From 70b99a56e9dae01397e9692bc6eb5fe23dec15a3 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 31 Dec 2021 16:03:18 +0100 Subject: vidhar: prometheus: ... --- hosts/vidhar/default.nix | 2 +- hosts/vidhar/prometheus.nix | 148 ++++++++++++++++++++++++++++++++++++++++++++ hosts/vidhar/zfs.nix | 6 ++ hosts/vidhar/zte_10.141.1.3 | 26 ++++++++ 4 files changed, 181 insertions(+), 1 deletion(-) create mode 100644 hosts/vidhar/prometheus.nix create mode 100644 hosts/vidhar/zte_10.141.1.3 diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index a2764158..fef43c33 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix @@ -1,7 +1,7 @@ { hostName, flake, config, pkgs, lib, ... }: { imports = with flake.nixosModules.systemProfiles; [ - ./zfs.nix ./network.nix ./samba.nix ./dns.nix + ./zfs.nix ./network.nix ./samba.nix ./dns.nix ./prometheus.nix initrd-all-crypto-modules default-locale openssh rebuild-machines build-server initrd-ssh diff --git a/hosts/vidhar/prometheus.nix b/hosts/vidhar/prometheus.nix new file mode 100644 index 00000000..1eaacd0f --- /dev/null +++ b/hosts/vidhar/prometheus.nix @@ -0,0 +1,148 @@ +{ config, lib, pkgs, ... }: +let + relabelHosts = [ + { source_labels = ["__address__"]; + target_label = "instance"; + regex = "localhost(:[0-9]+)?"; + replacement = "vidhar"; + } + { source_labels = ["__address__"]; + target_label = "instance"; + regex = "10.141.1.2(:[0-9]+)?"; + replacement = "switch01"; + } + ]; +in { + config = { + services.prometheus = { + enable = true; + + exporters = { + node.enable = true; + smartctl = { + enable = true; + devices = [ + "pci-0000:00:1f.2-ata-1" + "pci-0000:00:1f.2-ata-3" + "pci-0000:00:1f.2-ata-4" + "pci-0000:00:1f.2-ata-5" + "pci-0000:00:1f.2-ata-6" + "pci-0000:02:00.0-nvme-1" + "pci-0000:05:00.0-sas-phy0-lun-0" + "pci-0000:05:00.0-sas-phy1-lun-0" + "pci-0000:06:00.0-nvme-1" + ]; + }; + snmp = { + enable = true; + configuration = { + default = { auth = { community = "public"; }; version = "2"; }; + }; + }; + unbound = { + enable = true; + controlInterface = "/run/unbound/unbound.ctl"; + }; + wireguard.enable = true; + }; + + scrapeConfigs = [ + { job_name = "node"; + static_configs = [ + { targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; } + ]; + relabel_configs = relabelHosts; + } + { job_name = "smartctl"; + static_configs = [ + { targets = ["localhost:${toString config.services.prometheus.exporters.smartctl.port}"]; } + ]; + relabel_configs = relabelHosts; + } + { job_name = "snmp"; + static_configs = [ + { targets = ["10.141.1.2"]; } + ]; + metrics_path = "/snmp"; + params = { + module = ["if_mib"]; + }; + relabel_configs = [ + { source_labels = ["__address__"]; + target_label = "__param_target"; + } + { source_labels = ["__param_target"]; + target_label = "instance"; + } + { replacement = "localhost:${toString config.services.prometheus.exporters.snmp.port}"; + target_label = "__address__"; + } + ] ++ relabelHosts; + } + { job_name = "zte"; + static_configs = [ + { targets = ["localhost:9900"]; } + ]; + relabel_configs = [ + { replacement = "telekom"; + target_label = "instance"; + } + ]; + } + { job_name = "unbound"; + static_configs = [ + { targets = ["localhost:${toString config.services.prometheus.exporters.unbound.port}"]; } + ]; + relabel_configs = relabelHosts; + } + { job_name = "wireguard"; + static_configs = [ + { targets = ["localhost:${toString config.services.prometheus.exporters.wireguard.port}"]; } + ]; + relabel_configs = relabelHosts; + } + ]; + }; + + systemd.services."prometheus-zte-exporter@10.141.1.3" = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Restart = "always"; + PrivateTmp = true; + WorkingDirectory = "/tmp"; + DynamicUser = true; + CapabilityBoundingSet = [""]; + DeviceAllow = [""]; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + RemoveIPC = true; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + UMask = "0077"; + + Type = "simple"; + ExecStart = "${pkgs.zte-prometheus-exporter}/bin/zte-prometheus-exporter"; + Environment = "ZTE_BASEURL=%I ZTE_HOSTNAME=localhost ZTE_PORT=9900"; + EnvironmentFile = config.sops.secrets."zte_10.141.1.3".path; + }; + }; + sops.secrets."zte_10.141.1.3" = { + format = "binary"; + sopsFile = ./zte_10.141.1.3; + }; + }; +} diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix index 0797bfcd..38c3a4e8 100644 --- a/hosts/vidhar/zfs.nix +++ b/hosts/vidhar/zfs.nix @@ -76,6 +76,12 @@ in { { device = "ssd-raid1/local/var-lib-samba"; fsType = "zfs"; }; + + "/var/lib/prometheus2" = + { device = "ssd-raid1/local/var-lib-prometheus2"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; "/var/log" = { device = "ssd-raid1/local/var-log"; diff --git a/hosts/vidhar/zte_10.141.1.3 b/hosts/vidhar/zte_10.141.1.3 new file mode 100644 index 00000000..b455ea50 --- /dev/null +++ b/hosts/vidhar/zte_10.141.1.3 @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:nAsn7dhfDr0+V1cJjpqWn/kJQt2zGjlfQKi3n5speroJkL3IvMG/9fsTaXJQZSi2gPlrN8GbxKQ=,iv:9g0V3xRBC+sa/JPP2bUZMfg//VuKT5qI7ua9iU4QRCg=,tag:fzwih9OHUBLmx8dxL4BjGg==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2021-12-31T15:00:33Z", + "mac": "ENC[AES256_GCM,data:sw2NVXHLibbuOChgScLhSTjGZBjSoHpzIuRqfCW0eL3DwhL5CekG6T/oYu06KjNmxVjxwb3OmqECSU0TUvPn9ySOWwMSoBfyJpDoTHnZ+YOjOH351IOAMBNcBDJse7aLGRWW5YXKLDfmp8Dhg2hlMhCmkVwAquQjPhfmAdJfj64=,iv:wgM/BlRU2XJSGj7KvAo1WRamecffUDnFvv2+4twtsQY=,tag:0mXblJtTGMTvxndedws94A==,type:str]", + "pgp": [ + { + "created_at": "2021-12-31T15:00:06Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAn++RT4a1DwWe5FutYxwjV9kCaXPnKYjgNK5T5NQthF4w\nnWprU35P7saYuJqxXfReNxFDahkdju7GyDJPEo1sqtzUdBJilcykTlpno3KgVt5+\n0l4BB0Nab5e9oOx5XdoMLjpQ023qbmOCVdt1/Sny99qFWwCdxubJv1R8nQlCpD/p\nkNnMszzuH+UjYHDap84OQPuD92zbowqljBe3lC9/dHfg3yK+ajRnK3jpZA2V3aBz\n=DY6n\n-----END PGP MESSAGE-----\n", + "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362" + }, + { + "created_at": "2021-12-31T15:00:06Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAU2jZECgVflkSbtQkNYD4aeOHEEahbJUJNmXncqoBt2Ew\na7dVkHlBp1WdUF9UBAbkiUEP364fGttFFUf6xORhWiNnWok8gwkzaFKF1Y/zNEjV\n0l4BpY/GSUIFnD92AW/ymrGGDODnDdoLKiyiptkraZO74Ox/hezHJyNwKX4XJq68\naedJ+Xz6JYfYMafHSEMFQsdhihwESt4eIjGM4y8fNEQ97RuaN82tIbUjkWJASoS2\n=ExBD\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file -- cgit v1.2.3