services/prometheus: init metrics
This commit is contained in:
parent
92eb5b1ac4
commit
8bb43c697c
SSH key fingerprint:
SHA256:3px8QV1zEerIrEWHaqtH5rR9kjetyRST5EipOPrd+bU
|
|
@ -30,6 +30,8 @@ in
|
|||
rspamd-controller = 4040;
|
||||
rspamd-redis = 4041;
|
||||
caddy-admin = 4050;
|
||||
prometheus = 4060;
|
||||
prometheus-node-exporter = 4070;
|
||||
|
||||
# public ports
|
||||
enthalpy-wireguard-reimu-aston = 13101;
|
||||
|
|
|
|||
32
nixos/profiles/services/prometheus/node-exporter.nix
Normal file
32
nixos/profiles/services/prometheus/node-exporter.nix
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
# Portions of this file are sourced from
|
||||
# https://github.com/NickCao/flakes/blob/3b03efb676ea602575c916b2b8bc9d9cd13b0d85/modules/metrics/default.nix
|
||||
{ config, ... }:
|
||||
{
|
||||
sops.secrets."prometheus/metrics" = {
|
||||
sopsFile = config.sops.secretFiles.get "common.yaml";
|
||||
restartUnits = [ "caddy.service" ];
|
||||
};
|
||||
|
||||
systemd.services.caddy.serviceConfig = {
|
||||
EnvironmentFile = [ config.sops.secrets."prometheus/metrics".path ];
|
||||
};
|
||||
|
||||
services.prometheus.exporters.node = {
|
||||
enable = true;
|
||||
listenAddress = "127.0.0.1";
|
||||
port = config.networking.ports.prometheus-node-exporter;
|
||||
enabledCollectors = [ "systemd" ];
|
||||
disabledCollectors = [ "arp" ];
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."${config.networking.fqdn}" = {
|
||||
extraConfig = with config.services.prometheus.exporters.node; ''
|
||||
route /metrics {
|
||||
basic_auth {
|
||||
prometheus {$PROM_PASSWD}
|
||||
}
|
||||
reverse_proxy ${listenAddress}:${toString port}
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
@ -1,5 +1,7 @@
|
|||
user-password:
|
||||
root: ENC[AES256_GCM,data:SN7VmzYOyaNlDBjlDOTfiLghIJmIAUUBU0Im1kJv7KSsV4K+1vNQYez7bWh12i0e7zhIPtiT6WuRUaMeMIxJEoEBGUYunyZPMg==,iv:pb1T/FVzcVs9zATWsQvrTxV5V0lbL50v2ZXMGMcWy/M=,tag:E88JH+x414Xawm0efzFIYQ==,type:str]
|
||||
prometheus:
|
||||
metrics: ENC[AES256_GCM,data:t13fsbrjzE4snvhu2byRwNptkrKZ4+Cy+oVXoChFTJg0r/J+pRSEHWKJ6u673sgOUE1ZCdiltuE0+SH00gmOtQ4kboEFBmJwFg==,iv:oxPsofpA8fBrsWn7OqECojvL6EGSC9v1u/qUxaGQErc=,tag:7lEWWspOqOuUSHY/hbfzWA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -51,8 +53,8 @@ sops:
|
|||
eXhjTEtFRHk1bXdVcW5CelQ0b0lZazAKT798Qw+HCVtvfxuf3JgHcEtL5iIMF6/u
|
||||
vPqlDDO/jPaGgSoWUWYRjcqJ7tMSmXcuu8SqBTKvv5MwGgvkXF4Uiw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-14T14:16:54Z"
|
||||
mac: ENC[AES256_GCM,data:wewto5HqMRqlDSBZ7/muXMx59JfDtLyMqzaoha4yF3RMAb28lyZ/qCa99WIbHZtyvStspNzveUST9tUKdOqnxF7g6xUKZYsKzNNMEroL3qV3yOj1gaEonluS0T04EOvlBFOgtwOW7meJmNjv52N2l5embuRkeXf44quNxcu/G6A=,iv:QrYbYV3T6AWk8eKqidchML0xAVP3Y8OjnuL2zli0Ft8=,tag:3VryAJvVb0qBHzW4/Zy5DQ==,type:str]
|
||||
lastmodified: "2024-12-21T11:58:06Z"
|
||||
mac: ENC[AES256_GCM,data:7bmoRWptwd9XBzMCiWsHT1JT8wj5jZhOszXbFwq/6xGTvKSZZdDiLzkwQCzYLWupvC54nX8sG9kRiIYXM+PCsQagiUIDGrUE6IyPe09H48PaCSPPoG0DYgvpMsfkQQMKhSG06RLFVCtn/lM9PSETDGL0RuSMxUScE+oxBQhinu0=,iv:iWX/5ybPdJOE81ORq1b5b7NelAAMx7iZeICkBkuXx/Y=,tag:TTGtXxijf+8EQ5DS9nCMFA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
|
|
|
|||
31
secrets/hosts/reisen-nrt0.yaml
Normal file
31
secrets/hosts/reisen-nrt0.yaml
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
prometheus:
|
||||
password: ENC[AES256_GCM,data:s6Uws+CPWOSXZIqnkTH0CQ68ht0kv1tPP34k0NlTVo896zq2qdSXnC4/758gAkw+st0W9Pp91H2IKs0NAvs8JQ==,iv:dwRX8wloEIc3uJXY0wSmVycwnjHtBWvzkxdNwodlX5s=,tag:TMh2YgdFkNRVnyZk5lRnyQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1sfnct03u4cvfj98x4yjrcrrnu5gg8qgxrwk4uqq8w4e6wveeaedq97rn44
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTck5wUWhFdGVxSmNWblBT
|
||||
VXlNSEhRaHdJeGtMajBCVmdRV3pPbzdBTzJBCmdZdjc4UXZqZXJibWMxbjNiZGMx
|
||||
QjU2MytDbnNUS2ZLZEpGN2l5QVk0bk0KLS0tIHJrejlUM3JmbGFHRHJUdnh4OGJu
|
||||
aVQxam5qTVk5TldaL2k5VEYvRmE2bUEK3tEEWLrEjyNMQBAcZf/V9JuUoLSRT1La
|
||||
mJVIOHSOli3q6xLkCZPmPL44CVSuxhuNaopbFbbkKIxdWatCypndaQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1uf2h3hlv373ppdstjlngyuu7q5mee3u3ww3674lsj9rlt9ax7vqsv7wpe8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEVXEzeDZQUEpiTG5QWTB1
|
||||
WEZ4cmJ2NVlDaFpVOUV4NzFadDRianZDOFE4CjBLYVpPSUlOdzd0aHJwcEdIV1RK
|
||||
eUdwLy9xMTF6TzlmbEtMS25DdUlVek0KLS0tIGI0Qlp6Z00rWDcydEJwc3B3UW9r
|
||||
WncvOExhVnQ4bmNHSUNiSGlqeEZpR3MKMBLtLEbGA76XsH6cuqBJ/81V27F+PN1K
|
||||
0Qxd9jHDlljzwsdz2IYzb5Cya6Fg0QhuU3zn7zNp1B8JYJIxXdyMiA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-21T11:20:18Z"
|
||||
mac: ENC[AES256_GCM,data:yuTTbHN4L6BlTJhUt7kHKQ0Mal+0IFhK26rl/EOJLdeGsByZQV2LxWqGRhsfZJI0F2vnhdheHyHAf40lCPF5kYvDjz+RmOWdffVIPtmR24jovGWQl+oL7ia3FbbvkBSo+xds+5Qe3YWReDCMdO+2uKJh9IGx8UPPdwre+Re5Rgs=,iv:3c0CJhKvSfhIBNe1UCO7VUV4B9/uW29lnuSwkJnQIus=,tag:gJh2q/nEzUSIaUw5mltBnA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
Loading…
Reference in a new issue