1 files changed, 73 insertions, 0 deletions
diff --git a/hosts/surtr/prometheus/default.nix b/hosts/surtr/prometheus/default.nix
new file mode 100644
index 00000000..3fdfc2aa
--- /dev/null
+++ b/hosts/surtr/prometheus/default.nix
@@ -0,0 +1,73 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  relabelHosts = [
+    { source_labels = ["__address__"];
+      target_label = "instance";
+      regex = "(localhost|127\.[0-9]+\.[0-9]+\.[0-9]+)(:[0-9]+)?";
+      replacement = "surtr";
+    }
+  ];
+in {
+  config = {
+    services.prometheus = {
+      enable = true;
+      exporters = {
+        node = {
+          enable = true;
+          enabledCollectors = [];
+        };
+      };
+      globalConfig = {
+        evaluation_interval = "1s";
+        remote_write = {
+          url = "https://prometheus.vidhar.yggdrasil/api/v1/write";
+          name = "vidhar";
+          tls_config = {
+            ca_file = ../../vidhar/prometheus/ca/ca.crt;
+            cert_file = ./tls.crt;
+            key_file = "/run/credentials/prometheus.service/tls.key";
+          };
+        };
+      };
+      scrapeConfigs = [
+        { job_name = "prometheus";
+          static_configs = [
+            { targets = ["localhost:${toString config.services.prometheus.port}"]; }
+          ];
+          relabel_configs = relabelHosts;
+          scrape_interval = "1s";
+        }
+        { job_name = "node";
+          static_configs = [
+            { targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; }
+          ];
+          relabel_configs = relabelHosts;
+          scrape_interval = "1s";
+        }
+      ];
+      rules = [
+        (generators.toYAML {} {
+          groups = [
+          ];
+        })
+      ];
+    };
+    sops.secrets."prometheus.key" = {
+      format = "binary";
+      sopsFile = ./tls.key;
+    };
+    systemd.services.prometheus.serviceConfig.LoadCredential = [
+      "tls.key:${config.sops.secrets."prometheus.key".path}"
+    ];
+  };
+}

diff --git a/hosts/surtr/prometheus/default.nix b/hosts/surtr/prometheus/default.nix new file mode 100644 index 00000000..3fdfc2aa --- /dev/null +++ b/hosts/surtr/prometheus/default.nix
@@ -0,0 +1,73 @@
	1	{ config, lib, pkgs, ... }:
	2
	3	with lib;
	4
	5	let
	6	relabelHosts = [
	7	{ source_labels = ["__address__"];
	8	target_label = "instance";
	9	regex = "(localhost\|127\.[0-9]+\.[0-9]+\.[0-9]+)(:[0-9]+)?";
	10	replacement = "surtr";
	11	}
	12	];
	13	in {
	14	config = {
	15	services.prometheus = {
	16	enable = true;
	17
	18	exporters = {
	19	node = {
	20	enable = true;
	21	enabledCollectors = [];
	22	};
	23	};
	24
	25	globalConfig = {
	26	evaluation_interval = "1s";
	27
	28	remote_write = {
	29	url = "https://prometheus.vidhar.yggdrasil/api/v1/write";
	30	name = "vidhar";
	31	tls_config = {
	32	ca_file = ../../vidhar/prometheus/ca/ca.crt;
	33	cert_file = ./tls.crt;
	34	key_file = "/run/credentials/prometheus.service/tls.key";
	35	};
	36	};
	37	};
	38
	39	scrapeConfigs = [
	40	{ job_name = "prometheus";
	41	static_configs = [
	42	{ targets = ["localhost:${toString config.services.prometheus.port}"]; }
	43	];
	44	relabel_configs = relabelHosts;
	45	scrape_interval = "1s";
	46	}
	47	{ job_name = "node";
	48	static_configs = [
	49	{ targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; }
	50	];
	51	relabel_configs = relabelHosts;
	52	scrape_interval = "1s";
	53	}
	54	];
	55
	56	rules = [
	57	(generators.toYAML {} {
	58	groups = [
	59	];
	60	})
	61	];
	62	};
	63
	64	sops.secrets."prometheus.key" = {
	65	format = "binary";
	66	sopsFile = ./tls.key;
	67	};
	68
	69	systemd.services.prometheus.serviceConfig.LoadCredential = [
	70	"tls.key:${config.sops.secrets."prometheus.key".path}"
	71	];
	72	};
	73	}