1 files changed, 0 insertions, 166 deletions
diff --git a/hosts/vidhar/prometheus.nix b/hosts/vidhar/prometheus.nix
deleted file mode 100644
index 7c776c0f..00000000
--- a/hosts/vidhar/prometheus.nix
+++ /dev/null
@@ -1,166 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  relabelHosts = [
-    { source_labels = ["__address__"];
-      target_label = "instance";
-      regex = "localhost(:[0-9]+)?";
-      replacement = "vidhar";
-    }
-    { source_labels = ["__address__"];
-      target_label = "instance";
-      regex = "10.141.1.2(:[0-9]+)?";
-      replacement = "switch01";
-    }
-  ];
-in {
-  config = {
-    services.prometheus = {
-      enable = true;
-      exporters = {
-        node.enable = true;
-        smartctl = {
-          enable = true;
-          devices = map (dev: "/dev/disk/by-path/${dev}") [
-            "pci-0000:00:1f.2-ata-1"
-            "pci-0000:00:1f.2-ata-3"
-            "pci-0000:00:1f.2-ata-4"
-            "pci-0000:00:1f.2-ata-5"
-            "pci-0000:00:1f.2-ata-6"
-            "pci-0000:02:00.0-nvme-1"
-            "pci-0000:05:00.0-sas-phy0-lun-0"
-            "pci-0000:05:00.0-sas-phy1-lun-0"
-            "pci-0000:06:00.0-nvme-1"
-          ];
-        };
-        snmp = {
-          enable = true;
-          configuration = {
-            default = { auth = { community = "public"; }; version = 2; };
-          };
-        };
-        unbound = {
-          enable = true;
-          controlInterface = "/run/unbound/unbound.ctl";
-          group = config.services.unbound.group;
-        };
-        wireguard.enable = true;
-      };
-      scrapeConfigs = [
-        { job_name = "prometheus";
-          static_configs = [
-            { targets = ["localhost:${toString config.services.prometheus.port}"]; }
-          ];
-          relabel_configs = relabelHosts;
-        }
-        { job_name = "node";
-          static_configs = [
-            { targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; }
-          ];
-          relabel_configs = relabelHosts;
-        }
-        { job_name = "smartctl";
-          static_configs = [
-            { targets = ["localhost:${toString config.services.prometheus.exporters.smartctl.port}"]; }
-          ];
-          relabel_configs = relabelHosts;
-        }
-        { job_name = "snmp";
-          static_configs = [
-            { targets = ["10.141.1.2"]; }
-          ];
-          metrics_path = "/snmp";
-          relabel_configs = [
-            { source_labels = ["__address__"];
-              target_label = "__param_target";
-            }
-            { source_labels = ["__param_target"];
-              target_label = "instance";
-            }
-            { replacement = "localhost:${toString config.services.prometheus.exporters.snmp.port}";
-              target_label = "__address__";
-            }
-          ] ++ relabelHosts;
-        }
-        { job_name = "zte";
-          static_configs = [
-            { targets = ["localhost:9900"]; }
-          ];
-          relabel_configs = [
-            { replacement = "telekom";
-              target_label = "instance";
-            }
-          ];
-        }
-        { job_name = "unbound";
-          static_configs = [
-            { targets = ["localhost:${toString config.services.prometheus.exporters.unbound.port}"]; }
-          ];
-          relabel_configs = relabelHosts;
-        }
-        { job_name = "wireguard";
-          static_configs = [
-            { targets = ["localhost:${toString config.services.prometheus.exporters.wireguard.port}"]; }
-          ];
-          relabel_configs = relabelHosts;
-        }
-        { job_name = "corerad";
-          static_configs = [
-            { targets = ["localhost:9430"]; }
-          ];
-          relabel_configs = relabelHosts;
-        }
-      ];
-    };
-    users.users.${config.services.prometheus.exporters.unbound.user} = {
-      description = "Prometheus unbound exporter service user";
-      isSystemUser = true;
-      group = config.services.unbound.group;
-    };
-    systemd.services."prometheus-unbound-exporter".serviceConfig = {
-      DynamicUser = false;
-    };
-    systemd.services."prometheus-zte-exporter@10.141.1.3" = {
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" ];
-      serviceConfig = {
-        Restart = "always";
-        PrivateTmp = true;
-        WorkingDirectory = "/tmp";
-        DynamicUser = true;
-        CapabilityBoundingSet = [""];
-        DeviceAllow = [""];
-        LockPersonality = true;
-        MemoryDenyWriteExecute = true;
-        NoNewPrivileges = true;
-        PrivateDevices = true;
-        ProtectClock = true;
-        ProtectControlGroups = true;
-        ProtectHome = true;
-        ProtectHostname = true;
-        ProtectKernelLogs = true;
-        ProtectKernelModules = true;
-        ProtectKernelTunables = true;
-        ProtectSystem = "strict";
-        RemoveIPC = true;
-        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
-        RestrictNamespaces = true;
-        RestrictRealtime = true;
-        RestrictSUIDSGID = true;
-        SystemCallArchitectures = "native";
-        UMask = "0077";
-        Type = "simple";
-        ExecStart = "${pkgs.zte-prometheus-exporter}/bin/zte-prometheus-exporter";
-        Environment = "ZTE_BASEURL=http://%I ZTE_HOSTNAME=localhost ZTE_PORT=9900";
-        EnvironmentFile = config.sops.secrets."zte_10.141.1.3".path;
-      };
-    };
-    sops.secrets."zte_10.141.1.3" = {
-      format = "binary";
-      sopsFile = ./zte_10.141.1.3;
-    };
-  };
-}

diff --git a/hosts/vidhar/prometheus.nix b/hosts/vidhar/prometheus.nix deleted file mode 100644 index 7c776c0f..00000000 --- a/hosts/vidhar/prometheus.nix +++ /dev/null
@@ -1,166 +0,0 @@
1	{ config, lib, pkgs, ... }:
2	let
3	relabelHosts = [
4	{ source_labels = ["__address__"];
5	target_label = "instance";
6	regex = "localhost(:[0-9]+)?";
7	replacement = "vidhar";
8	}
9	{ source_labels = ["__address__"];
10	target_label = "instance";
11	regex = "10.141.1.2(:[0-9]+)?";
12	replacement = "switch01";
13	}
14	];
15	in {
16	config = {
17	services.prometheus = {
18	enable = true;
19
20	exporters = {
21	node.enable = true;
22	smartctl = {
23	enable = true;
24	devices = map (dev: "/dev/disk/by-path/${dev}") [
25	"pci-0000:00:1f.2-ata-1"
26	"pci-0000:00:1f.2-ata-3"
27	"pci-0000:00:1f.2-ata-4"
28	"pci-0000:00:1f.2-ata-5"
29	"pci-0000:00:1f.2-ata-6"
30	"pci-0000:02:00.0-nvme-1"
31	"pci-0000:05:00.0-sas-phy0-lun-0"
32	"pci-0000:05:00.0-sas-phy1-lun-0"
33	"pci-0000:06:00.0-nvme-1"
34	];
35	};
36	snmp = {
37	enable = true;
38	configuration = {
39	default = { auth = { community = "public"; }; version = 2; };
40	};
41	};
42	unbound = {
43	enable = true;
44	controlInterface = "/run/unbound/unbound.ctl";
45	group = config.services.unbound.group;
46	};
47	wireguard.enable = true;
48	};
49
50	scrapeConfigs = [
51	{ job_name = "prometheus";
52	static_configs = [
53	{ targets = ["localhost:${toString config.services.prometheus.port}"]; }
54	];
55	relabel_configs = relabelHosts;
56	}
57	{ job_name = "node";
58	static_configs = [
59	{ targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; }
60	];
61	relabel_configs = relabelHosts;
62	}
63	{ job_name = "smartctl";
64	static_configs = [
65	{ targets = ["localhost:${toString config.services.prometheus.exporters.smartctl.port}"]; }
66	];
67	relabel_configs = relabelHosts;
68	}
69	{ job_name = "snmp";
70	static_configs = [
71	{ targets = ["10.141.1.2"]; }
72	];
73	metrics_path = "/snmp";
74	relabel_configs = [
75	{ source_labels = ["__address__"];
76	target_label = "__param_target";
77	}
78	{ source_labels = ["__param_target"];
79	target_label = "instance";
80	}
81	{ replacement = "localhost:${toString config.services.prometheus.exporters.snmp.port}";
82	target_label = "__address__";
83	}
84	] ++ relabelHosts;
85	}
86	{ job_name = "zte";
87	static_configs = [
88	{ targets = ["localhost:9900"]; }
89	];
90	relabel_configs = [
91	{ replacement = "telekom";
92	target_label = "instance";
93	}
94	];
95	}
96	{ job_name = "unbound";
97	static_configs = [
98	{ targets = ["localhost:${toString config.services.prometheus.exporters.unbound.port}"]; }
99	];
100	relabel_configs = relabelHosts;
101	}
102	{ job_name = "wireguard";
103	static_configs = [
104	{ targets = ["localhost:${toString config.services.prometheus.exporters.wireguard.port}"]; }
105	];
106	relabel_configs = relabelHosts;
107	}
108	{ job_name = "corerad";
109	static_configs = [
110	{ targets = ["localhost:9430"]; }
111	];
112	relabel_configs = relabelHosts;
113	}
114	];
115	};
116	users.users.${config.services.prometheus.exporters.unbound.user} = {
117	description = "Prometheus unbound exporter service user";
118	isSystemUser = true;
119	group = config.services.unbound.group;
120	};
121	systemd.services."prometheus-unbound-exporter".serviceConfig = {
122	DynamicUser = false;
123	};
124
125	systemd.services."prometheus-zte-exporter@10.141.1.3" = {
126	wantedBy = [ "multi-user.target" ];
127	after = [ "network.target" ];
128	serviceConfig = {
129	Restart = "always";
130	PrivateTmp = true;
131	WorkingDirectory = "/tmp";
132	DynamicUser = true;
133	CapabilityBoundingSet = [""];
134	DeviceAllow = [""];
135	LockPersonality = true;
136	MemoryDenyWriteExecute = true;
137	NoNewPrivileges = true;
138	PrivateDevices = true;
139	ProtectClock = true;
140	ProtectControlGroups = true;
141	ProtectHome = true;
142	ProtectHostname = true;
143	ProtectKernelLogs = true;
144	ProtectKernelModules = true;
145	ProtectKernelTunables = true;
146	ProtectSystem = "strict";
147	RemoveIPC = true;
148	RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
149	RestrictNamespaces = true;
150	RestrictRealtime = true;
151	RestrictSUIDSGID = true;
152	SystemCallArchitectures = "native";
153	UMask = "0077";
154
155	Type = "simple";
156	ExecStart = "${pkgs.zte-prometheus-exporter}/bin/zte-prometheus-exporter";
157	Environment = "ZTE_BASEURL=http://%I ZTE_HOSTNAME=localhost ZTE_PORT=9900";
158	EnvironmentFile = config.sops.secrets."zte_10.141.1.3".path;
159	};
160	};
161	sops.secrets."zte_10.141.1.3" = {
162	format = "binary";
163	sopsFile = ./zte_10.141.1.3;
164	};
165	};
166	}