From 7b8d19d10892eddd7cdaa1e9384185a0a6d64dae Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 31 Dec 2021 16:42:08 +0100
Subject: vidhar: prometheus: snmp: ...

---
 hosts/vidhar/prometheus/default.nix | 167 ++++++++++++++++++++++++++++++++++++
 1 file changed, 167 insertions(+)
 create mode 100644 hosts/vidhar/prometheus/default.nix

(limited to 'hosts/vidhar/prometheus/default.nix')

diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix
new file mode 100644
index 00000000..cb7567c9
--- /dev/null
+++ b/hosts/vidhar/prometheus/default.nix
@@ -0,0 +1,167 @@
+{ config, lib, pkgs, ... }:
+let
+  relabelHosts = [
+    { source_labels = ["__address__"];
+      target_label = "instance";
+      regex = "localhost(:[0-9]+)?";
+      replacement = "vidhar";
+    }
+    { source_labels = ["__address__"];
+      target_label = "instance";
+      regex = "10.141.1.2(:[0-9]+)?";
+      replacement = "switch01";
+    }
+  ];
+in {
+  config = {
+    services.prometheus = {
+      enable = true;
+
+      exporters = {
+        node.enable = true;
+        smartctl = {
+          enable = true;
+          devices = map (dev: "/dev/disk/by-path/${dev}") [
+            "pci-0000:00:1f.2-ata-1"
+            "pci-0000:00:1f.2-ata-3"
+            "pci-0000:00:1f.2-ata-4"
+            "pci-0000:00:1f.2-ata-5"
+            "pci-0000:00:1f.2-ata-6"
+            "pci-0000:02:00.0-nvme-1"
+            "pci-0000:05:00.0-sas-phy0-lun-0"
+            "pci-0000:05:00.0-sas-phy1-lun-0"
+            "pci-0000:06:00.0-nvme-1"
+          ];
+        };
+        snmp = {
+          enable = true;
+          configurationPath = ./snmp.yml;
+        };
+        unbound = {
+          enable = true;
+          controlInterface = "/run/unbound/unbound.ctl";
+          group = config.services.unbound.group;
+        };
+        wireguard.enable = true;
+      };
+
+      scrapeConfigs = [
+        { job_name = "prometheus";
+          static_configs = [
+            { targets = ["localhost:${toString config.services.prometheus.port}"]; }
+          ];
+          relabel_configs = relabelHosts;
+        }
+        { job_name = "node";
+          static_configs = [
+            { targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; }
+          ];
+          relabel_configs = relabelHosts;
+        }
+        { job_name = "smartctl";
+          static_configs = [
+            { targets = ["localhost:${toString config.services.prometheus.exporters.smartctl.port}"]; }
+          ];
+          relabel_configs = relabelHosts;
+        }
+        { job_name = "snmp";
+          static_configs = [
+            { targets = ["10.141.1.2"]; }
+          ];
+          metrics_path = "/snmp";
+          params = {
+            module = ["if_mib"];
+          };
+          relabel_configs = [
+            { source_labels = ["__address__"];
+              target_label = "__param_target";
+            }
+            { source_labels = ["__param_target"];
+              target_label = "instance";
+            }
+            { replacement = "localhost:${toString config.services.prometheus.exporters.snmp.port}";
+              target_label = "__address__";
+            }
+          ] ++ relabelHosts;
+        }
+        { job_name = "zte";
+          static_configs = [
+            { targets = ["localhost:9900"]; }
+          ];
+          relabel_configs = [
+            { replacement = "telekom";
+              target_label = "instance";
+            }
+          ];
+        }
+        { job_name = "unbound";
+          static_configs = [
+            { targets = ["localhost:${toString config.services.prometheus.exporters.unbound.port}"]; }
+          ];
+          relabel_configs = relabelHosts;
+        }
+        { job_name = "wireguard";
+          static_configs = [
+            { targets = ["localhost:${toString config.services.prometheus.exporters.wireguard.port}"]; }
+          ];
+          relabel_configs = relabelHosts;
+        }
+        { job_name = "corerad";
+          static_configs = [
+            { targets = ["localhost:9430"]; }
+          ];
+          relabel_configs = relabelHosts;
+        }
+      ];
+    };
+    users.users.${config.services.prometheus.exporters.unbound.user} = {
+      description = "Prometheus unbound exporter service user";
+      isSystemUser = true;
+      group = config.services.unbound.group;
+    };
+    systemd.services."prometheus-unbound-exporter".serviceConfig = {
+      DynamicUser = false;
+    };
+
+    systemd.services."prometheus-zte-exporter@10.141.1.3" = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      serviceConfig = {
+        Restart = "always";
+        PrivateTmp = true;
+        WorkingDirectory = "/tmp";
+        DynamicUser = true;
+        CapabilityBoundingSet = [""];
+        DeviceAllow = [""];
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectSystem = "strict";
+        RemoveIPC = true;
+        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
+        SystemCallArchitectures = "native";
+        UMask = "0077";
+
+        Type = "simple";
+        ExecStart = "${pkgs.zte-prometheus-exporter}/bin/zte-prometheus-exporter";
+        Environment = "ZTE_BASEURL=http://%I ZTE_HOSTNAME=localhost ZTE_PORT=9900";
+        EnvironmentFile = config.sops.secrets."zte_10.141.1.3".path;
+      };
+    };
+    sops.secrets."zte_10.141.1.3" = {
+      format = "binary";
+      sopsFile = ./zte_10.141.1.3;
+    };
+  };
+}
-- 
cgit v1.2.3