WIP: gitea metrics

hosts/bekkalokk/services/gitea/default.nix

@@ -6,6 +6,7 @@ let
 in {
   imports = [
     ./ci.nix
+    ./import-users.nix
   ];
 
   sops.secrets = {
@@ -13,9 +14,6 @@ in {
       owner = "gitea";
       group = "gitea";
     };
-    "gitea/passwd-ssh-key" = { };
-    "gitea/ssh-known-hosts" = { };
-    "gitea/import-user-env" = { };
   };
 
   services.gitea = {
@@ -47,13 +45,11 @@ in {
         DISABLE_GRAVATAR = true;
         ENABLE_FEDERATED_AVATAR = false;
       };
+      metrics.ENABLED = true;
       actions.ENABLED = true;
-      "ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet";
     };
   };
 
-  services.gitea-themes.monokai = pkgs.gitea-theme-monokai;
-
   environment.systemPackages = [ cfg.package ];
 
   services.nginx.virtualHosts."${domain}" = {
@@ -66,42 +62,41 @@ in {
         client_max_body_size 512M;
       '';
     };
+
+    locations."/metrics" = {
+      proxyPass = "http://unix:${cfg.settings.server.HTTP_ADDR}";
+      extraConfig = ''
+        allow ${values.hosts.ildkule.ipv4};
+        allow ${values.hosts.ildkule.ipv6};
+	deny all;
+      '';
+    };
   };
 
   networking.firewall.allowedTCPPorts = [ sshPort ];
 
-  # Automatically import users
+  # Extra customization
-  systemd.services.gitea-import-users = {
+
-    enable = true;
+  services.gitea-themes.monokai = pkgs.gitea-theme-monokai;
-    preStart=''${pkgs.rsync}/bin/rsync -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" -a pvv@smtp.pvv.ntnu.no:/etc/passwd /tmp/passwd-import'';
+
+  systemd.services.install-gitea-customization = {
+    description = "Install extra customization in gitea's CUSTOM_DIR";
+    wantedBy = [ "gitea.service" ];
+    requiredBy = [ "gitea.service" ];
+
     serviceConfig =  {
-      ExecStart = pkgs.writers.writePython3 "gitea-import-users" { libraries = [ pkgs.python3Packages.requests ]; } (builtins.readFile ./gitea-import-users.py);
+      Type = "oneshot";
-      LoadCredential=[
+      User = cfg.user;
-        "sshkey:${config.sops.secrets."gitea/passwd-ssh-key".path}"
+      Group = cfg.group;
-        "ssh-known-hosts:${config.sops.secrets."gitea/ssh-known-hosts".path}"
-      ];
-      DynamicUser="yes";
-      EnvironmentFile=config.sops.secrets."gitea/import-user-env".path;
-    };
     };
 
-  systemd.timers.gitea-import-users = {
+    script = let
-    requires = [ "gitea.service" ];
-    after = [ "gitea.service" ];
-    wantedBy = [ "timers.target" ];
-    timerConfig = {
-      OnCalendar = "*-*-* 02:00:00";
-      Persistent = true;
-      Unit = "gitea-import-users.service";
-    };
-  };
-
-  system.activationScripts.linkGiteaLogo.text = let
       logo-svg = ../../../../assets/logo_blue_regular.svg;
       logo-png = ../../../../assets/logo_blue_regular.png;
     in ''
-    install -Dm444 ${logo-svg} ${cfg.stateDir}/custom/public/img/logo.svg
+      install -Dm444 ${logo-svg} ${cfg.customDir}/public/img/logo.svg
-    install -Dm444 ${logo-png} ${cfg.stateDir}/custom/public/img/logo.png
+      install -Dm444 ${logo-png} ${cfg.customDir}/public/img/logo.png
-    install -Dm444 ${./loading.apng} ${cfg.stateDir}/custom/public/img/loading.png
+      install -Dm444 ${./loading.apng} ${cfg.customDir}/public/img/loading.png
     '';
+  };
 }

hosts/bekkalokk/services/gitea/import-users.nix

@@ -0,0 +1,38 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.gitea;
+in
+{
+  sops.secrets = {
+    "gitea/passwd-ssh-key" = { };
+    "gitea/ssh-known-hosts" = { };
+    "gitea/import-user-env" = { };
+  };
+
+  systemd.services.gitea-import-users = lib.mkIf cfg.enable {
+    enable = true;
+    preStart=''${pkgs.rsync}/bin/rsync -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" -a pvv@smtp.pvv.ntnu.no:/etc/passwd /tmp/passwd-import'';
+    serviceConfig = {
+      ExecStart = pkgs.writers.writePython3 "gitea-import-users" {
+        libraries = with pkgs.python3Packages; [ requests ];
+      } (builtins.readFile ./gitea-import-users.py);
+      LoadCredential=[
+        "sshkey:${config.sops.secrets."gitea/passwd-ssh-key".path}"
+        "ssh-known-hosts:${config.sops.secrets."gitea/ssh-known-hosts".path}"
+      ];
+      DynamicUser="yes";
+      EnvironmentFile=config.sops.secrets."gitea/import-user-env".path;
+    };
+  };
+
+  systemd.timers.gitea-import-users = lib.mkIf cfg.enable {
+    requires = [ "gitea.service" ];
+    after = [ "gitea.service" ];
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "*-*-* 02:00:00";
+      Persistent = true;
+      Unit = "gitea-import-users.service";
+    };
+  };
+}

hosts/ildkule/services/metrics/prometheus/gitea.nix

@@ -0,0 +1,12 @@
+{ values, ... }:
+{
+  # Gitea already exports at /metrics
+  services.prometheus.scrapeConfigs = [{
+    job_name = "gitea";
+    scrape_interval = "15s";
+    metrics_path = "/metrics/gitea";
+    static_configs = [{
+      targets = [ "git.pvv.ntnu.no:443" ];
+    }];
+  }];
+}