...

author: Gregor Kleen <gkleen@yggdrasil.li> 2023-03-11 13:06:00 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2023-03-11 13:06:00 +0100
commit: bf83ec9244e67ae14affc46f508a2f790fc62466 (patch)
tree: 690092578f53f3e02d505e0425ddbfc756dd5247 /hosts
parent: f0609892c399279456f07bdcee086fd67cb4d2ab (diff)
download: nixos-bf83ec9244e67ae14affc46f508a2f790fc62466.tar
nixos-bf83ec9244e67ae14affc46f508a2f790fc62466.tar.gz
nixos-bf83ec9244e67ae14affc46f508a2f790fc62466.tar.bz2
nixos-bf83ec9244e67ae14affc46f508a2f790fc62466.tar.xz
nixos-bf83ec9244e67ae14affc46f508a2f790fc62466.zip
1 files changed, 45 insertions, 0 deletions
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix
index 6bfa0b49..869b9b18 100644
--- a/hosts/vidhar/prometheus/default.nix
+++ b/hosts/vidhar/prometheus/default.nix
@@ -184,6 +184,13 @@ in {
          relabel_configs = relabelHosts;
          scrape_interval = "1s";
        }
+        { job_name = "cake";
+          static_configs = [
+            { targets = ["localhost:9902"]; }
+          ];
+          relabel_configs = relabelHosts;
+          scrape_interval = "1s";
+        }
        { job_name = "loki";
          static_configs = [
            { targets = ["localhost:9094"]; }
@@ -406,6 +413,44 @@ in {
      };
    };
+    systemd.services."prometheus-cake-exporter" = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      path = with pkgs; [ iproute2 ];
+      serviceConfig = {
+        Restart = "always";
+        PrivateTmp = true;
+        WorkingDirectory = "/tmp";
+        CapabilityBoundingSet = ["CAP_NET_ADMIN"];
+        DynamicUser = true;
+        DeviceAllow = [""];
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectSystem = "strict";
+        RemoveIPC = true;
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
+        SystemCallArchitectures = "native";
+        UMask = "0077";
+        AmbientCapabilities = [ "CAP_NET_ADMIN" ];
+        Type = "simple";
+        ExecStart = "${pkgs.cake-prometheus-exporter}/bin/cake-prometheus-exporter";
+        Environment = "CAKE_HOSTNAME=localhost CAKE_PORT=9902";
+      };
+    };
    services.nginx = {
      upstreams.prometheus = {
        servers = { "localhost:${toString config.services.prometheus.port}" = {}; };
author	Gregor Kleen <gkleen@yggdrasil.li>	2023-03-11 13:06:00 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2023-03-11 13:06:00 +0100
commit	bf83ec9244e67ae14affc46f508a2f790fc62466 (patch)
tree	690092578f53f3e02d505e0425ddbfc756dd5247 /hosts
parent	f0609892c399279456f07bdcee086fd67cb4d2ab (diff)
download	nixos-bf83ec9244e67ae14affc46f508a2f790fc62466.tar nixos-bf83ec9244e67ae14affc46f508a2f790fc62466.tar.gz nixos-bf83ec9244e67ae14affc46f508a2f790fc62466.tar.bz2 nixos-bf83ec9244e67ae14affc46f508a2f790fc62466.tar.xz nixos-bf83ec9244e67ae14affc46f508a2f790fc62466.zip

diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix index 6bfa0b49..869b9b18 100644 --- a/hosts/vidhar/prometheus/default.nix +++ b/hosts/vidhar/prometheus/default.nix
@@ -184,6 +184,13 @@ in {
184	relabel_configs = relabelHosts;	184	relabel_configs = relabelHosts;
185	scrape_interval = "1s";	185	scrape_interval = "1s";
186	}	186	}
		187	{ job_name = "cake";
		188	static_configs = [
		189	{ targets = ["localhost:9902"]; }
		190	];
		191	relabel_configs = relabelHosts;
		192	scrape_interval = "1s";
		193	}
187	{ job_name = "loki";	194	{ job_name = "loki";
188	static_configs = [	195	static_configs = [
189	{ targets = ["localhost:9094"]; }	196	{ targets = ["localhost:9094"]; }
@@ -406,6 +413,44 @@ in {
406	};	413	};
407	};	414	};
408		415
		416	systemd.services."prometheus-cake-exporter" = {
		417	wantedBy = [ "multi-user.target" ];
		418	after = [ "network.target" ];
		419	path = with pkgs; [ iproute2 ];
		420	serviceConfig = {
		421	Restart = "always";
		422
		423	PrivateTmp = true;
		424	WorkingDirectory = "/tmp";
		425	CapabilityBoundingSet = ["CAP_NET_ADMIN"];
		426	DynamicUser = true;
		427	DeviceAllow = [""];
		428	LockPersonality = true;
		429	MemoryDenyWriteExecute = true;
		430	NoNewPrivileges = true;
		431	PrivateDevices = true;
		432	ProtectClock = true;
		433	ProtectControlGroups = true;
		434	ProtectHome = true;
		435	ProtectHostname = true;
		436	ProtectKernelLogs = true;
		437	ProtectKernelModules = true;
		438	ProtectKernelTunables = true;
		439	ProtectSystem = "strict";
		440	RemoveIPC = true;
		441	RestrictNamespaces = true;
		442	RestrictRealtime = true;
		443	RestrictSUIDSGID = true;
		444	SystemCallArchitectures = "native";
		445	UMask = "0077";
		446	AmbientCapabilities = [ "CAP_NET_ADMIN" ];
		447
		448	Type = "simple";
		449	ExecStart = "${pkgs.cake-prometheus-exporter}/bin/cake-prometheus-exporter";
		450	Environment = "CAKE_HOSTNAME=localhost CAKE_PORT=9902";
		451	};
		452	};
		453
409	services.nginx = {	454	services.nginx = {
410	upstreams.prometheus = {	455	upstreams.prometheus = {
411	servers = { "localhost:${toString config.services.prometheus.port}" = {}; };	456	servers = { "localhost:${toString config.services.prometheus.port}" = {}; };