diff options
Diffstat (limited to 'hosts/vidhar/prometheus/default.nix')
| -rw-r--r-- | hosts/vidhar/prometheus/default.nix | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix index 094f9f7a..005af680 100644 --- a/hosts/vidhar/prometheus/default.nix +++ b/hosts/vidhar/prometheus/default.nix | |||
| @@ -145,6 +145,17 @@ in { | |||
| 145 | ]; | 145 | ]; |
| 146 | scrape_interval = "15s"; | 146 | scrape_interval = "15s"; |
| 147 | } | 147 | } |
| 148 | { job_name = "zte"; | ||
| 149 | static_configs = [ | ||
| 150 | { targets = ["localhost:9900"]; } | ||
| 151 | ]; | ||
| 152 | relabel_configs = [ | ||
| 153 | { replacement = "dsl01"; | ||
| 154 | target_label = "instance"; | ||
| 155 | } | ||
| 156 | ]; | ||
| 157 | scrape_interval = "15s"; | ||
| 158 | } | ||
| 148 | { job_name = "unbound"; | 159 | { job_name = "unbound"; |
| 149 | static_configs = [ | 160 | static_configs = [ |
| 150 | { targets = ["localhost:${toString config.services.prometheus.exporters.unbound.port}"]; } | 161 | { targets = ["localhost:${toString config.services.prometheus.exporters.unbound.port}"]; } |
| @@ -425,6 +436,47 @@ in { | |||
| 425 | }; | 436 | }; |
| 426 | }; | 437 | }; |
| 427 | 438 | ||
| 439 | systemd.services."prometheus-zte-exporter@dsl01.mgmt.yggdrasil" = { | ||
| 440 | wantedBy = [ "multi-user.target" ]; | ||
| 441 | after = [ "network.target" ]; | ||
| 442 | serviceConfig = { | ||
| 443 | Restart = "always"; | ||
| 444 | PrivateTmp = true; | ||
| 445 | WorkingDirectory = "/tmp"; | ||
| 446 | DynamicUser = true; | ||
| 447 | CapabilityBoundingSet = [""]; | ||
| 448 | DeviceAllow = [""]; | ||
| 449 | LockPersonality = true; | ||
| 450 | MemoryDenyWriteExecute = true; | ||
| 451 | NoNewPrivileges = true; | ||
| 452 | PrivateDevices = true; | ||
| 453 | ProtectClock = true; | ||
| 454 | ProtectControlGroups = true; | ||
| 455 | ProtectHome = true; | ||
| 456 | ProtectHostname = true; | ||
| 457 | ProtectKernelLogs = true; | ||
| 458 | ProtectKernelModules = true; | ||
| 459 | ProtectKernelTunables = true; | ||
| 460 | ProtectSystem = "strict"; | ||
| 461 | RemoveIPC = true; | ||
| 462 | RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; | ||
| 463 | RestrictNamespaces = true; | ||
| 464 | RestrictRealtime = true; | ||
| 465 | RestrictSUIDSGID = true; | ||
| 466 | SystemCallArchitectures = "native"; | ||
| 467 | UMask = "0077"; | ||
| 468 | |||
| 469 | Type = "simple"; | ||
| 470 | ExecStart = "${pkgs.zte-prometheus-exporter}/bin/zte-prometheus-exporter"; | ||
| 471 | Environment = "ZTE_BASEURL=http://%I ZTE_HOSTNAME=localhost ZTE_PORT=9900"; | ||
| 472 | EnvironmentFile = config.sops.secrets."zte_dsl01.mgmt.yggdrasil".path; | ||
| 473 | }; | ||
| 474 | }; | ||
| 475 | sops.secrets."zte_dsl01.mgmt.yggdrasil" = { | ||
| 476 | format = "binary"; | ||
| 477 | sopsFile = ./zte_dsl01.mgmt.yggdrasil; | ||
| 478 | }; | ||
| 479 | |||
| 428 | services.nginx = { | 480 | services.nginx = { |
| 429 | upstreams.prometheus = { | 481 | upstreams.prometheus = { |
| 430 | servers = { "localhost:${toString config.services.prometheus.port}" = {}; }; | 482 | servers = { "localhost:${toString config.services.prometheus.port}" = {}; }; |