1 files changed, 93 insertions, 3 deletions
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix
index d368ad52..4a5fa3c8 100644
--- a/hosts/vidhar/prometheus/default.nix
+++ b/hosts/vidhar/prometheus/default.nix
@@ -26,7 +26,8 @@ in {
      enable = true;
      extraFlags = [
-        "--enable-feature=remote-write-receiver"
+        "--web.enable-remote-write-receiver"
+        "--storage.tsdb.retention.size=35GB"
      ];
      exporters = {
@@ -36,7 +37,7 @@ in {
        };
        snmp = {
          enable = true;
-          configurationPath = ./snmp.yml;
+          configurationPath = pkgs.copyPathToStore "${pkgs.prometheus-snmp-exporter.src}/snmp.yml";
        };
        unbound = {
          enable = true;
@@ -63,7 +64,7 @@ in {
        systemd = {
          enable = true;
          extraFlags = [
-            "--systemd.collector.unit-include=(dhcpcd-.*|pppd-telekom|corerad|ndppd)\.service"
+            "--systemd.collector.unit-include=(dhcpcd|pppd-telekom|radvd|ndppd)\.service"
            "--systemd.collector.enable-restart-count"
            "--systemd.collector.enable-ip-accounting"
          ];
@@ -131,6 +132,7 @@ in {
          ];
          metrics_path = "/snmp";
          params = {
+            auth = ["public_v2"];
            module = ["if_mib"];
          };
          relabel_configs = [
@@ -144,6 +146,24 @@ in {
          ];
          scrape_interval = "15s";
        }
+        { job_name = "snmp_exporter";
+          static_configs = [
+            { targets = ["localhost:${toString config.services.prometheus.exporters.snmp.port}"]; }
+          ];
+          relabel_configs = relabelHosts;
+          scrape_interval = "1s";
+        }
+        { job_name = "zte";
+          static_configs = [
+            { targets = ["localhost:9900"]; }
+          ];
+          relabel_configs = [
+            { replacement = "dsl01";
+              target_label = "instance";
+            }
+          ];
+          scrape_interval = "10s";
+        }
        { job_name = "unbound";
          static_configs = [
            { targets = ["localhost:${toString config.services.prometheus.exporters.unbound.port}"]; }
@@ -287,6 +307,22 @@ in {
                }
              ];
            }
+            { name = "dsl-disconnects";
+              rules = [
+                { record = "dsl_uptime_seconds:resets_per_hour";
+                  expr = "resets(dsl_uptime_seconds[1h])";
+                }
+                { record = "dsl_uptime_seconds:resets_per_day";
+                  expr = "resets(dsl_uptime_seconds[1d])";
+                }
+                { record = "dsl_uptime_seconds:resets_per_week";
+                  expr = "resets(dsl_uptime_seconds[1w])";
+                }
+                { record = "dsl_uptime_seconds:avg_resets_per_day";
+                  expr = "avg_over_time(dsl_uptime_seconds:resets_per_day[1w])";
+                }
+              ];
+            }
          ];
        })
      ];
@@ -424,6 +460,60 @@ in {
      };
    };
+    systemd.services."prometheus-zte-exporter@dsl01.mgmt.yggdrasil" = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      serviceConfig = {
+        Restart = "always";
+        PrivateTmp = true;
+        WorkingDirectory = "/tmp";
+        DynamicUser = true;
+        CapabilityBoundingSet = [""];
+        DeviceAllow = [""];
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectSystem = "strict";
+        RemoveIPC = true;
+        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
+        SystemCallArchitectures = "native";
+        UMask = "0077";
+        Type = "simple";
+        ExecStart = "${pkgs.zte-prometheus-exporter}/bin/zte-prometheus-exporter";
+        Environment = "ZTE_BASEURL=http://10.141.1.3 ZTE_HOSTNAME=localhost ZTE_PORT=9900";
+        EnvironmentFile = config.sops.secrets."zte_dsl01.mgmt.yggdrasil".path;
+      };
+    };
+    sops.secrets."zte_dsl01.mgmt.yggdrasil" = {
+      format = "binary";
+      sopsFile = ./zte_dsl01.mgmt.yggdrasil;
+    };
+    services.corerad = {
+      enable = true;
+      settings = {
+        interfaces = [
+          { name = "ppp"; monitor = true; }
+        ];
+        debug = {
+          address = "localhost:9430";
+          prometheus = true;
+        };
+      };
+    };
    services.nginx = {
      upstreams.prometheus = {
        servers = { "localhost:${toString config.services.prometheus.port}" = {}; };

diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix index d368ad52..4a5fa3c8 100644 --- a/hosts/vidhar/prometheus/default.nix +++ b/hosts/vidhar/prometheus/default.nix
@@ -26,7 +26,8 @@ in {
26	enable = true;	26	enable = true;
27		27
28	extraFlags = [	28	extraFlags = [
29	"--enable-feature=remote-write-receiver"	29	"--web.enable-remote-write-receiver"
		30	"--storage.tsdb.retention.size=35GB"
30	];	31	];
31		32
32	exporters = {	33	exporters = {
@@ -36,7 +37,7 @@ in {
36	};	37	};
37	snmp = {	38	snmp = {
38	enable = true;	39	enable = true;
39	configurationPath = ./snmp.yml;	40	configurationPath = pkgs.copyPathToStore "${pkgs.prometheus-snmp-exporter.src}/snmp.yml";
40	};	41	};
41	unbound = {	42	unbound = {
42	enable = true;	43	enable = true;
@@ -63,7 +64,7 @@ in {
63	systemd = {	64	systemd = {
64	enable = true;	65	enable = true;
65	extraFlags = [	66	extraFlags = [
66	"--systemd.collector.unit-include=(dhcpcd-.*\|pppd-telekom\|corerad\|ndppd)\.service"	67	"--systemd.collector.unit-include=(dhcpcd\|pppd-telekom\|radvd\|ndppd)\.service"
67	"--systemd.collector.enable-restart-count"	68	"--systemd.collector.enable-restart-count"
68	"--systemd.collector.enable-ip-accounting"	69	"--systemd.collector.enable-ip-accounting"
69	];	70	];
@@ -131,6 +132,7 @@ in {
131	];	132	];
132	metrics_path = "/snmp";	133	metrics_path = "/snmp";
133	params = {	134	params = {
		135	auth = ["public_v2"];
134	module = ["if_mib"];	136	module = ["if_mib"];
135	};	137	};
136	relabel_configs = [	138	relabel_configs = [
@@ -144,6 +146,24 @@ in {
144	];	146	];
145	scrape_interval = "15s";	147	scrape_interval = "15s";
146	}	148	}
		149	{ job_name = "snmp_exporter";
		150	static_configs = [
		151	{ targets = ["localhost:${toString config.services.prometheus.exporters.snmp.port}"]; }
		152	];
		153	relabel_configs = relabelHosts;
		154	scrape_interval = "1s";
		155	}
		156	{ job_name = "zte";
		157	static_configs = [
		158	{ targets = ["localhost:9900"]; }
		159	];
		160	relabel_configs = [
		161	{ replacement = "dsl01";
		162	target_label = "instance";
		163	}
		164	];
		165	scrape_interval = "10s";
		166	}
147	{ job_name = "unbound";	167	{ job_name = "unbound";
148	static_configs = [	168	static_configs = [
149	{ targets = ["localhost:${toString config.services.prometheus.exporters.unbound.port}"]; }	169	{ targets = ["localhost:${toString config.services.prometheus.exporters.unbound.port}"]; }
@@ -287,6 +307,22 @@ in {
287	}	307	}
288	];	308	];
289	}	309	}
		310	{ name = "dsl-disconnects";
		311	rules = [
		312	{ record = "dsl_uptime_seconds:resets_per_hour";
		313	expr = "resets(dsl_uptime_seconds[1h])";
		314	}
		315	{ record = "dsl_uptime_seconds:resets_per_day";
		316	expr = "resets(dsl_uptime_seconds[1d])";
		317	}
		318	{ record = "dsl_uptime_seconds:resets_per_week";
		319	expr = "resets(dsl_uptime_seconds[1w])";
		320	}
		321	{ record = "dsl_uptime_seconds:avg_resets_per_day";
		322	expr = "avg_over_time(dsl_uptime_seconds:resets_per_day[1w])";
		323	}
		324	];
		325	}
290	];	326	];
291	})	327	})
292	];	328	];
@@ -424,6 +460,60 @@ in {
424	};	460	};
425	};	461	};
426		462
		463	systemd.services."prometheus-zte-exporter@dsl01.mgmt.yggdrasil" = {
		464	wantedBy = [ "multi-user.target" ];
		465	after = [ "network.target" ];
		466	serviceConfig = {
		467	Restart = "always";
		468	PrivateTmp = true;
		469	WorkingDirectory = "/tmp";
		470	DynamicUser = true;
		471	CapabilityBoundingSet = [""];
		472	DeviceAllow = [""];
		473	LockPersonality = true;
		474	MemoryDenyWriteExecute = true;
		475	NoNewPrivileges = true;
		476	PrivateDevices = true;
		477	ProtectClock = true;
		478	ProtectControlGroups = true;
		479	ProtectHome = true;
		480	ProtectHostname = true;
		481	ProtectKernelLogs = true;
		482	ProtectKernelModules = true;
		483	ProtectKernelTunables = true;
		484	ProtectSystem = "strict";
		485	RemoveIPC = true;
		486	RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
		487	RestrictNamespaces = true;
		488	RestrictRealtime = true;
		489	RestrictSUIDSGID = true;
		490	SystemCallArchitectures = "native";
		491	UMask = "0077";
		492
		493	Type = "simple";
		494	ExecStart = "${pkgs.zte-prometheus-exporter}/bin/zte-prometheus-exporter";
		495	Environment = "ZTE_BASEURL=http://10.141.1.3 ZTE_HOSTNAME=localhost ZTE_PORT=9900";
		496	EnvironmentFile = config.sops.secrets."zte_dsl01.mgmt.yggdrasil".path;
		497	};
		498	};
		499	sops.secrets."zte_dsl01.mgmt.yggdrasil" = {
		500	format = "binary";
		501	sopsFile = ./zte_dsl01.mgmt.yggdrasil;
		502	};
		503
		504	services.corerad = {
		505	enable = true;
		506	settings = {
		507	interfaces = [
		508	{ name = "ppp"; monitor = true; }
		509	];
		510	debug = {
		511	address = "localhost:9430";
		512	prometheus = true;
		513	};
		514	};
		515	};
		516
427	services.nginx = {	517	services.nginx = {
428	upstreams.prometheus = {	518	upstreams.prometheus = {
429	servers = { "localhost:${toString config.services.prometheus.port}" = {}; };	519	servers = { "localhost:${toString config.services.prometheus.port}" = {}; };