summaryrefslogtreecommitdiff
path: root/hosts/vidhar/prometheus.nix
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-12-31 16:03:18 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2021-12-31 16:03:18 +0100
commit70b99a56e9dae01397e9692bc6eb5fe23dec15a3 (patch)
treed62855c492353dbbb3b5e0744fc576b351d600d3 /hosts/vidhar/prometheus.nix
parentf4301a77c9410f931c61b851bc5c1076d25dae80 (diff)
downloadnixos-70b99a56e9dae01397e9692bc6eb5fe23dec15a3.tar
nixos-70b99a56e9dae01397e9692bc6eb5fe23dec15a3.tar.gz
nixos-70b99a56e9dae01397e9692bc6eb5fe23dec15a3.tar.bz2
nixos-70b99a56e9dae01397e9692bc6eb5fe23dec15a3.tar.xz
nixos-70b99a56e9dae01397e9692bc6eb5fe23dec15a3.zip
vidhar: prometheus: ...
Diffstat (limited to 'hosts/vidhar/prometheus.nix')
-rw-r--r--hosts/vidhar/prometheus.nix148
1 files changed, 148 insertions, 0 deletions
diff --git a/hosts/vidhar/prometheus.nix b/hosts/vidhar/prometheus.nix
new file mode 100644
index 00000000..1eaacd0f
--- /dev/null
+++ b/hosts/vidhar/prometheus.nix
@@ -0,0 +1,148 @@
1{ config, lib, pkgs, ... }:
2let
3 relabelHosts = [
4 { source_labels = ["__address__"];
5 target_label = "instance";
6 regex = "localhost(:[0-9]+)?";
7 replacement = "vidhar";
8 }
9 { source_labels = ["__address__"];
10 target_label = "instance";
11 regex = "10.141.1.2(:[0-9]+)?";
12 replacement = "switch01";
13 }
14 ];
15in {
16 config = {
17 services.prometheus = {
18 enable = true;
19
20 exporters = {
21 node.enable = true;
22 smartctl = {
23 enable = true;
24 devices = [
25 "pci-0000:00:1f.2-ata-1"
26 "pci-0000:00:1f.2-ata-3"
27 "pci-0000:00:1f.2-ata-4"
28 "pci-0000:00:1f.2-ata-5"
29 "pci-0000:00:1f.2-ata-6"
30 "pci-0000:02:00.0-nvme-1"
31 "pci-0000:05:00.0-sas-phy0-lun-0"
32 "pci-0000:05:00.0-sas-phy1-lun-0"
33 "pci-0000:06:00.0-nvme-1"
34 ];
35 };
36 snmp = {
37 enable = true;
38 configuration = {
39 default = { auth = { community = "public"; }; version = "2"; };
40 };
41 };
42 unbound = {
43 enable = true;
44 controlInterface = "/run/unbound/unbound.ctl";
45 };
46 wireguard.enable = true;
47 };
48
49 scrapeConfigs = [
50 { job_name = "node";
51 static_configs = [
52 { targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; }
53 ];
54 relabel_configs = relabelHosts;
55 }
56 { job_name = "smartctl";
57 static_configs = [
58 { targets = ["localhost:${toString config.services.prometheus.exporters.smartctl.port}"]; }
59 ];
60 relabel_configs = relabelHosts;
61 }
62 { job_name = "snmp";
63 static_configs = [
64 { targets = ["10.141.1.2"]; }
65 ];
66 metrics_path = "/snmp";
67 params = {
68 module = ["if_mib"];
69 };
70 relabel_configs = [
71 { source_labels = ["__address__"];
72 target_label = "__param_target";
73 }
74 { source_labels = ["__param_target"];
75 target_label = "instance";
76 }
77 { replacement = "localhost:${toString config.services.prometheus.exporters.snmp.port}";
78 target_label = "__address__";
79 }
80 ] ++ relabelHosts;
81 }
82 { job_name = "zte";
83 static_configs = [
84 { targets = ["localhost:9900"]; }
85 ];
86 relabel_configs = [
87 { replacement = "telekom";
88 target_label = "instance";
89 }
90 ];
91 }
92 { job_name = "unbound";
93 static_configs = [
94 { targets = ["localhost:${toString config.services.prometheus.exporters.unbound.port}"]; }
95 ];
96 relabel_configs = relabelHosts;
97 }
98 { job_name = "wireguard";
99 static_configs = [
100 { targets = ["localhost:${toString config.services.prometheus.exporters.wireguard.port}"]; }
101 ];
102 relabel_configs = relabelHosts;
103 }
104 ];
105 };
106
107 systemd.services."prometheus-zte-exporter@10.141.1.3" = {
108 wantedBy = [ "multi-user.target" ];
109 after = [ "network.target" ];
110 serviceConfig = {
111 Restart = "always";
112 PrivateTmp = true;
113 WorkingDirectory = "/tmp";
114 DynamicUser = true;
115 CapabilityBoundingSet = [""];
116 DeviceAllow = [""];
117 LockPersonality = true;
118 MemoryDenyWriteExecute = true;
119 NoNewPrivileges = true;
120 PrivateDevices = true;
121 ProtectClock = true;
122 ProtectControlGroups = true;
123 ProtectHome = true;
124 ProtectHostname = true;
125 ProtectKernelLogs = true;
126 ProtectKernelModules = true;
127 ProtectKernelTunables = true;
128 ProtectSystem = "strict";
129 RemoveIPC = true;
130 RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
131 RestrictNamespaces = true;
132 RestrictRealtime = true;
133 RestrictSUIDSGID = true;
134 SystemCallArchitectures = "native";
135 UMask = "0077";
136
137 Type = "simple";
138 ExecStart = "${pkgs.zte-prometheus-exporter}/bin/zte-prometheus-exporter";
139 Environment = "ZTE_BASEURL=%I ZTE_HOSTNAME=localhost ZTE_PORT=9900";
140 EnvironmentFile = config.sops.secrets."zte_10.141.1.3".path;
141 };
142 };
143 sops.secrets."zte_10.141.1.3" = {
144 format = "binary";
145 sopsFile = ./zte_10.141.1.3;
146 };
147 };
148}