2 files changed, 95 insertions, 0 deletions
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix
index b1d90d47..df135b58 100644
--- a/hosts/vidhar/prometheus/default.nix
+++ b/hosts/vidhar/prometheus/default.nix
@@ -27,6 +27,7 @@ in {
      extraFlags = [
        "--web.enable-remote-write-receiver"
+        "--storage.tsdb.retention.size=35GB"
      ];
      exporters = {
@@ -144,6 +145,17 @@ in {
          ];
          scrape_interval = "15s";
        }
+        { job_name = "zte";
+          static_configs = [
+            { targets = ["localhost:9900"]; }
+          ];
+          relabel_configs = [
+            { replacement = "dsl01";
+              target_label = "instance";
+            }
+          ];
+          scrape_interval = "15s";
+        }
        { job_name = "unbound";
          static_configs = [
            { targets = ["localhost:${toString config.services.prometheus.exporters.unbound.port}"]; }
@@ -287,6 +299,22 @@ in {
                }
              ];
            }
+            { name = "dsl-disconnects";
+              rules = [
+                { record = "dsl_uptime_seconds:resets_per_hour";
+                  expr = "resets(dsl_uptime_seconds[1h])";
+                }
+                { record = "dsl_uptime_seconds:resets_per_day";
+                  expr = "resets(dsl_uptime_seconds[1d])";
+                }
+                { record = "dsl_uptime_seconds:resets_per_week";
+                  expr = "resets(dsl_uptime_seconds[1w])";
+                }
+                { record = "dsl_uptime_seconds:avg_resets_per_day";
+                  expr = "avg_over_time(dsl_uptime_seconds:resets_per_day[1w])";
+                }
+              ];
+            }
          ];
        })
      ];
@@ -424,6 +452,47 @@ in {
      };
    };
+    systemd.services."prometheus-zte-exporter@dsl01.mgmt.yggdrasil" = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      serviceConfig = {
+        Restart = "always";
+        PrivateTmp = true;
+        WorkingDirectory = "/tmp";
+        DynamicUser = true;
+        CapabilityBoundingSet = [""];
+        DeviceAllow = [""];
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectSystem = "strict";
+        RemoveIPC = true;
+        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
+        SystemCallArchitectures = "native";
+        UMask = "0077";
+        Type = "simple";
+        ExecStart = "${pkgs.zte-prometheus-exporter}/bin/zte-prometheus-exporter";
+        Environment = "ZTE_BASEURL=http://10.141.1.3 ZTE_HOSTNAME=localhost ZTE_PORT=9900";
+        EnvironmentFile = config.sops.secrets."zte_dsl01.mgmt.yggdrasil".path;
+      };
+    };
+    sops.secrets."zte_dsl01.mgmt.yggdrasil" = {
+      format = "binary";
+      sopsFile = ./zte_dsl01.mgmt.yggdrasil;
+    };
    services.nginx = {
      upstreams.prometheus = {
        servers = { "localhost:${toString config.services.prometheus.port}" = {}; };
diff --git a/hosts/vidhar/prometheus/zte_dsl01.mgmt.yggdrasil b/hosts/vidhar/prometheus/zte_dsl01.mgmt.yggdrasil
new file mode 100644
index 00000000..1c9c1fe0
--- /dev/null
+++ b/hosts/vidhar/prometheus/zte_dsl01.mgmt.yggdrasil
@@ -0,0 +1,26 @@
+{
+        "data": "ENC[AES256_GCM,data:nAsn7dhfDr0+V1cJjpqWn/kJQt2zGjlfQKi3n5speroJkL3IvMG/9fsTaXJQZSi2gPlrN8GbxKQ=,iv:9g0V3xRBC+sa/JPP2bUZMfg//VuKT5qI7ua9iU4QRCg=,tag:fzwih9OHUBLmx8dxL4BjGg==,type:str]",
+        "sops": {
+                "kms": null,
+                "gcp_kms": null,
+                "azure_kv": null,
+                "hc_vault": null,
+                "age": [
+                        {
+                                "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
+                                "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaEE3bUFBY0xKSDUrVnc2\nbFpjSkNOSm56amJTNjdXcTljdDNRREhITm1NCjZrOUEwNFpxN2FmTVV5T2xCbENk\nMEFmVzlPZ29CTlJ4dVNCRUsyRFFseXcKLS0tIEhscVZ4VUVsaG9OUnBIRFE4WXA2\ncGFnbWpNMlNIQzFLc1Ryc1Z3NUl1bVUKi9zYBlF2vslGKu4GP368ApbvuxjZnQpF\nuOujXSNoEps21wY6xUENm+CbYbgaJjSgmb5c1IjAmnubVI4JVY9OyQ==\n-----END AGE ENCRYPTED FILE-----\n"
+                        }
+                ],
+                "lastmodified": "2021-12-31T15:00:33Z",
+                "mac": "ENC[AES256_GCM,data:sw2NVXHLibbuOChgScLhSTjGZBjSoHpzIuRqfCW0eL3DwhL5CekG6T/oYu06KjNmxVjxwb3OmqECSU0TUvPn9ySOWwMSoBfyJpDoTHnZ+YOjOH351IOAMBNcBDJse7aLGRWW5YXKLDfmp8Dhg2hlMhCmkVwAquQjPhfmAdJfj64=,iv:wgM/BlRU2XJSGj7KvAo1WRamecffUDnFvv2+4twtsQY=,tag:0mXblJtTGMTvxndedws94A==,type:str]",
+                "pgp": [
+                        {
+                                "created_at": "2023-01-30T10:58:49Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAcwl1Blp3J5wgpRJKbYI1G1yEZrRYeYuoDtYUh3ToMAQw\nd92/bIJJR5Ml91eDym9uBN0fFRRy72r6FOx4qZT7S4DhmuA84qCbASjF8bKSclc0\n0l4BBXvDS5Dz1Q7iYc+LxZjHASV1v73A+MaeCFvG/pjmHzF0z0EzBiAJD4ZWGcP0\nX2dDbjl+n9VFrvmeLRxQNh4XZW43iTXdRjwHDgm16zhd9X6VOVhr5UkC4Nyjq2Ar\n=4ZEa\n-----END PGP MESSAGE-----\n",
+                                "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+                        }
+                ],
+                "unencrypted_suffix": "_unencrypted",
+                "version": "3.7.1"
+        }
+}
+\ No newline at end of file

diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix index b1d90d47..df135b58 100644 --- a/hosts/vidhar/prometheus/default.nix +++ b/hosts/vidhar/prometheus/default.nix
@@ -27,6 +27,7 @@ in {
27		27
28	extraFlags = [	28	extraFlags = [
29	"--web.enable-remote-write-receiver"	29	"--web.enable-remote-write-receiver"
		30	"--storage.tsdb.retention.size=35GB"
30	];	31	];
31		32
32	exporters = {	33	exporters = {
@@ -144,6 +145,17 @@ in {
144	];	145	];
145	scrape_interval = "15s";	146	scrape_interval = "15s";
146	}	147	}
		148	{ job_name = "zte";
		149	static_configs = [
		150	{ targets = ["localhost:9900"]; }
		151	];
		152	relabel_configs = [
		153	{ replacement = "dsl01";
		154	target_label = "instance";
		155	}
		156	];
		157	scrape_interval = "15s";
		158	}
147	{ job_name = "unbound";	159	{ job_name = "unbound";
148	static_configs = [	160	static_configs = [
149	{ targets = ["localhost:${toString config.services.prometheus.exporters.unbound.port}"]; }	161	{ targets = ["localhost:${toString config.services.prometheus.exporters.unbound.port}"]; }
@@ -287,6 +299,22 @@ in {
287	}	299	}
288	];	300	];
289	}	301	}
		302	{ name = "dsl-disconnects";
		303	rules = [
		304	{ record = "dsl_uptime_seconds:resets_per_hour";
		305	expr = "resets(dsl_uptime_seconds[1h])";
		306	}
		307	{ record = "dsl_uptime_seconds:resets_per_day";
		308	expr = "resets(dsl_uptime_seconds[1d])";
		309	}
		310	{ record = "dsl_uptime_seconds:resets_per_week";
		311	expr = "resets(dsl_uptime_seconds[1w])";
		312	}
		313	{ record = "dsl_uptime_seconds:avg_resets_per_day";
		314	expr = "avg_over_time(dsl_uptime_seconds:resets_per_day[1w])";
		315	}
		316	];
		317	}
290	];	318	];
291	})	319	})
292	];	320	];
@@ -424,6 +452,47 @@ in {
424	};	452	};
425	};	453	};
426		454
		455	systemd.services."prometheus-zte-exporter@dsl01.mgmt.yggdrasil" = {
		456	wantedBy = [ "multi-user.target" ];
		457	after = [ "network.target" ];
		458	serviceConfig = {
		459	Restart = "always";
		460	PrivateTmp = true;
		461	WorkingDirectory = "/tmp";
		462	DynamicUser = true;
		463	CapabilityBoundingSet = [""];
		464	DeviceAllow = [""];
		465	LockPersonality = true;
		466	MemoryDenyWriteExecute = true;
		467	NoNewPrivileges = true;
		468	PrivateDevices = true;
		469	ProtectClock = true;
		470	ProtectControlGroups = true;
		471	ProtectHome = true;
		472	ProtectHostname = true;
		473	ProtectKernelLogs = true;
		474	ProtectKernelModules = true;
		475	ProtectKernelTunables = true;
		476	ProtectSystem = "strict";
		477	RemoveIPC = true;
		478	RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
		479	RestrictNamespaces = true;
		480	RestrictRealtime = true;
		481	RestrictSUIDSGID = true;
		482	SystemCallArchitectures = "native";
		483	UMask = "0077";
		484
		485	Type = "simple";
		486	ExecStart = "${pkgs.zte-prometheus-exporter}/bin/zte-prometheus-exporter";
		487	Environment = "ZTE_BASEURL=http://10.141.1.3 ZTE_HOSTNAME=localhost ZTE_PORT=9900";
		488	EnvironmentFile = config.sops.secrets."zte_dsl01.mgmt.yggdrasil".path;
		489	};
		490	};
		491	sops.secrets."zte_dsl01.mgmt.yggdrasil" = {
		492	format = "binary";
		493	sopsFile = ./zte_dsl01.mgmt.yggdrasil;
		494	};
		495
427	services.nginx = {	496	services.nginx = {
428	upstreams.prometheus = {	497	upstreams.prometheus = {
429	servers = { "localhost:${toString config.services.prometheus.port}" = {}; };	498	servers = { "localhost:${toString config.services.prometheus.port}" = {}; };


diff --git a/hosts/vidhar/prometheus/zte_dsl01.mgmt.yggdrasil b/hosts/vidhar/prometheus/zte_dsl01.mgmt.yggdrasil new file mode 100644 index 00000000..1c9c1fe0 --- /dev/null +++ b/hosts/vidhar/prometheus/zte_dsl01.mgmt.yggdrasil
@@ -0,0 +1,26 @@
		1	{
		2	"data": "ENC[AES256_GCM,data:nAsn7dhfDr0+V1cJjpqWn/kJQt2zGjlfQKi3n5speroJkL3IvMG/9fsTaXJQZSi2gPlrN8GbxKQ=,iv:9g0V3xRBC+sa/JPP2bUZMfg//VuKT5qI7ua9iU4QRCg=,tag:fzwih9OHUBLmx8dxL4BjGg==,type:str]",
		3	"sops": {
		4	"kms": null,
		5	"gcp_kms": null,
		6	"azure_kv": null,
		7	"hc_vault": null,
		8	"age": [
		9	{
		10	"recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
		11	"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaEE3bUFBY0xKSDUrVnc2\nbFpjSkNOSm56amJTNjdXcTljdDNRREhITm1NCjZrOUEwNFpxN2FmTVV5T2xCbENk\nMEFmVzlPZ29CTlJ4dVNCRUsyRFFseXcKLS0tIEhscVZ4VUVsaG9OUnBIRFE4WXA2\ncGFnbWpNMlNIQzFLc1Ryc1Z3NUl1bVUKi9zYBlF2vslGKu4GP368ApbvuxjZnQpF\nuOujXSNoEps21wY6xUENm+CbYbgaJjSgmb5c1IjAmnubVI4JVY9OyQ==\n-----END AGE ENCRYPTED FILE-----\n"
		12	}
		13	],
		14	"lastmodified": "2021-12-31T15:00:33Z",
		15	"mac": "ENC[AES256_GCM,data:sw2NVXHLibbuOChgScLhSTjGZBjSoHpzIuRqfCW0eL3DwhL5CekG6T/oYu06KjNmxVjxwb3OmqECSU0TUvPn9ySOWwMSoBfyJpDoTHnZ+YOjOH351IOAMBNcBDJse7aLGRWW5YXKLDfmp8Dhg2hlMhCmkVwAquQjPhfmAdJfj64=,iv:wgM/BlRU2XJSGj7KvAo1WRamecffUDnFvv2+4twtsQY=,tag:0mXblJtTGMTvxndedws94A==,type:str]",
		16	"pgp": [
		17	{
		18	"created_at": "2023-01-30T10:58:49Z",
		19	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAcwl1Blp3J5wgpRJKbYI1G1yEZrRYeYuoDtYUh3ToMAQw\nd92/bIJJR5Ml91eDym9uBN0fFRRy72r6FOx4qZT7S4DhmuA84qCbASjF8bKSclc0\n0l4BBXvDS5Dz1Q7iYc+LxZjHASV1v73A+MaeCFvG/pjmHzF0z0EzBiAJD4ZWGcP0\nX2dDbjl+n9VFrvmeLRxQNh4XZW43iTXdRjwHDgm16zhd9X6VOVhr5UkC4Nyjq2Ar\n=4ZEa\n-----END PGP MESSAGE-----\n",
		20	"fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
		21	}
		22	],
		23	"unencrypted_suffix": "_unencrypted",
		24	"version": "3.7.1"
		25	}
		26	} \ No newline at end of file