This commit adds basic Grafana dashboards for Dovecot and Prosody, to be
automatically deployed alongside the relevant services (if Grafana
itself is enabled).
As the former does not do exactly what it says it does in documentation.
Also, we decrease the default scrape interval for Prometheus from 1m to
30s to improve granularity of data.
This adds basic metric definitions across a number of different events,
to be expanded upon as needed in the future. Several metrics are given
additional vectors with low cardinality.
This commit adds two services, `grafana` and `prometheus`, and sets up
some existing services (`dovecot` and `prosody`) to expose metrics into
Grafana. In addition, systemd services have been added to facilitate
registering metrics for services into Prometheus, as well as
automatically provisioning Grafana dashboards based on static JSON
representations.
This work will continue to evolve as more services gain proper Grafana
dashboards, and Loki is also integrated for access to the systemd
journal.
By default, a `hugo-build-local@.service` systemd service is included,
for building Hugo-based sites as stored in a local Git repository (as
served by the `git` service), and into a volume (which is intended to be
served by the `nginx-serve-volume` service).
Direct TLS connections for clients allow for faster connection
establishment, and disabling HTTPS in Prosody fixes use of components
which expect to be exposed via a reverse proxy (such as Nginx).
This extends SSL/TLS configuration for client connections to allow for a
set of additional ciphers over the current "intermediate" set of
defaults applied, in support of older clients.
This brings a number of changes and improvements, and moves from MariaDB
to SQLite for storage, which requires manual migration for pre-existing
deployments using `prosody-migrator`.
Symbolic links are now synchronized verbatim (i.e. the links themselves,
not their destinations) to allow for restoring our pattern of linking to
the latest backup file.
In addition, the destination remote and path can now be configured
individually in drop-in files, but still default to the encrypted
remote.
This commit adds a new systemd service, `rclone-sync@.service`,
templated against the absolute path of a directory to keep in sync with
a (presumably) remote store.
Support for Backblaze B2 endpoints has been set up by default, but the
specific remote type can be configured via the `RCLONE_REMOTE_TYPE` host
variable. In addition, a default-passthrough remote that encrypts data
against a static password and salt has been defined under the `crypt`
name, and can also be used as the `RCLONE_DEST` of choice.
We no longer copy service directories into `/etc/coreos-home-server` if
these have not had their respective `spec.bu` files included; these
directories are not needed in these cases, and would be erroneously
considered as eligible in subsequent `coreos-home-server-update`
invocations.
This commit contains a fairly large diff for a fairly small change:
moving the `config/common` directory to `host/base` to better reflect
its intended use, and promoting `config/service` to the root directory.
These changes unlock some improvements in `coreos-home-server-update`
processes, which will (assuming `/etc/coreos-home-server/base` exists)
keep host-wide systemd services in sync in addition to service-specific
ones.
Changes have been make to the `Makefile` and a few other places where
`config/common` was referenced, but most of this work is renames that
are not intended to break compatibility with new or running servers.
