vidhar: knot-resolverflakes

author: Gregor Kleen <gkleen@yggdrasil.li> 2026-03-21 23:10:47 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2026-03-21 23:10:47 +0100
commit: f4291b152510eb13b31b59c97c3a49ec83adf528 (patch)
tree: ee2d370623163a3306f0c36c44d30b0d89d065d2 /hosts/vidhar/prometheus/default.nix
parent: d1cf2303f41e69fb32b043597ff10603befe1eb3 (diff)
download: nixos-f4291b152510eb13b31b59c97c3a49ec83adf528.tar
nixos-f4291b152510eb13b31b59c97c3a49ec83adf528.tar.gz
nixos-f4291b152510eb13b31b59c97c3a49ec83adf528.tar.bz2
nixos-f4291b152510eb13b31b59c97c3a49ec83adf528.tar.xz
nixos-f4291b152510eb13b31b59c97c3a49ec83adf528.zip
1 files changed, 18 insertions, 22 deletions
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix
index 4a5fa3c8..35942c53 100644
--- a/hosts/vidhar/prometheus/default.nix
+++ b/hosts/vidhar/prometheus/default.nix
@@ -39,11 +39,6 @@ in {
          enable = true;
          configurationPath = pkgs.copyPathToStore "${pkgs.prometheus-snmp-exporter.src}/snmp.yml";
        };
-        unbound = {
-          enable = true;
-          unbound.host = "unix:///run/unbound/unbound.ctl";
-          group = config.services.unbound.group;
-        };
        wireguard = {
          enable = true;
          wireguardConfig =
@@ -164,10 +159,11 @@ in {
          ];
          scrape_interval = "10s";
        }
-        { job_name = "unbound";
+        { job_name = "knot-resolver";
          static_configs = [
-            { targets = ["localhost:${toString config.services.prometheus.exporters.unbound.port}"]; }
+            { targets = ["localhost:9167"]; }
          ];
+          metrics_path = "/metrics/prometheus";
          relabel_configs = relabelHosts;
          scrape_interval = "1s";
        }
@@ -241,7 +237,7 @@ in {
          [ { source_labels = ["__param_target"];
              target_label = "job";
              regex = "127\.0\.0\.1:53";
-              replacement = "unbound.dns_soa";
+              replacement = "knot-resolver.dns_soa";
            }
            { replacement = "localhost:${toString config.services.prometheus.exporters.blackbox.port}";
              target_label = "__address__";
@@ -332,20 +328,6 @@ in {
      };
    };
-    users.users.${config.services.prometheus.exporters.unbound.user} = {
-      description = "Prometheus unbound exporter service user";
-      isSystemUser = true;
-      group = config.services.unbound.group;
-    };
-    systemd.services."prometheus-unbound-exporter" = {
-      wantedBy = [ "unbound.service" ];
-      serviceConfig = {
-        DynamicUser = false;
-        Restart = lib.mkForce "always";
-        RestartSec = "5";
-      };
-    };
    systemd.services."prometheus-nftables-exporter" = {
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];
@@ -501,6 +483,20 @@ in {
      sopsFile = ./zte_dsl01.mgmt.yggdrasil;
    };
+    systemd.sockets."prometheus-knot-resolver-exporter" = {
+      unitConfig.WantedBy = [ "sockets.target" ];
+      socketConfig.ListenStream = "[::1]:9167";
+    };
+    systemd.services."prometheus-knot-resolver-exporter" = {
+      unitConfig = {
+        BindsTo = [ "knot-resolver.service" ];
+      };
+      serviceConfig = {
+        Type = "notify";
+        ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd /run/knot-resolver/kres-api.sock";
+      };
+    };
    services.corerad = {
      enable = true;
      settings = {
author	Gregor Kleen <gkleen@yggdrasil.li>	2026-03-21 23:10:47 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2026-03-21 23:10:47 +0100
commit	f4291b152510eb13b31b59c97c3a49ec83adf528 (patch)
tree	ee2d370623163a3306f0c36c44d30b0d89d065d2 /hosts/vidhar/prometheus/default.nix
parent	d1cf2303f41e69fb32b043597ff10603befe1eb3 (diff)
download	nixos-f4291b152510eb13b31b59c97c3a49ec83adf528.tar nixos-f4291b152510eb13b31b59c97c3a49ec83adf528.tar.gz nixos-f4291b152510eb13b31b59c97c3a49ec83adf528.tar.bz2 nixos-f4291b152510eb13b31b59c97c3a49ec83adf528.tar.xz nixos-f4291b152510eb13b31b59c97c3a49ec83adf528.zip