monitoring
Examples
Simple
{
monitoring.enable = true;
}With Grafana OIDC Login
{config, ...}: {
monitoring = {
enable = true;
grafana = {
oidc = {
enable = true;
clientSecretHash = "$pbkdf2-sha512$...";
clientSecretFile = config.sops.secrets."grafana/authelia/client_secret".path;
};
};
};
}With Prometheus Rules + Ntfy Alerting
{config, ...}: {
monitoring = {
monitoring.enable = true;
prometheus.rules.groups = let
cpuThresh = 90;
ramThresh = 85;
in [
{
name = "resource.usage";
interval = "30s";
rules = [
{
alert = "HighCpuUsage";
expr = ''100 - (avg by(instance)(rate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > ${toString cpuThresh}'';
for = "20m";
labels = {
severity = "warning";
};
annotations = {
summary = "High CPU usage";
description = "CPU usage is above ${toString cpuThresh}% (current value: {{ $value }}%)";
};
}
{
alert = "HighMemoryUsage";
expr = ''(1 - (node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes)) * 100 > ${toString ramThresh}'';
labels = {
severity = "warning";
};
annotations = {
summary = "High memory usage";
description = "Memory usage is above ${toString ramThresh}% (current value: {{ $value }}%)";
};
}
];
}
];
alertmanager = {
enable = true;
ntfy = {
enable = true;
tokenFile = config.sops.secrets."users/monitoring/ntfy_access_token".path;
settings.ntfy.notification.topic = "monitoring";
};
};
};
}Stack Options
nps.stacks.monitoring.alertmanager.enable
Whether to enable the Alertmanager.
When setting alertmanager.ntfy.enable, a route and receiver configuration will be setup for ntfy.
If using without ntfy, you will have to provide your own route and receiver configurations via the settings option
for Alertmanager to startup correctly.
nps.stacks.monitoring.alertmanager.ntfy.enable
Whether to setup and configure alertmanager-ntfy. This allows alerts to be forwarded to ntfy.
nps.stacks.monitoring.alertmanager.ntfy.settings
alertmanager-ntfy configuration. Will be provided as the config.yml.
See https://github.com/alexbakker/alertmanager-ntfy/pkgs/container/alertmanager-ntfy#configuration
nps.stacks.monitoring.alertmanager.ntfy.tokenFile
Path to the file containing the token that is used for authentication against the ntfy service. Only required if ntfy is configured to require authentication.
nps.stacks.monitoring.alertmanager.settings
Alertmanager configuration. Will be provided as the alertmanager.yml.
See https://prometheus.io/docs/alerting/latest/configuration/
nps.stacks.monitoring.alloy.config
Configuration for Alloy.
A default configuration will be automatically provided by this monitoring module.
The default configuration will ship logs of all containers that set the alloy.enable=true option to Loki.
Multiple definitions of this option will be merged together into a single file.
See https://grafana.com/docs/alloy/latest/get-started/configuration-syntax/
nps.stacks.monitoring.alloy.enable
Whether to enable Alloy.
nps.stacks.monitoring.alloy.useSocketProxy
Whether to access the Podman socket through the read-only proxy for the monitoring stack. Will be enabled by default if the 'docker-socket-proxy' stack is enabled.
booleanconfig.nps.stacks.docker-socket-proxy.enablenps.stacks.monitoring.containers.alloy
Alias of {option}services.podman.containers.alloy.
nps.stacks.monitoring.containers.grafana
Alias of {option}services.podman.containers.grafana.
nps.stacks.monitoring.containers.loki
Alias of {option}services.podman.containers.loki.
nps.stacks.monitoring.containers.podman-exporter
Alias of {option}services.podman.containers.podman-exporter.
nps.stacks.monitoring.containers.prometheus
Alias of {option}services.podman.containers.prometheus.
nps.stacks.monitoring.enable
Enable the monitoring stack. This stack provides monitoring services including Grafana, Loki, Alloy, and Prometheus. Configuration files for each service will be provided automatically to work out of the box.
nps.stacks.monitoring.grafana.dashboards
List of paths to Grafana dashboard JSON files.
nps.stacks.monitoring.grafana.datasources
Datasource configuration for Grafana. Loki and Prometheus datasources will be automatically configured.
nps.stacks.monitoring.grafana.enable
Whether to enable Grafana.
nps.stacks.monitoring.grafana.oidc.adminGroup
Users of this group will be assigned the Grafana 'Admin' role.
nps.stacks.monitoring.grafana.oidc.clientSecretFile
The file containing the client secret for the OIDC client that will be registered in Authelia.
nps.stacks.monitoring.grafana.oidc.clientSecretHash
The hashed client_secret. Will be set in the Authelia client config. For examples on how to generate a client secret, see
https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
nps.stacks.monitoring.grafana.oidc.enable
Whether to enable OIDC login with Authelia. This will register an OIDC client in Authelia and setup the necessary configuration.
For details, see:
nps.stacks.monitoring.grafana.oidc.userGroup
Users of this group will be assigned the Grafana 'Viewer' role.
nps.stacks.monitoring.grafana.settings
Settings for Grafana. Will be written to the 'grafana.ini' file. See https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#configure-grafana
attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string)){ }nps.stacks.monitoring.loki.config
Configuration for Loki. A default configuration will be automatically provided by this monitoring module.
nps.stacks.monitoring.loki.enable
Whether to enable Loki.
nps.stacks.monitoring.podmanExporter.enable
Whether to enable Podman Metrics Exporter.
nps.stacks.monitoring.prometheus.enable
Whether to enable Prometheus.
nps.stacks.monitoring.prometheus.rules
Alerting rule configuration for Prometheus.
If provided, the rules will added to the rule_file setting.
See https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/
nps.stacks.monitoring.prometheus.settings
Configuration for Prometheus. A default configuration will be automatically provided by this monitoring module.
See https://prometheus.io/docs/prometheus/latest/configuration/configuration/