feat(matrix-synapse): enable metrics #100

Merged
teutat3s merged 4 commits from feat/synapse-metrics into main 2024-01-28 23:56:42 +00:00
5 changed files with 89 additions and 9 deletions

View file

@ -26,7 +26,7 @@
}; };
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "http-targets"; job_name = "node-exporter-http";
static_configs = [{ static_configs = [{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
labels = { labels = {
@ -35,7 +35,7 @@
}]; }];
} }
{ {
job_name = "https-targets"; job_name = "node-exporter-https";
scheme = "https"; scheme = "https";
metrics_path = "/metrics"; metrics_path = "/metrics";
basic_auth = { basic_auth = {
@ -49,6 +49,21 @@
}; };
}]; }];
} }
{
job_name = "matrix-synapse";
scheme = "https";
metrics_path = "/_synapse/metrics";
basic_auth = {
username = "hakkonaut";
password_file = "${config.age.secrets.nachtigall-metrics-prometheus-basic-auth-password.path}";
};
static_configs = [{
targets = [ "nachtigall.pub.solar" ];
labels = {
instance = "nachtigall";
};
}];
}
]; ];
}; };
} }

View file

@ -1,4 +1,17 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let
# Find element in list config.services.matrix-synapse.settings.listeners.*.resources
# that sets names = "client"

This looks like it will break if someone adds things as the first element of that list. We should filter for the service which contains federation in names.

This looks like it will break if someone adds things as the first element of that list. We should filter for the service which contains `federation` in `names`.
nameHasClient = name: name == "client";
resourceHasClient = resource: builtins.any nameHasClient resource.names;
listenerWithClient = lib.findFirst
(listener:
builtins.any resourceHasClient listener.resources)
(throw "Found no matrix-synapse.settings.listeners.*.resources.*.names containing string client")
config.services.matrix-synapse.settings.listeners
;
synapseClientPort = "${toString listenerWithClient.port}";
in
{ {
systemd.services.matrix-appservice-irc.serviceConfig.SystemCallFilter = lib.mkForce [ systemd.services.matrix-appservice-irc.serviceConfig.SystemCallFilter = lib.mkForce [
"@system-service @pkey" "@system-service @pkey"
@ -13,7 +26,7 @@
settings = { settings = {
homeserver = { homeserver = {
domain = "pub.solar"; domain = "pub.solar";
url = "http://127.0.0.1:${toString (builtins.map (listener: listener.port) config.services.matrix-synapse.settings.listeners)}"; url = "http://127.0.0.1:${synapseClientPort}";
media_url = "https://matrix.pub.solar"; media_url = "https://matrix.pub.solar";
enablePresence = false; enablePresence = false;
}; };

View file

@ -38,6 +38,45 @@ in
allow_unsafe_locale = false; allow_unsafe_locale = false;
txn_limit = 0; txn_limit = 0;
}; };
listeners = [
{
bind_addresses = [
"127.0.0.1"
];
port = 8008;
resources = [
{
compress = true;
names = [
"client"
];
}
{
compress = false;
names = [
"federation"
];
}
];
tls = false;
type = "http";
x_forwarded = true;
}
{
bind_addresses = [
"127.0.0.1"
];
port = 8012;
resources = [
{
names = [
"metrics"
];
}
];
type = "metrics";
}
];
account_threepid_delegates.msisdn = ""; account_threepid_delegates.msisdn = "";
alias_creation_rules = [{ alias_creation_rules = [{
@ -68,6 +107,7 @@ in
encryption_enabled_by_default_for_room_type = "off"; encryption_enabled_by_default_for_room_type = "off";
event_cache_size = "100K"; event_cache_size = "100K";
federation_rr_transactions_per_room_per_second = 50; federation_rr_transactions_per_room_per_second = 50;
federation_client_minimum_tls_version = "1.2";
forget_rooms_on_leave = true; forget_rooms_on_leave = true;
include_profile_data_on_invite = true; include_profile_data_on_invite = true;
instance_map = { }; instance_map = { };
@ -162,6 +202,7 @@ in
stream_writers = { }; stream_writers = { };
trusted_key_servers = [{ server_name = "matrix.org"; }]; trusted_key_servers = [{ server_name = "matrix.org"; }];
suppress_key_server_warning = true;
turn_allow_guests = false; turn_allow_guests = false;
turn_uris = [ turn_uris = [
@ -213,6 +254,8 @@ in
]; ];
}; };
withJemalloc = true;
extraConfigFiles = [ extraConfigFiles = [
"/run/agenix/matrix-synapse-secret-config.yaml" "/run/agenix/matrix-synapse-secret-config.yaml"

View file

@ -88,10 +88,6 @@ in
gzip_types text/plain application/json; gzip_types text/plain application/json;
''; '';
locations = { locations = {
# TODO: Configure metrics
# "/metrics" = {
# };
# For telegram # For telegram
"/c3c3f34b-29fb-5feb-86e5-98c75ec8214b" = { "/c3c3f34b-29fb-5feb-86e5-98c75ec8214b" = {
proxyPass = "http://127.0.0.1:8009"; proxyPass = "http://127.0.0.1:8009";

View file

@ -1,5 +1,15 @@
{ config, flake, ... }: { config, flake, lib, ... }:
let
# Find element in list config.services.matrix-synapse.settings.listeners
# that sets type = "metrics"
listenerWithMetrics = lib.findFirst
(listener:
listener.type == "metrics")
(throw "Found no matrix-synapse.settings.listeners.*.type containing string metrics")
config.services.matrix-synapse.settings.listeners
;
synapseMetricsPort = "${toString listenerWithMetrics.port}";
in
{ {
age.secrets.nachtigall-metrics-nginx-basic-auth = { age.secrets.nachtigall-metrics-nginx-basic-auth = {
file = "${flake.self}/secrets/nachtigall-metrics-nginx-basic-auth.age"; file = "${flake.self}/secrets/nachtigall-metrics-nginx-basic-auth.age";
@ -14,6 +24,9 @@
locations."/metrics" = { locations."/metrics" = {
proxyPass = "http://127.0.0.1:${toString(config.services.prometheus.exporters.node.port)}"; proxyPass = "http://127.0.0.1:${toString(config.services.prometheus.exporters.node.port)}";
}; };
locations."/_synapse/metrics" = {
proxyPass = "http://127.0.0.1:${synapseMetricsPort}";
};
}; };
}; };
} }