; + description = "Whether to enable live debugging for grafana alloy."; + }; + + labels = mkOption { + type = attrsOf str; + default = { + instance = name; + environment = environmentName; + group = groupName; + }; + description = "The default set of labels to add to non-default component metrics."; + }; + + logLevel = mkOption { + type = enum ["debug" "info" "warn" "error"]; + default = "debug"; + description = "The default log level for grafana alloy."; + }; + + prometheusExporterUnixNodeSetCollectors = mkOption { + type = listOf str; + default = [ + "boottime" + "conntrack" + "cpu" + "diskstats" + "filefd" + "filesystem" + "loadavg" + "meminfo" + "netdev" + "netstat" + "os" + "sockstat" + "softnet" + "stat" + "systemd" + "time" + "timex" + "uname" + "vmstat" + ]; + description = "The default set collectors to use for the prometheus unix exporter component."; + }; + + prometheusRelabelAlloyKeepRegex = mkOption { + type = str; + default = "^alloy_build.*|alloy_resources.*|prometheus_remote_write_wal_samples_appended_total|prometheus_sd_discovered_targets|process_start_time_seconds|prometheus_target_.*|up$"; + description = "The default keep regex string for the prometheus relabel alloy integration component."; + }; + + prometheusRelabelNodeKeepRegex = mkOption { + type = str; + default = + "^" + + concatMapStringsSep "|" (s: "${s}") [ + "node_boot_time_seconds" + "node_context_switches_total" + "node_cpu_seconds_total" + "node_disk_io_time_(seconds|weighted_seconds)_total" + "node_disk_(read|reads|writes|written)_.*" + "node_filefd_.*" + "node_filesystem_.*" + "node_intr_total" + "node_load([[:digit:]]+)" + "node_memory_(Active(|_file|_anon)|Inactive(|_file|_anon))_bytes" + "node_memory_Anon(HugePages|Pages)_bytes" + "node_memory_(Bounce|Committed_AS|CommitLimit|Dirty|Mapped)_bytes" + "node_memory_DirectMap(1G|2M|4k)_bytes" + "node_memory_HugePages_(Free|Rsvd|Surp|Total)" + "node_memory_Hugepagesize_bytes" + "node_memory_(Mem(Available|Free|Total)|Buffers|Cached|SwapTotal)_bytes" + "node_memory_Shmem(|HugPages|PmdMapped)_bytes" + "node_memory_S(Reclaimable|Unreclaim)_bytes" + "node_memory_Vmalloc(Chunk|Total|Used)_bytes" + "node_memory_Writeback(|Tmp)_bytes" + "node_netstat_Icmp6_(InErrors|InMsgs|OutMsgs)" + "node_netstat_Icmp_(InErrors|InMsgs|OutMsgs)" + "node_netstat_IpExt_(InOctets|OutOctets)" + "node_netstat_TcpExt_(ListenDrops|ListenOverflows|SyncookiesFailed|SyncookiesRecv|SyncookiesSent|TCPOFOQueue|TCPRcvQDrop|TCPSynRetrans|TCPTimeouts)" + "node_netstat_Tcp_(ActiveOpens|CurrEstab|InErrs|InSegs|OutRsts|OutSegs|PassiveOpens|RetransSegs)" + "node_netstat_Udp6_(InDatagrams|InErrors|NoPorts|OutDatagrams|RcvbufErrors|SndbufErrors)" + "node_netstat_Udp_(InDatagrams|InErrors|NoPorts|OutDatagrams|RcvbufErrors|SndbufErrors)" + "node_netstat_UdpLite_InErrors" + "node_network_.*" + "node_nf_conntrack_entries(|_limit)" + "node_os_info" + "node_sockstat_(FRAG|FRAG6|RAW|RAW6)_inuse" + "node_sockstat_sockets_used" + "node_sockstat_TCP6_inuse" + "node_sockstat_TCP_(alloc|inuse|mem|orphan|tw)" + "node_sockstat_(TCP|UDP)_mem_bytes" + "node_sockstat_UDP_mem" + "node_sockstat_(UDP|UDP6|UDPLITE|UDPLITE6)_inuse" + "node_softnet_(dropped|processed|times_squeezed)_total" + "node_systemd_.*" + "node_timex_(estimated_error|maxerror|offset)_seconds" + "node_timex_sync_status" + "node_time_zone_offset_seconds" + "node_uname_info" + "node_vmstat_(pgmajfault|pgfault|pgpgin|pgpgout|pswpin|pswpout|oom_kill)" + ] + + "$"; + description = "The default keep regex string for the prometheus relabel alloy node exporter integration component."; + }; + + systemdEnableRestartMetrics = mkOption { + type = bool; + default = true; + description = "Enables service unit metric service_restart_total collection."; + }; + + systemdEnableStartTimeMetrics = mkOption { + type = bool; + default = false; + description = "Enables service unit metric unit_start_time_seconds collection."; + }; + + systemdEnableTaskMetrics = mkOption { + type = bool; + default = false; + description = "Enables service unit tasks metrics unit_tasks_current and unit_tasks_max collection."; + }; + + systemdUnitExclude = mkOption { + type = str; + default = ".+\\\\.(automount|device|mount|scope|slice)"; + description = '' + Regexp of systemd units to exclude. + Units must both match include and not match exclude to be collected. + ''; + }; + + systemdUnitInclude = mkOption { + type = str; + default = "(^cardano.*)|(^metadata.*)|(^nginx.*)|(^smash.*)|(^varnish.*)"; + description = '' + Regexp of systemd units to include. + Units must both match include and not match exclude to be collected. + ''; + }; + + useSopsSecrets = mkOption { + type = bool; + default = true; + description = '' + Whether to use the default configurated sops secrets if true, + or user defined secrets if false. + + If false, the following required secrets files, each containing + one secret indicated by filename and without newline termination, + will need to be provided to the target machine either by + additional module code or out of band: + + /run/secrets/grafana-alloy-metrics-url + /run/secrets/grafana-alloy-metrics-username + /run/secrets/grafana-alloy-metrics-password + ''; + }; + }; + }; + + config = { + environment.etc."alloy/config.alloy".source = let + alloyCfg' = + toFile "alloy-unformatted.config" + ( + # + # Base required component configuration snippets + # + alloyComponentCfg.logging + + alloyComponentCfg.livedebugging + + alloyComponentCfg.secrets + + alloyComponentCfg.remoteWrite + + alloyComponentCfg.alloy + + alloyComponentCfg.exporter + # + # Cardano-parts optional component configuration snippets + # + + cardanoPartsComponentCfg.blockperf + + cardanoPartsComponentCfg.cardanoCustomMetrics + + cardanoPartsComponentCfg.cardanoDbSync + + cardanoPartsComponentCfg.cardanoFaucet + + cardanoPartsComponentCfg.cardanoNode + + cardanoPartsComponentCfg.cardanoSmash + + cardanoPartsComponentCfg.mithrilSigner + + cardanoPartsComponentCfg.nginxVts + + cardanoPartsComponentCfg.varnishCache + ); + in + (pkgs.runCommandNoCCLocal "alloy.config" {} '' + ${getExe cfg.package} fmt ${alloyCfg'} > $out + '') + .out; + + services.alloy = { + enable = true; + + extraFlags = [ + "--disable-reporting" + "--stability.level=experimental" + ]; + + package = inputs'.nixpkgs-unstable.legacyPackages.grafana-alloy; + }; + + systemd.services.alloy = { + # The alloy collector may error when collecting systemd metrics with a dynamic user. + # Also, this allows for using non-root systemd process with non-root secrets files. + serviceConfig = { + User = "grafana-alloy"; + Group = "grafana-alloy"; + DynamicUser = mkForce false; + }; + }; + + users = { + groups.grafana-alloy = {}; + users.grafana-alloy = { + group = "grafana-alloy"; + isSystemUser = true; + }; + }; + + sops.secrets = mkIf cfg.useSopsSecrets ( + mkSopsSecret (mkSopsSecretParams "grafana-alloy-metrics-url") + // mkSopsSecret (mkSopsSecretParams "grafana-alloy-metrics-username") + // mkSopsSecret (mkSopsSecretParams "grafana-alloy-metrics-password") + ); + }; + }); +} From 4ea5929e399747d1f850ce26edd4430f612142e6 Mon Sep 17 00:00:00 2001 From: John Lotoski Date: Thu, 17 Oct 2024 13:31:24 -0500 Subject: [PATCH 5/8] imp: cleanup profile-grafana-agent nixosModule --- flake/nixosModules/profile-grafana-agent.nix | 55 ++++++++++++++------ 1 file changed, 40 insertions(+), 15 deletions(-) diff --git a/flake/nixosModules/profile-grafana-agent.nix b/flake/nixosModules/profile-grafana-agent.nix index 575e979..a3dfe1e 100644 --- a/flake/nixosModules/profile-grafana-agent.nix +++ b/flake/nixosModules/profile-grafana-agent.nix @@ -3,6 +3,13 @@ # TODO: Move this to a docs generator # # Attributes available on nixos module import: +# config.services.grafana-agent.logLevel +# config.services.grafana-agent.systemdEnableRestartMetrics +# config.services.grafana-agent.systemdEnableStartTimeMetrics +# config.services.grafana-agent.systemdEnableTaskMetrics +# config.services.grafana-agent.systemdUnitExclude +# config.services.grafana-agent.systemdUnitInclude +# config.services.grafana-agent.useSopsSecrets # # Tips: # * This module provides a grafana-agent service and configures common application metrics hooks @@ -47,6 +54,24 @@ flake: { description = "The default log level for grafana agent"; }; + systemdEnableRestartMetrics = mkOption { + type = bool; + default = true; + description = "Enables service unit metric service_restart_total collection."; + }; + + systemdEnableStartTimeMetrics = mkOption { + type = bool; + default = false; + description = "Enables service unit metric unit_start_time_seconds collection."; + }; + + systemdEnableTaskMetrics = mkOption { + type = bool; + default = false; + description = "Enables service unit tasks metrics unit_tasks_current and unit_tasks_max collection."; + }; + systemdUnitInclude = mkOption { type = str; default = "(^cardano.*)|(^metadata.*)|(^nginx.*)|(^smash.*)|(^varnish.*)"; @@ -65,22 +90,21 @@ flake: { ''; }; - systemdEnableTaskMetrics = mkOption { - type = bool; - default = false; - description = "Enables service unit tasks metrics unit_tasks_current and unit_tasks_max collection."; - }; - - systemdEnableRestartMetrics = mkOption { + useSopsSecrets = mkOption { type = bool; default = true; - description = "Enables service unit metric service_restart_total collection."; - }; + description = '' + Whether to use the default configurated sops secrets if true, + or user defined secrets if false. - systemdEnableStartTimeMetrics = mkOption { - type = bool; - default = false; - description = "Enables service unit metric unit_start_time_seconds collection."; + If false, the following required secrets files, each containing + one secret indicated by filename will need to be provided to the + target machine either by additional module code or out of band: + + /run/secrets/grafana-agent-metrics-url + /run/secrets/grafana-agent-metrics-username + /run/secrets/grafana-agent-metrics-password + ''; }; }; }; @@ -104,10 +128,11 @@ flake: { }; }; - sops.secrets = + sops.secrets = mkIf cfg.useSopsSecrets ( mkSopsSecret (mkSopsSecretParams "grafana-agent-metrics-url") // mkSopsSecret (mkSopsSecretParams "grafana-agent-metrics-username") - // mkSopsSecret (mkSopsSecretParams "grafana-agent-metrics-password"); + // mkSopsSecret (mkSopsSecretParams "grafana-agent-metrics-password") + ); services.grafana-agent = { enable = true; From 692d646d84dc297aaa8d22e98ddaddbccfc95191 Mon Sep 17 00:00:00 2001 From: John Lotoski Date: Thu, 17 Oct 2024 13:31:59 -0500 Subject: [PATCH 6/8] imp: optimize profile-grafana-alloy nixosModule --- flake/nixosModules/profile-grafana-alloy.nix | 64 +++++++++----------- 1 file changed, 29 insertions(+), 35 deletions(-) diff --git a/flake/nixosModules/profile-grafana-alloy.nix b/flake/nixosModules/profile-grafana-alloy.nix index f801c1b..0861778 100644 --- a/flake/nixosModules/profile-grafana-alloy.nix +++ b/flake/nixosModules/profile-grafana-alloy.nix @@ -220,7 +220,7 @@ flake @ {moduleWithSystem, ...}: { }; cardanoPartsComponentCfg = { - blockperf = concatStringsSep "\n" (optional (cfgSvc ? blockperf) '' + blockperf = optional (cfgSvc ? blockperf) '' // Blockperf integration component prometheus.scrape "integrations_blockperf" { targets = [{ @@ -229,14 +229,6 @@ flake @ {moduleWithSystem, ...}: { }] forward_to = [prometheus.relabel.integrations_blockperf.receiver] job_name = "integrations/blockperf" - params = { - format = ["prometheus"], - // Filtering here won't work as grafana-alloy encodes the - // pattern match. Filtering can be configured from the - // profile-cardano-custom-metrics nixosModule with the - // `enableFilter` and `filter` options. - // filter = ["statsd_cardano*"]; - } metrics_path = "/" // Normally we prefer 1 minute default; however, we need @@ -254,9 +246,9 @@ flake @ {moduleWithSystem, ...}: { } } - ''); + ''; - cardanoCustomMetrics = concatStringsSep "\n" (optional (cfgSvc ? cardano-custom-metrics && cfgSvc.netdata.enable) '' + cardanoCustomMetrics = optional (cfgSvc ? cardano-custom-metrics && cfgSvc.netdata.enable) '' // Cardano custom metrics integration component prometheus.scrape "integrations_cardano_custom_metrics" { targets = [{ @@ -276,9 +268,9 @@ flake @ {moduleWithSystem, ...}: { metrics_path = "/api/v1/allmetrics" } - ''); + ''; - cardanoDbSync = concatStringsSep "\n" (optional (cfgSvc ? cardano-db-sync && cfgSvc.cardano-db-sync.enable) '' + cardanoDbSync = optional (cfgSvc ? cardano-db-sync && cfgSvc.cardano-db-sync.enable) '' // Cardano-db-sync integration component prometheus.scrape "integrations_cardano_db_sync" { targets = [{ @@ -290,9 +282,9 @@ flake @ {moduleWithSystem, ...}: { metrics_path = "/" } - ''); + ''; - cardanoFaucet = concatStringsSep "\n" (optional (cfgSvc ? cardano-faucet && cfgSvc.cardano-faucet.enable) '' + cardanoFaucet = optional (cfgSvc ? cardano-faucet && cfgSvc.cardano-faucet.enable) '' // Cardano-faucet integration component prometheus.scrape "integrations_cardano_faucet" { targets = [{ @@ -304,9 +296,9 @@ flake @ {moduleWithSystem, ...}: { metrics_path = "/metrics" } - ''); + ''; - cardanoNode = concatStringsSep "\n" (optionals (cfgSvc ? cardano-node && cfgSvc.cardano-node.enable) (map ( + cardanoNode = optionals (cfgSvc ? cardano-node && cfgSvc.cardano-node.enable) (map ( i: let metricsPath = if cfgSvc.cardano-node.useLegacyTracing @@ -339,9 +331,9 @@ flake @ {moduleWithSystem, ...}: { } '' - ) (range 0 (cfgSvc.cardano-node.instances - 1)))); + ) (range 0 (cfgSvc.cardano-node.instances - 1))); - cardanoSmash = concatStringsSep "\n" (optional (cfgSvc ? cardano-smash) '' + cardanoSmash = optional (cfgSvc ? cardano-smash) '' // Cardano-smash integration component prometheus.scrape "integrations_cardano_smash" { targets = [{ @@ -353,9 +345,9 @@ flake @ {moduleWithSystem, ...}: { metrics_path = "/" } - ''); + ''; - mithrilSigner = concatStringsSep "\n" (optional (cfgSvc ? mithril-signer && cfgSvc.mithril-signer.enable && cfgSvc.mithril-signer.enableMetrics) '' + mithrilSigner = optional (cfgSvc ? mithril-signer && cfgSvc.mithril-signer.enable && cfgSvc.mithril-signer.enableMetrics) '' // Mithril-signer integration component prometheus.scrape "integrations_mithril_signer" { targets = [{ @@ -367,9 +359,9 @@ flake @ {moduleWithSystem, ...}: { metrics_path = "/metrics" } - ''); + ''; - nginxVts = concatStringsSep "\n" (optional (cfgSvc ? nginx-vhost-exporter && cfgSvc.nginx-vhost-exporter.enable) '' + nginxVts = optional (cfgSvc ? nginx-vhost-exporter && cfgSvc.nginx-vhost-exporter.enable) '' // Nginx-vts integration component prometheus.scrape "integrations_nginx_vts" { targets = [{ @@ -381,9 +373,9 @@ flake @ {moduleWithSystem, ...}: { metrics_path = "/status/format/prometheus" } - ''); + ''; - varnishCache = concatStringsSep "\n" (optional (cfgSvc.prometheus.exporters ? varnish && cfgSvc.prometheus.exporters.varnish.enable) '' + varnishCache = optional (cfgSvc.prometheus.exporters ? varnish && cfgSvc.prometheus.exporters.varnish.enable) '' // Varnish cache integration components prometheus.scrape "integrations_varnish_cache" { targets = [{ @@ -422,7 +414,7 @@ flake @ {moduleWithSystem, ...}: { } } - ''); + ''; }; cfgSvc = config.services; @@ -612,15 +604,17 @@ flake @ {moduleWithSystem, ...}: { # # Cardano-parts optional component configuration snippets # - + cardanoPartsComponentCfg.blockperf - + cardanoPartsComponentCfg.cardanoCustomMetrics - + cardanoPartsComponentCfg.cardanoDbSync - + cardanoPartsComponentCfg.cardanoFaucet - + cardanoPartsComponentCfg.cardanoNode - + cardanoPartsComponentCfg.cardanoSmash - + cardanoPartsComponentCfg.mithrilSigner - + cardanoPartsComponentCfg.nginxVts - + cardanoPartsComponentCfg.varnishCache + + concatStringsSep "\n" ( + cardanoPartsComponentCfg.blockperf + ++ cardanoPartsComponentCfg.cardanoCustomMetrics + ++ cardanoPartsComponentCfg.cardanoDbSync + ++ cardanoPartsComponentCfg.cardanoFaucet + ++ cardanoPartsComponentCfg.cardanoNode + ++ cardanoPartsComponentCfg.cardanoSmash + ++ cardanoPartsComponentCfg.mithrilSigner + ++ cardanoPartsComponentCfg.nginxVts + ++ cardanoPartsComponentCfg.varnishCache + ) ); in (pkgs.runCommandNoCCLocal "alloy.config" {} '' From a70150e5c2c1ee7dbc986d735a13845b911f2fad Mon Sep 17 00:00:00 2001 From: John Lotoski Date: Thu, 17 Oct 2024 13:38:21 -0500 Subject: [PATCH 7/8] imp: add template updates (dash/alert/colmena) for mig to alloy --- templates/cardano-parts-project/flake/colmena.nix | 2 +- .../flake/opentofu/grafana/alerts/cardano-parts.nix-import | 4 ++-- .../grafana/dashboards/node-exporter-filesystem-and-disk.json | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/cardano-parts-project/flake/colmena.nix b/templates/cardano-parts-project/flake/colmena.nix index d42286b..fdb43c1 100644 --- a/templates/cardano-parts-project/flake/colmena.nix +++ b/templates/cardano-parts-project/flake/colmena.nix @@ -174,7 +174,7 @@ in inputs.cardano-parts.nixosModules.profile-cardano-parts inputs.cardano-parts.nixosModules.profile-basic inputs.cardano-parts.nixosModules.profile-common - inputs.cardano-parts.nixosModules.profile-grafana-agent + inputs.cardano-parts.nixosModules.profile-grafana-alloy nixosModules.common nixosModules.ip-module-check ]; diff --git a/templates/cardano-parts-project/flake/opentofu/grafana/alerts/cardano-parts.nix-import b/templates/cardano-parts-project/flake/opentofu/grafana/alerts/cardano-parts.nix-import index a0965d4..0b4afc7 100644 --- a/templates/cardano-parts-project/flake/opentofu/grafana/alerts/cardano-parts.nix-import +++ b/templates/cardano-parts-project/flake/opentofu/grafana/alerts/cardano-parts.nix-import @@ -11,7 +11,7 @@ in { rule = [ { alert = "unexpected_missing_machine"; - expr = ''count(up{job="integrations/agent-check"}) < ${machines}''; + expr = ''count(up{job=~"integrations/(agent|alloy)-check"}) < ${machines}''; for = "5m"; labels.severity = "page"; annotations = { @@ -21,7 +21,7 @@ in { } { alert = "unexpected_new_machine"; - expr = ''count(up{job="integrations/agent-check"}) > ${machines}''; + expr = ''count(up{job=~"integrations/(agent|alloy)-check"}) > ${machines}''; for = "5m"; labels.severity = "warning"; annotations = { diff --git a/templates/cardano-parts-project/flake/opentofu/grafana/dashboards/node-exporter-filesystem-and-disk.json b/templates/cardano-parts-project/flake/opentofu/grafana/dashboards/node-exporter-filesystem-and-disk.json index 076f663..a139e34 100644 --- a/templates/cardano-parts-project/flake/opentofu/grafana/dashboards/node-exporter-filesystem-and-disk.json +++ b/templates/cardano-parts-project/flake/opentofu/grafana/dashboards/node-exporter-filesystem-and-disk.json @@ -1077,7 +1077,7 @@ "datasource": { "uid": "$datasource" }, - "expr": "process_max_fds{job=~\"$job\",instance=~\"$instance\"}", + "expr": "process_max_fds{job=~\"$job\",instance=~\"$instance\"} or node_filefd_maximum{job=~\"$job\",instance=~\"$instance\"}", "format": "timeseries", "intervalFactor": 1, "legendFormat": "Maximum open file descriptors", @@ -1087,7 +1087,7 @@ "datasource": { "uid": "$datasource" }, - "expr": "process_open_fds{job=~\"$job\",instance=~\"$instance\"}", + "expr": "process_open_fds{job=~\"$job\",instance=~\"$instance\"} or node_filefd_allocated{job=~\"$job\",instance=~\"$instance\"}", "format": "timeseries", "intervalFactor": 1, "legendFormat": "Open file descriptors", From 01b0b19a3bbd0e5827261f8fdabd31b34c96b65f Mon Sep 17 00:00:00 2001 From: John Lotoski Date: Thu, 17 Oct 2024 15:20:41 -0500 Subject: [PATCH 8/8] fix: nix syntax in alloy config --- flake/nixosModules/profile-grafana-alloy.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake/nixosModules/profile-grafana-alloy.nix b/flake/nixosModules/profile-grafana-alloy.nix index 0861778..475fd3f 100644 --- a/flake/nixosModules/profile-grafana-alloy.nix +++ b/flake/nixosModules/profile-grafana-alloy.nix @@ -231,10 +231,10 @@ flake @ {moduleWithSystem, ...}: { job_name = "integrations/blockperf" metrics_path = "/" - // Normally we prefer 1 minute default; however, we need + // Normally we prefer 1 minute default however we need // higher frequency with blockperf to catch large block // header delays. - scrape_interval = "10s"; + scrape_interval = "10s" } prometheus.relabel "integrations_blockperf" { @@ -263,7 +263,7 @@ flake @ {moduleWithSystem, ...}: { // pattern match. Filtering can be configured from the // profile-cardano-custom-metrics nixosModule with the // `enableFilter` and `filter` options. - // filter = ["statsd_cardano*"]; + // filter = ["statsd_cardano*"] } metrics_path = "/api/v1/allmetrics" }