diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-09-13 10:29:35 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-09-13 10:29:35 +0200 |
commit | b931543508377c0e48a6801e4ea217eb523e2b03 (patch) | |
tree | 373c8ab46c6e78cb69654d816fadf8d6fef1fd28 /hosts/vidhar/prometheus/default.nix | |
parent | 92dab2dbad09bee9698fc0a9734140af37ca550a (diff) | |
download | nixos-b931543508377c0e48a6801e4ea217eb523e2b03.tar nixos-b931543508377c0e48a6801e4ea217eb523e2b03.tar.gz nixos-b931543508377c0e48a6801e4ea217eb523e2b03.tar.bz2 nixos-b931543508377c0e48a6801e4ea217eb523e2b03.tar.xz nixos-b931543508377c0e48a6801e4ea217eb523e2b03.zip |
...
Diffstat (limited to 'hosts/vidhar/prometheus/default.nix')
-rw-r--r-- | hosts/vidhar/prometheus/default.nix | 50 |
1 files changed, 26 insertions, 24 deletions
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix index 4c23d8a9..7ac86c30 100644 --- a/hosts/vidhar/prometheus/default.nix +++ b/hosts/vidhar/prometheus/default.nix | |||
@@ -34,20 +34,6 @@ in { | |||
34 | enable = true; | 34 | enable = true; |
35 | enabledCollectors = []; | 35 | enabledCollectors = []; |
36 | }; | 36 | }; |
37 | smartctl = { | ||
38 | enable = true; | ||
39 | devices = map (dev: "/dev/disk/by-path/${dev}") [ | ||
40 | "pci-0000:00:1f.2-ata-1" | ||
41 | "pci-0000:00:1f.2-ata-3" | ||
42 | "pci-0000:00:1f.2-ata-4" | ||
43 | "pci-0000:00:1f.2-ata-5" | ||
44 | "pci-0000:00:1f.2-ata-6" | ||
45 | "pci-0000:02:00.0-nvme-1" | ||
46 | "pci-0000:05:00.0-sas-phy0-lun-0" | ||
47 | "pci-0000:05:00.0-sas-phy1-lun-0" | ||
48 | "pci-0000:06:00.0-nvme-1" | ||
49 | ]; | ||
50 | }; | ||
51 | snmp = { | 37 | snmp = { |
52 | enable = true; | 38 | enable = true; |
53 | configurationPath = ./snmp.yml; | 39 | configurationPath = ./snmp.yml; |
@@ -124,10 +110,10 @@ in { | |||
124 | } | 110 | } |
125 | { job_name = "smartctl"; | 111 | { job_name = "smartctl"; |
126 | static_configs = [ | 112 | static_configs = [ |
127 | { targets = ["localhost:${toString config.services.prometheus.exporters.smartctl.port}"]; } | 113 | { targets = ["localhost:9633"]; } |
128 | ]; | 114 | ]; |
129 | relabel_configs = relabelHosts; | 115 | relabel_configs = relabelHosts; |
130 | scrape_interval = "1s"; | 116 | scrape_interval = "60s"; |
131 | } | 117 | } |
132 | { job_name = "snmp"; | 118 | { job_name = "snmp"; |
133 | static_configs = [ | 119 | static_configs = [ |
@@ -376,6 +362,30 @@ in { | |||
376 | }; | 362 | }; |
377 | }; | 363 | }; |
378 | 364 | ||
365 | systemd.services."prometheus-smartctl-exporter" = { | ||
366 | wantedBy = [ "multi-user.target" ]; | ||
367 | after = [ "network.target" ]; | ||
368 | path = with pkgs; [ smartmontools ]; | ||
369 | serviceConfig = { | ||
370 | Restart = "always"; | ||
371 | |||
372 | CapabilityBoundingSet = ["CAP_DAC_OVERRIDE" "CAP_SYS_RAWIO" "CAP_SYS_ADMIN"]; | ||
373 | AmbientCapabilities = ["CAP_DAC_OVERRIDE" "CAP_SYS_RAWIO" "CAP_SYS_ADMIN"]; | ||
374 | ProtectSystem = "strict"; | ||
375 | DynamicUser = true; | ||
376 | LockPersonality = true; | ||
377 | MemoryDenyWriteExecute = true; | ||
378 | NoNewPrivileges = true; | ||
379 | PrivateDevices = false; | ||
380 | PrivateTmp = true; | ||
381 | ProcSubset = "pid"; | ||
382 | |||
383 | Type = "simple"; | ||
384 | ExecStart = "${pkgs.smartprom}/bin/smartprom"; | ||
385 | Environment = "SMARTCTL_EXPORTER_PORT=9633"; | ||
386 | }; | ||
387 | }; | ||
388 | |||
379 | systemd.services."prometheus-systemd-exporter" = let | 389 | systemd.services."prometheus-systemd-exporter" = let |
380 | cfg = config.services.prometheus.exporters.systemd; | 390 | cfg = config.services.prometheus.exporters.systemd; |
381 | in { | 391 | in { |
@@ -385,14 +395,6 @@ in { | |||
385 | ''; | 395 | ''; |
386 | }; | 396 | }; |
387 | 397 | ||
388 | systemd.services."prometheus-smartctl-exporter" = { | ||
389 | serviceConfig = { | ||
390 | DeviceAllow = lib.mkForce config.services.prometheus.exporters.smartctl.devices; | ||
391 | CapabilityBoundingSet = lib.mkForce ["CAP_SYS_ADMIN"]; | ||
392 | AmbientCapabilities = lib.mkForce ["CAP_SYS_ADMIN"]; | ||
393 | }; | ||
394 | }; | ||
395 | |||
396 | services.nginx = { | 398 | services.nginx = { |
397 | upstreams.prometheus = { | 399 | upstreams.prometheus = { |
398 | servers = { "localhost:${toString config.services.prometheus.port}" = {}; }; | 400 | servers = { "localhost:${toString config.services.prometheus.port}" = {}; }; |