From f2bfb278fbff1d02df0b6a377f3de24881172105 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 8 Apr 2022 22:43:06 +0200 Subject: prometheus --- hosts/surtr/dns/zones/li.yggdrasil.soa | 4 +- hosts/surtr/prometheus/default.nix | 73 ++++++++++++++++++++++++++++++++++ hosts/surtr/prometheus/tls.crt | 10 +++++ hosts/surtr/prometheus/tls.key | 26 ++++++++++++ 4 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 hosts/surtr/prometheus/default.nix create mode 100644 hosts/surtr/prometheus/tls.crt create mode 100644 hosts/surtr/prometheus/tls.key (limited to 'hosts/surtr') diff --git a/hosts/surtr/dns/zones/li.yggdrasil.soa b/hosts/surtr/dns/zones/li.yggdrasil.soa index ff623211..74b7170e 100644 --- a/hosts/surtr/dns/zones/li.yggdrasil.soa +++ b/hosts/surtr/dns/zones/li.yggdrasil.soa @@ -1,7 +1,7 @@ $ORIGIN yggdrasil.li. $TTL 3600 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( - 2022022201 ; serial + 2022040800 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -40,6 +40,8 @@ surtr IN AAAA 2a03:4000:52:ada:: surtr IN MX 0 ymir.yggdrasil.li surtr IN TXT "v=spf1 redirect=yggdrasil.li" +prometheus.surtr IN CNAME surtr.yggdrasil.li. + vidhar IN AAAA 2a03:4000:52:ada:4:1:: vidhar IN MX 0 ymir.yggdrasil.li vidhar IN TXT "v=spf1 redirect=yggdrasil.li" diff --git a/hosts/surtr/prometheus/default.nix b/hosts/surtr/prometheus/default.nix new file mode 100644 index 00000000..3fdfc2aa --- /dev/null +++ b/hosts/surtr/prometheus/default.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + relabelHosts = [ + { source_labels = ["__address__"]; + target_label = "instance"; + regex = "(localhost|127\.[0-9]+\.[0-9]+\.[0-9]+)(:[0-9]+)?"; + replacement = "surtr"; + } + ]; +in { + config = { + services.prometheus = { + enable = true; + + exporters = { + node = { + enable = true; + enabledCollectors = []; + }; + }; + + globalConfig = { + evaluation_interval = "1s"; + + remote_write = { + url = "https://prometheus.vidhar.yggdrasil/api/v1/write"; + name = "vidhar"; + tls_config = { + ca_file = ../../vidhar/prometheus/ca/ca.crt; + cert_file = ./tls.crt; + key_file = "/run/credentials/prometheus.service/tls.key"; + }; + }; + }; + + scrapeConfigs = [ + { job_name = "prometheus"; + static_configs = [ + { targets = ["localhost:${toString config.services.prometheus.port}"]; } + ]; + relabel_configs = relabelHosts; + scrape_interval = "1s"; + } + { job_name = "node"; + static_configs = [ + { targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; } + ]; + relabel_configs = relabelHosts; + scrape_interval = "1s"; + } + ]; + + rules = [ + (generators.toYAML {} { + groups = [ + ]; + }) + ]; + }; + + sops.secrets."prometheus.key" = { + format = "binary"; + sopsFile = ./tls.key; + }; + + systemd.services.prometheus.serviceConfig.LoadCredential = [ + "tls.key:${config.sops.secrets."prometheus.key".path}" + ]; + }; +} diff --git a/hosts/surtr/prometheus/tls.crt b/hosts/surtr/prometheus/tls.crt new file mode 100644 index 00000000..ba958f40 --- /dev/null +++ b/hosts/surtr/prometheus/tls.crt @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBXzCCARGgAwIBAgIBATAFBgMrZXAwHzEdMBsGA1UEAwwUcHJvbWV0aGV1cy55 +Z2dkcmFzaWwwIBcNMjIwNDA4MjAwMzU1WhgPMjA5MDA0MjYyMDAzNTVaMBoxGDAW +BgNVBAMMD3N1cnRyLnlnZ2RyYXNpbDAqMAUGAytlcAMhAAJd8I32X/z9J0cO2Oz+ +4KAoIJq0igdMdbLBA+8WO+vgo3UwczAMBgNVHRMBAf8EAjAAMEQGA1UdEQQ9MDuC +GnByb21ldGhldXMuc3VydHIueWdnZHJhc2lsgh1wcm9tZXRoZXVzLnN1cnRyLnln +Z2RyYXNpbC5saTAdBgNVHQ4EFgQUN52tPcv5FFppzeJx2AiXk6UgPDgwBQYDK2Vw +A0EAPN9zhaeBB2C1TursdARH0jVBz9g0dRhP7sO5ZG0K+xp24paLXiTF1rYub24p +/yZw71p7M0BAE+hJqYBzYo5YBQ== +-----END CERTIFICATE----- diff --git a/hosts/surtr/prometheus/tls.key b/hosts/surtr/prometheus/tls.key new file mode 100644 index 00000000..95e28db2 --- /dev/null +++ b/hosts/surtr/prometheus/tls.key @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:YBbLT5kFi1KKQ4xOvyiJGkwQG/xoxz55/giVg2iY6+0nV+jEp3mF4oFjc14gFg3mIN9x6bLdFVY3DUHT1PrQdjrqIZtX8AVCA8BUIQj6JDY6YMi3/kK6mR9up9o/pxJfu8mQVjWjSx78Ko9aNat8/FltJnq69cA=,iv:PfslzrP5AbTNHpXfh4bz3q6CD9anQyCpmqtZ8ZTEG3k=,tag:eJLb0LIoNwDD1JQ6kUmACA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-04-08T20:09:16Z", + "mac": "ENC[AES256_GCM,data:UW3ngxCjYl2kmOinRNmwNliBg2Xm/5rCrLp39bo7PXksZcuijV800IKuY91PWjkgaIbjD2jlU0ycJNDw3MzxfVim6gz91kUXQgQV+me8AEXAiO6Sf2j08jEtTh1SCr4qqdw0FE5aULDvGRtTgR+hhNk0xbbeG9fPhU95eeLW8vg=,iv:wG54336E4PouNgXhZbW4/onqbecsRrdYzTXSXDft/VI=,tag:BASCu9YNPMPfbScepLDiRQ==,type:str]", + "pgp": [ + { + "created_at": "2022-04-08T20:09:16Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAfzL8SSjlYxe8e5yOipQClJffUgxFnlew+N6VK4UhRGYw\naHaDmOmusuTRoBOX4V4PpRg3gLFRoPPy+q9L4Z+gtX97JK+9UgN1mxYPkB9X5M8K\n0l4BQ9caVjtlmMuKp3EROUYrSjau6Ulkzd43P+BwwQ6jv8T52EtKO8WLVnQEheIV\njOMH4DWaxKYbad7lXphix1oFhVvQQVGEzawceWolKDt/T+QS4spJBFoL7V1ml105\n=Cdh0\n-----END PGP MESSAGE-----\n", + "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" + }, + { + "created_at": "2022-04-08T20:09:16Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdACGP5pn9MiRCa7CJYqosY9Aw4TJx+/9tOsdO5YZn1ZSIw\n/xOMfKjHvT5PlMT9gnk9187MhjR9G/2YcW5ggfyEypo8ei65RkJYzTG2m5Pdneg3\n0l4BzMEQtYAbmZBp9XSkqjacCTpc2y6YV55qcuFudtRfsFFi28JSb5NxZ61AKy0g\nSk/e+IHQvTGahD2akrHBNIPncUOo4GHHzEjADvdDuJNpMkYUgnhEUod2JPYBjFmL\n=JN/O\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.2" + } +} \ No newline at end of file -- cgit v1.2.3