From f2bfb278fbff1d02df0b6a377f3de24881172105 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 8 Apr 2022 22:43:06 +0200 Subject: prometheus --- hosts/surtr/prometheus/default.nix | 73 ++++++++++++++++++++++++++++++++++++++ hosts/surtr/prometheus/tls.crt | 10 ++++++ hosts/surtr/prometheus/tls.key | 26 ++++++++++++++ 3 files changed, 109 insertions(+) create mode 100644 hosts/surtr/prometheus/default.nix create mode 100644 hosts/surtr/prometheus/tls.crt create mode 100644 hosts/surtr/prometheus/tls.key (limited to 'hosts/surtr/prometheus') diff --git a/hosts/surtr/prometheus/default.nix b/hosts/surtr/prometheus/default.nix new file mode 100644 index 00000000..3fdfc2aa --- /dev/null +++ b/hosts/surtr/prometheus/default.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + relabelHosts = [ + { source_labels = ["__address__"]; + target_label = "instance"; + regex = "(localhost|127\.[0-9]+\.[0-9]+\.[0-9]+)(:[0-9]+)?"; + replacement = "surtr"; + } + ]; +in { + config = { + services.prometheus = { + enable = true; + + exporters = { + node = { + enable = true; + enabledCollectors = []; + }; + }; + + globalConfig = { + evaluation_interval = "1s"; + + remote_write = { + url = "https://prometheus.vidhar.yggdrasil/api/v1/write"; + name = "vidhar"; + tls_config = { + ca_file = ../../vidhar/prometheus/ca/ca.crt; + cert_file = ./tls.crt; + key_file = "/run/credentials/prometheus.service/tls.key"; + }; + }; + }; + + scrapeConfigs = [ + { job_name = "prometheus"; + static_configs = [ + { targets = ["localhost:${toString config.services.prometheus.port}"]; } + ]; + relabel_configs = relabelHosts; + scrape_interval = "1s"; + } + { job_name = "node"; + static_configs = [ + { targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; } + ]; + relabel_configs = relabelHosts; + scrape_interval = "1s"; + } + ]; + + rules = [ + (generators.toYAML {} { + groups = [ + ]; + }) + ]; + }; + + sops.secrets."prometheus.key" = { + format = "binary"; + sopsFile = ./tls.key; + }; + + systemd.services.prometheus.serviceConfig.LoadCredential = [ + "tls.key:${config.sops.secrets."prometheus.key".path}" + ]; + }; +} diff --git a/hosts/surtr/prometheus/tls.crt b/hosts/surtr/prometheus/tls.crt new file mode 100644 index 00000000..ba958f40 --- /dev/null +++ b/hosts/surtr/prometheus/tls.crt @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBXzCCARGgAwIBAgIBATAFBgMrZXAwHzEdMBsGA1UEAwwUcHJvbWV0aGV1cy55 +Z2dkcmFzaWwwIBcNMjIwNDA4MjAwMzU1WhgPMjA5MDA0MjYyMDAzNTVaMBoxGDAW +BgNVBAMMD3N1cnRyLnlnZ2RyYXNpbDAqMAUGAytlcAMhAAJd8I32X/z9J0cO2Oz+ +4KAoIJq0igdMdbLBA+8WO+vgo3UwczAMBgNVHRMBAf8EAjAAMEQGA1UdEQQ9MDuC +GnByb21ldGhldXMuc3VydHIueWdnZHJhc2lsgh1wcm9tZXRoZXVzLnN1cnRyLnln +Z2RyYXNpbC5saTAdBgNVHQ4EFgQUN52tPcv5FFppzeJx2AiXk6UgPDgwBQYDK2Vw +A0EAPN9zhaeBB2C1TursdARH0jVBz9g0dRhP7sO5ZG0K+xp24paLXiTF1rYub24p +/yZw71p7M0BAE+hJqYBzYo5YBQ== +-----END CERTIFICATE----- diff --git a/hosts/surtr/prometheus/tls.key b/hosts/surtr/prometheus/tls.key new file mode 100644 index 00000000..95e28db2 --- /dev/null +++ b/hosts/surtr/prometheus/tls.key @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:YBbLT5kFi1KKQ4xOvyiJGkwQG/xoxz55/giVg2iY6+0nV+jEp3mF4oFjc14gFg3mIN9x6bLdFVY3DUHT1PrQdjrqIZtX8AVCA8BUIQj6JDY6YMi3/kK6mR9up9o/pxJfu8mQVjWjSx78Ko9aNat8/FltJnq69cA=,iv:PfslzrP5AbTNHpXfh4bz3q6CD9anQyCpmqtZ8ZTEG3k=,tag:eJLb0LIoNwDD1JQ6kUmACA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-04-08T20:09:16Z", + "mac": "ENC[AES256_GCM,data:UW3ngxCjYl2kmOinRNmwNliBg2Xm/5rCrLp39bo7PXksZcuijV800IKuY91PWjkgaIbjD2jlU0ycJNDw3MzxfVim6gz91kUXQgQV+me8AEXAiO6Sf2j08jEtTh1SCr4qqdw0FE5aULDvGRtTgR+hhNk0xbbeG9fPhU95eeLW8vg=,iv:wG54336E4PouNgXhZbW4/onqbecsRrdYzTXSXDft/VI=,tag:BASCu9YNPMPfbScepLDiRQ==,type:str]", + "pgp": [ + { + "created_at": "2022-04-08T20:09:16Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAfzL8SSjlYxe8e5yOipQClJffUgxFnlew+N6VK4UhRGYw\naHaDmOmusuTRoBOX4V4PpRg3gLFRoPPy+q9L4Z+gtX97JK+9UgN1mxYPkB9X5M8K\n0l4BQ9caVjtlmMuKp3EROUYrSjau6Ulkzd43P+BwwQ6jv8T52EtKO8WLVnQEheIV\njOMH4DWaxKYbad7lXphix1oFhVvQQVGEzawceWolKDt/T+QS4spJBFoL7V1ml105\n=Cdh0\n-----END PGP MESSAGE-----\n", + "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" + }, + { + "created_at": "2022-04-08T20:09:16Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdACGP5pn9MiRCa7CJYqosY9Aw4TJx+/9tOsdO5YZn1ZSIw\n/xOMfKjHvT5PlMT9gnk9187MhjR9G/2YcW5ggfyEypo8ei65RkJYzTG2m5Pdneg3\n0l4BzMEQtYAbmZBp9XSkqjacCTpc2y6YV55qcuFudtRfsFFi28JSb5NxZ61AKy0g\nSk/e+IHQvTGahD2akrHBNIPncUOo4GHHzEjADvdDuJNpMkYUgnhEUod2JPYBjFmL\n=JN/O\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.2" + } +} \ No newline at end of file -- cgit v1.2.3