services/prometheus: collect caddy metrics

2024-12-22 22:20:43 +08:00 · 2024-12-22 22:20:43 +08:00 · ac082d8fec
parent 4d72d754ed
commit ac082d8fec
4 changed files with 27 additions and 45 deletions
--- a/nixos/hosts/flandre-m5p/networking.nix
+++ b/nixos/hosts/flandre-m5p/networking.nix
@ -2,8 +2,6 @@
  profiles,
  lib,
  config,
-  hostData,
-  mylib,
  ...
 }:
 {
@ -11,6 +9,12 @@
    services.enthalpy.customer-dualstack
  ];

+  systemd.services.nix-daemon = {
+    inherit (config.networking.netns.enthalpy) serviceConfig;
+    after = [ "netns-enthalpy.service" ];
+    requires = [ "netns-enthalpy.service" ];
+  };
+
  services.enthalpy = {
    ipsec.interfaces = [ "enp2s0" ];
    clat.segment = lib.singleton "fde3:3be3:a244:f876::2";
@ -75,47 +79,4 @@
      }
    '';
  };
-
-  sops.secrets."wireguard/reimu-aston/private-key" = {
-    sopsFile = config.sops.secretFiles.host;
-  };
-
-  sops.secrets."wireguard/reimu-aston/preshared-key" = {
-    sopsFile = config.sops.secretFiles.host;
-  };
-
-  networking.wireguard = {
-    enable = true;
-    interfaces = {
-      reimu-aston = {
-        privateKeyFile = config.sops.secrets."wireguard/reimu-aston/private-key".path;
-        interfaceNamespace = "enthalpy";
-        listenPort = config.networking.ports.enthalpy-wireguard-reimu-aston;
-        peers = lib.singleton {
-          publicKey = "Phf1usg7i2vW5gawA1C44ZIydCFFCUqyP01w9j4/bEY=";
-          presharedKeyFile = config.sops.secrets."wireguard/reimu-aston/preshared-key".path;
-          allowedIPs = [
-            "172.16.0.1/32"
-            "${mylib.network.cidr.host 1 (mylib.network.cidr.subnet 4 15 hostData.enthalpy_node_prefix)}/128"
-          ];
-        };
-      };
-    };
-  };
-
-  networking.netns.enthalpy = {
-    enableIPv4Forwarding = lib.mkForce true;
-    nftables = {
-      enable = true;
-      tables.wireguard-reimu-aston = {
-        family = "ip";
-        content = ''
-          chain postrouting {
-            type nat hook postrouting priority srcnat; policy accept;
-            iifname reimu-aston oifname clat counter masquerade
-          }
-        '';
-      };
-    };
-  };
 }
--- a/nixos/profiles/services/caddy/default.nix
+++ b/nixos/profiles/services/caddy/default.nix
@ -29,5 +29,9 @@

  services.caddy.globalConfig = ''
    admin 127.0.0.1:${toString config.networking.ports.caddy-admin}
+
+    servers {
+      metrics
+    }
  '';
 }
--- a/nixos/profiles/services/prometheus/node-exporter.nix
+++ b/nixos/profiles/services/prometheus/node-exporter.nix
@ -27,6 +27,13 @@
        }
        reverse_proxy ${listenAddress}:${toString port}
      }
+
+      route /caddy {
+        basic_auth {
+          prometheus {$PROM_PASSWD}
+        }
+        metrics
+      }
    '';
  };
 }
--- a/nixos/profiles/services/prometheus/server.nix
+++ b/nixos/profiles/services/prometheus/server.nix
@ -64,6 +64,16 @@ in
        };
        static_configs = [ { inherit targets; } ];
      }
+      {
+        job_name = "caddy";
+        scheme = "https";
+        metrics_path = "/caddy";
+        basic_auth = {
+          username = "prometheus";
+          password_file = config.sops.secrets."prometheus/password".path;
+        };
+        static_configs = [ { inherit targets; } ];
+      }
      {
        job_name = "dns";
        scheme = "http";