diff options
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/vidhar/prometheus/default.nix | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix index 6bfa0b49..869b9b18 100644 --- a/hosts/vidhar/prometheus/default.nix +++ b/hosts/vidhar/prometheus/default.nix | |||
| @@ -184,6 +184,13 @@ in { | |||
| 184 | relabel_configs = relabelHosts; | 184 | relabel_configs = relabelHosts; |
| 185 | scrape_interval = "1s"; | 185 | scrape_interval = "1s"; |
| 186 | } | 186 | } |
| 187 | { job_name = "cake"; | ||
| 188 | static_configs = [ | ||
| 189 | { targets = ["localhost:9902"]; } | ||
| 190 | ]; | ||
| 191 | relabel_configs = relabelHosts; | ||
| 192 | scrape_interval = "1s"; | ||
| 193 | } | ||
| 187 | { job_name = "loki"; | 194 | { job_name = "loki"; |
| 188 | static_configs = [ | 195 | static_configs = [ |
| 189 | { targets = ["localhost:9094"]; } | 196 | { targets = ["localhost:9094"]; } |
| @@ -406,6 +413,44 @@ in { | |||
| 406 | }; | 413 | }; |
| 407 | }; | 414 | }; |
| 408 | 415 | ||
| 416 | systemd.services."prometheus-cake-exporter" = { | ||
| 417 | wantedBy = [ "multi-user.target" ]; | ||
| 418 | after = [ "network.target" ]; | ||
| 419 | path = with pkgs; [ iproute2 ]; | ||
| 420 | serviceConfig = { | ||
| 421 | Restart = "always"; | ||
| 422 | |||
| 423 | PrivateTmp = true; | ||
| 424 | WorkingDirectory = "/tmp"; | ||
| 425 | CapabilityBoundingSet = ["CAP_NET_ADMIN"]; | ||
| 426 | DynamicUser = true; | ||
| 427 | DeviceAllow = [""]; | ||
| 428 | LockPersonality = true; | ||
| 429 | MemoryDenyWriteExecute = true; | ||
| 430 | NoNewPrivileges = true; | ||
| 431 | PrivateDevices = true; | ||
| 432 | ProtectClock = true; | ||
| 433 | ProtectControlGroups = true; | ||
| 434 | ProtectHome = true; | ||
| 435 | ProtectHostname = true; | ||
| 436 | ProtectKernelLogs = true; | ||
| 437 | ProtectKernelModules = true; | ||
| 438 | ProtectKernelTunables = true; | ||
| 439 | ProtectSystem = "strict"; | ||
| 440 | RemoveIPC = true; | ||
| 441 | RestrictNamespaces = true; | ||
| 442 | RestrictRealtime = true; | ||
| 443 | RestrictSUIDSGID = true; | ||
| 444 | SystemCallArchitectures = "native"; | ||
| 445 | UMask = "0077"; | ||
| 446 | AmbientCapabilities = [ "CAP_NET_ADMIN" ]; | ||
| 447 | |||
| 448 | Type = "simple"; | ||
| 449 | ExecStart = "${pkgs.cake-prometheus-exporter}/bin/cake-prometheus-exporter"; | ||
| 450 | Environment = "CAKE_HOSTNAME=localhost CAKE_PORT=9902"; | ||
| 451 | }; | ||
| 452 | }; | ||
| 453 | |||
| 409 | services.nginx = { | 454 | services.nginx = { |
| 410 | upstreams.prometheus = { | 455 | upstreams.prometheus = { |
| 411 | servers = { "localhost:${toString config.services.prometheus.port}" = {}; }; | 456 | servers = { "localhost:${toString config.services.prometheus.port}" = {}; }; |