WIP: gitea metrics

bekkalokk/gitea: use systemd unit for gitea customization
bekkalokk/gitea: move user import stuff to separate nix file
2024-04-11 21:45:09 +02:00 · 2024-04-11 13:21:25 +02:00 · 2024-04-11 13:21:25 +02:00
3 changed files with 84 additions and 39 deletions
--- a/hosts/bekkalokk/services/gitea/default.nix
+++ b/hosts/bekkalokk/services/gitea/default.nix
@@ -6,6 +6,7 @@ let
 in {
  imports = [
    ./ci.nix
+    ./import-users.nix
  ];

  sops.secrets = {
@@ -13,9 +14,6 @@ in {
      owner = "gitea";
      group = "gitea";
    };
-    "gitea/passwd-ssh-key" = { };
-    "gitea/ssh-known-hosts" = { };
-    "gitea/import-user-env" = { };
  };

  services.gitea = {
@@ -47,13 +45,11 @@ in {
        DISABLE_GRAVATAR = true;
        ENABLE_FEDERATED_AVATAR = false;
      };
+      metrics.ENABLED = true;
      actions.ENABLED = true;
-      "ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet";
    };
  };

-  services.gitea-themes.monokai = pkgs.gitea-theme-monokai;
-
  environment.systemPackages = [ cfg.package ];

  services.nginx.virtualHosts."${domain}" = {
@@ -66,42 +62,41 @@ in {
        client_max_body_size 512M;
      '';
    };
+
+    locations."/metrics" = {
+      proxyPass = "http://unix:${cfg.settings.server.HTTP_ADDR}";
+      extraConfig = ''
+        allow ${values.hosts.ildkule.ipv4};
+        allow ${values.hosts.ildkule.ipv6};
+	deny all;
+      '';
+    };
  };

  networking.firewall.allowedTCPPorts = [ sshPort ];

-  # Automatically import users
-  systemd.services.gitea-import-users = {
-    enable = true;
-    preStart=''${pkgs.rsync}/bin/rsync -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" -a pvv@smtp.pvv.ntnu.no:/etc/passwd /tmp/passwd-import'';
+  # Extra customization
+
+  services.gitea-themes.monokai = pkgs.gitea-theme-monokai;
+
+  systemd.services.install-gitea-customization = {
+    description = "Install extra customization in gitea's CUSTOM_DIR";
+    wantedBy = [ "gitea.service" ];
+    requiredBy = [ "gitea.service" ];
+
    serviceConfig =  {
-      ExecStart = pkgs.writers.writePython3 "gitea-import-users" { libraries = [ pkgs.python3Packages.requests ]; } (builtins.readFile ./gitea-import-users.py);
-      LoadCredential=[
-        "sshkey:${config.sops.secrets."gitea/passwd-ssh-key".path}"
-        "ssh-known-hosts:${config.sops.secrets."gitea/ssh-known-hosts".path}"
-      ];
-      DynamicUser="yes";
-      EnvironmentFile=config.sops.secrets."gitea/import-user-env".path;
-    };
+      Type = "oneshot";
+      User = cfg.user;
+      Group = cfg.group;
    };

-  systemd.timers.gitea-import-users = {
-    requires = [ "gitea.service" ];
-    after = [ "gitea.service" ];
-    wantedBy = [ "timers.target" ];
-    timerConfig = {
-      OnCalendar = "*-*-* 02:00:00";
-      Persistent = true;
-      Unit = "gitea-import-users.service";
-    };
-  };
-
-  system.activationScripts.linkGiteaLogo.text = let
+    script = let
      logo-svg = ../../../../assets/logo_blue_regular.svg;
      logo-png = ../../../../assets/logo_blue_regular.png;
    in ''
-    install -Dm444 ${logo-svg} ${cfg.stateDir}/custom/public/img/logo.svg
-    install -Dm444 ${logo-png} ${cfg.stateDir}/custom/public/img/logo.png
-    install -Dm444 ${./loading.apng} ${cfg.stateDir}/custom/public/img/loading.png
+      install -Dm444 ${logo-svg} ${cfg.customDir}/public/img/logo.svg
+      install -Dm444 ${logo-png} ${cfg.customDir}/public/img/logo.png
+      install -Dm444 ${./loading.apng} ${cfg.customDir}/public/img/loading.png
    '';
+  };
 }
--- a/hosts/bekkalokk/services/gitea/import-users.nix
+++ b/hosts/bekkalokk/services/gitea/import-users.nix
@@ -0,0 +1,38 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.gitea;
+in
+{
+  sops.secrets = {
+    "gitea/passwd-ssh-key" = { };
+    "gitea/ssh-known-hosts" = { };
+    "gitea/import-user-env" = { };
+  };
+
+  systemd.services.gitea-import-users = lib.mkIf cfg.enable {
+    enable = true;
+    preStart=''${pkgs.rsync}/bin/rsync -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" -a pvv@smtp.pvv.ntnu.no:/etc/passwd /tmp/passwd-import'';
+    serviceConfig = {
+      ExecStart = pkgs.writers.writePython3 "gitea-import-users" {
+        libraries = with pkgs.python3Packages; [ requests ];
+      } (builtins.readFile ./gitea-import-users.py);
+      LoadCredential=[
+        "sshkey:${config.sops.secrets."gitea/passwd-ssh-key".path}"
+        "ssh-known-hosts:${config.sops.secrets."gitea/ssh-known-hosts".path}"
+      ];
+      DynamicUser="yes";
+      EnvironmentFile=config.sops.secrets."gitea/import-user-env".path;
+    };
+  };
+
+  systemd.timers.gitea-import-users = lib.mkIf cfg.enable {
+    requires = [ "gitea.service" ];
+    after = [ "gitea.service" ];
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "*-*-* 02:00:00";
+      Persistent = true;
+      Unit = "gitea-import-users.service";
+    };
+  };
+}
--- a/hosts/ildkule/services/metrics/prometheus/gitea.nix
+++ b/hosts/ildkule/services/metrics/prometheus/gitea.nix
@@ -0,0 +1,12 @@
+{ values, ... }:
+{
+  # Gitea already exports at /metrics
+  services.prometheus.scrapeConfigs = [{
+    job_name = "gitea";
+    scrape_interval = "15s";
+    metrics_path = "/metrics/gitea";
+    static_configs = [{
+      targets = [ "git.pvv.ntnu.no:443" ];
+    }];
+  }];
+}
Author	SHA1	Message	Date
h7x4	0625b16e50	WIP: gitea metrics Some checks failed Eval nix flake / evals (push) Failing after 1m40s Details	2024-04-11 21:45:09 +02:00
h7x4	c90dda4f85	bekkalokk/gitea: use systemd unit for gitea customization Some checks failed Eval nix flake / evals (push) Failing after 1m42s Details	2024-04-11 13:21:25 +02:00
h7x4	e6230c11a3	bekkalokk/gitea: move user import stuff to separate nix file	2024-04-11 13:21:25 +02:00