checkpoint

2026-04-16 15:36:33 +02:00 · 2026-04-16 15:36:33 +02:00 · e07257e137
commit e07257e137
parent be2843ca80
61 changed files with 258 additions and 156 deletions
--- a/modules/nixos/services/observability/alloy/default.nix
+++ b/modules/nixos/services/observability/alloy/default.nix
@ -1,5 +1,9 @@
-{ config, lib, namespace, ... }:
-let
+{
+  config,
+  lib,
+  namespace,
+  ...
+}: let
  inherit (builtins) toString;
  inherit (lib) mkEnableOption mkIf;

@ -9,8 +13,7 @@ let
  otlpGrpcPort = 9071;
  otlpHttpPort = 9072;
  tempoOtlpGrpcPort = 9062;
-in
-{
+in {
  options.${namespace}.services.observability.alloy = {
    enable = mkEnableOption "enable Grafana Alloy";
  };
@ -21,7 +24,7 @@ in
      configPath = "/etc/alloy";
      extraFlags = [
        "--disable-reporting"
-        "--server.http.listen-addr=0.0.0.0:${toString httpPort}"
+        "--server.http.listen-addr=[::]:${toString httpPort}"
        "--storage.path=/var/lib/alloy"
      ];
    };
@ -29,11 +32,11 @@ in
    environment.etc."alloy/config.alloy".text = ''
      otelcol.receiver.otlp "default" {
        grpc {
-          endpoint = "127.0.0.1:${toString otlpGrpcPort}"
+          endpoint = "[::1]:${toString otlpGrpcPort}"
        }

        http {
-          endpoint = "127.0.0.1:${toString otlpHttpPort}"
+          endpoint = "[::1]:${toString otlpHttpPort}"
        }

        output {
@ -60,13 +63,13 @@ in

      prometheus.remote_write "local" {
        endpoint {
-          url = "http://127.0.0.1:${toString config.services.prometheus.port}/api/v1/write"
+          url = "http://[::1]:${toString config.services.prometheus.port}/api/v1/write"
        }
      }

      otelcol.exporter.otlp "tempo" {
        client {
-          endpoint = "127.0.0.1:${toString tempoOtlpGrpcPort}"
+          endpoint = "[::1]:${toString tempoOtlpGrpcPort}"

          tls {
            insecure = true
@ -75,6 +78,6 @@ in
      }
    '';

-    networking.firewall.allowedTCPPorts = [ httpPort ];
+    networking.firewall.allowedTCPPorts = [httpPort];
  };
 }
--- a/modules/nixos/services/observability/grafana/default.nix
+++ b/modules/nixos/services/observability/grafana/default.nix
@ -26,7 +26,7 @@ in {
        settings = {
          server = {
            http_port = 9010;
-            http_addr = "0.0.0.0";
+            http_addr = "::";
            domain = "ulmo";
          };

@ -102,43 +102,43 @@ in {
          };

          datasources.settings.datasources = [
-             {
-               name = "Prometheus";
-               uid = "prometheus";
-               type = "prometheus";
-               url = "http://localhost:9020";
-               isDefault = true;
-               editable = false;
-             }
+            # {
+            #   name = "Prometheus";
+            #   uid = "prometheus";
+            #   type = "prometheus";
+            #   url = "http://[::1]:9020";
+            #   isDefault = true;
+            #   editable = false;
+            # }

-             {
-               name = "Loki";
-               uid = "loki";
-               type = "loki";
-               url = "http://localhost:9030";
-               editable = false;
-             }
+            # {
+            #   name = "Loki";
+            #   uid = "loki";
+            #   type = "loki";
+            #   url = "http://[::1]:9030";
+            #   editable = false;
+            # }

-             {
-               name = "Tempo";
-               uid = "tempo";
-               type = "tempo";
-               url = "http://localhost:9060";
-               editable = false;
-               jsonData = {
-                 nodeGraph.enabled = true;
-                 serviceMap.datasourceUid = "prometheus";
-                 tracesToLogsV2 = {
-                   datasourceUid = "loki";
-                   filterByTraceID = true;
-                   spanStartTimeShift = "-1h";
-                   spanEndTimeShift = "1h";
-                 };
-               };
-             }
-           ];
-         };
-       };
+            # {
+            #   name = "Tempo";
+            #   uid = "tempo";
+            #   type = "tempo";
+            #   url = "http://localhost:9060";
+            #   editable = false;
+            #   jsonData = {
+            #     nodeGraph.enabled = true;
+            #     serviceMap.datasourceUid = "prometheus";
+            #     tracesToLogsV2 = {
+            #       datasourceUid = "loki";
+            #       filterByTraceID = true;
+            #       spanStartTimeShift = "-1h";
+            #       spanEndTimeShift = "1h";
+            #     };
+            #   };
+            # }
+          ];
+        };
+      };

      postgresql = {
        enable = true;
--- a/modules/nixos/services/observability/tempo/default.nix
+++ b/modules/nixos/services/observability/tempo/default.nix
@ -1,5 +1,9 @@
-{ config, lib, namespace, ... }:
-let
+{
+  config,
+  lib,
+  namespace,
+  ...
+}: let
  inherit (lib) mkEnableOption mkIf;

  cfg = config.${namespace}.services.observability.tempo;
@ -8,8 +12,7 @@ let
  grpcPort = 9061;
  otlpGrpcPort = 9062;
  otlpHttpPort = 9063;
-in
-{
+in {
  options.${namespace}.services.observability.tempo = {
    enable = mkEnableOption "enable Grafana Tempo";
  };
@ -22,15 +25,15 @@ in
        search_enabled = true;

        server = {
-          http_listen_address = "0.0.0.0";
+          http_listen_address = "[::]";
          http_listen_port = httpPort;
-          grpc_listen_address = "127.0.0.1";
+          grpc_listen_address = "[::1]";
          grpc_listen_port = grpcPort;
        };

        distributor.receivers.otlp.protocols = {
-          grpc.endpoint = "127.0.0.1:${builtins.toString otlpGrpcPort}";
-          http.endpoint = "127.0.0.1:${builtins.toString otlpHttpPort}";
+          grpc.endpoint = "[::1]:${builtins.toString otlpGrpcPort}";
+          http.endpoint = "[::1]:${builtins.toString otlpHttpPort}";
        };

        storage.trace = {
@ -43,6 +46,6 @@ in
      };
    };

-    networking.firewall.allowedTCPPorts = [ httpPort ];
+    networking.firewall.allowedTCPPorts = [httpPort];
  };
 }