diff --git a/configuration/services/metrics/default.nix b/configuration/services/metrics/default.nix
index fe250fe..84e126a 100644
--- a/configuration/services/metrics/default.nix
+++ b/configuration/services/metrics/default.nix
@@ -5,6 +5,5 @@
./exporters.nix
./grafana.nix
./victoriametrics.nix
- ./victorialogs.nix
];
}
diff --git a/configuration/services/metrics/grafana.nix b/configuration/services/metrics/grafana.nix
index ea7c443..e597cff 100644
--- a/configuration/services/metrics/grafana.nix
+++ b/configuration/services/metrics/grafana.nix
@@ -1,9 +1,4 @@
-{
- pkgs,
- config,
- flake-inputs,
- ...
-}:
+{ config, ... }:
let
domain = "metrics.${config.services.nginx.domain}";
in
@@ -33,11 +28,6 @@ in
};
};
- declarativePlugins = [
- pkgs.grafanaPlugins.victoriametrics-metrics-datasource
- flake-inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.grafanaPlugins.victoriametrics-logs-datasource
- ];
-
provision = {
enable = true;
@@ -45,16 +35,7 @@ in
{
name = "Victoriametrics - tlater.net";
url = "http://localhost:8428";
- type = "victoriametrics-metrics-datasource";
- access = "proxy";
- isDefault = true;
- }
-
- {
- name = "Victorialogs - tlater.net";
- url = config.services.victorialogs.bindAddress;
- type = "victoriametrics-logs-datasource";
- access = "proxy";
+ type = "prometheus";
}
];
};
diff --git a/configuration/services/metrics/victorialogs.nix b/configuration/services/metrics/victorialogs.nix
deleted file mode 100644
index 9f8396b..0000000
--- a/configuration/services/metrics/victorialogs.nix
+++ /dev/null
@@ -1,107 +0,0 @@
-{
- config,
- pkgs,
- lib,
- ...
-}:
-let
- cfg = config.services.victorialogs;
- pkg = pkgs.victoriametrics;
- dirname = "victorialogs";
-in
-{
- options.services.victorialogs =
- let
- inherit (lib.types) str;
- in
- {
- listenAddress = lib.mkOption {
- default = ":9428";
- type = str;
- };
-
- bindAddress = lib.mkOption {
- readOnly = true;
- type = str;
- description = ''
- Final address on which victorialogs listens.
- '';
- };
- };
-
- config = {
- services.victorialogs.bindAddress =
- (lib.optionalString (lib.hasPrefix ":" cfg.listenAddress) "127.0.0.1") + cfg.listenAddress;
-
- services.journald.upload = {
- enable = true;
- settings.Upload = {
- URL = "http://localhost:${cfg.port}/insert/journald";
- };
- };
-
- systemd.services.victorialogs = {
- description = "VictoriaLogs log database";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
- startLimitBurst = 5;
-
- serviceConfig = {
- ExecStart = lib.escapeShellArgs [
- "${pkg}/bin/victoria-logs"
- "-storageDataPath=/var/lib/${dirname}"
- "-httpListenAddr=${cfg.listenAddress}"
- ];
-
- DynamicUser = true;
- RestartSec = 1;
- Restart = "on-failure";
- RuntimeDirectory = dirname;
- RuntimeDirectoryMode = "0700";
- StateDirectory = dirname;
- StateDirectoryMode = "0700";
-
- LimitNOFILE = 1048576;
-
- # Hardening
- DeviceAllow = [ "/dev/null rw" ];
- DevicePolicy = "strict";
- LockPersonality = true;
- MemoryDenyWriteExecute = true;
- NoNewPrivileges = true;
- PrivateDevices = true;
- PrivateTmp = true;
- PrivateUsers = true;
- ProtectClock = true;
- ProtectControlGroups = true;
- ProtectHome = true;
- ProtectHostname = true;
- ProtectKernelLogs = true;
- ProtectKernelModules = true;
- ProtectKernelTunables = true;
- ProtectProc = "invisible";
- ProtectSystem = "full";
- RemoveIPC = true;
- RestrictAddressFamilies = [
- "AF_INET"
- "AF_INET6"
- "AF_UNIX"
- ];
- RestrictNamespaces = true;
- RestrictRealtime = true;
- RestrictSUIDSGID = true;
- SystemCallArchitectures = "native";
- SystemCallFilter = [
- "@system-service"
- "~@privileged"
- ];
- };
-
- postStart = lib.mkBefore ''
- until ${lib.getBin pkgs.curl}/bin/curl -s -o /dev/null http://${cfg.bindAddress}/ping; do
- sleep 1;
- done
- '';
- };
- };
-}