motiejus/config
1
Fork 0
Code Packages Releases Activity

node_exporter on hel1-a

Browse Source
This commit is contained in:
Motiejus Jakštys 2023-08-06 00:47:32 +03:00
parent e1581adf18
commit c8525b4e6b
4 changed files with 58 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hosts/hel1-a/configuration.nix
View File

@ -69,6 +69,10 @@ in {
}; };
services = { services = {
friendlyport.vpn.ports = [
myData.ports.exporters.node
];
deployerbot = { deployerbot = {
follower = { follower = {
enable = true; enable = true;
@ -120,6 +124,12 @@ in {
services = { services = {
tailscale.enable = true; tailscale.enable = true;
prometheus.exporters.node = {
enable = true;
enabledCollectors = ["systemd" "processes"];
port = myData.ports.exporters.node;
};
nsd = { nsd = {
enable = true; enable = true;
interfaces = ["0.0.0.0" "::"]; interfaces = ["0.0.0.0" "::"];

30
hosts/vno1-oh2/configuration.nix
View File

@ -64,7 +64,7 @@
services = { services = {
# TODO move to grafana service lib # TODO move to grafana service lib
friendlyport.ports = [ friendlyport.vpn.ports = [
myData.ports.grafana myData.ports.grafana
myData.ports.prometheus myData.ports.prometheus
myData.ports.exporters.node myData.ports.exporters.node
@ -119,12 +119,14 @@
enable = true; enable = true;
datasources.settings = { datasources.settings = {
apiVersion = 1; apiVersion = 1;
datasources = [{ datasources = [
name = "Prometheus"; {
type = "prometheus"; name = "Prometheus";
access = "proxy"; type = "prometheus";
url = "http://127.0.0.1:${toString config.services.prometheus.port}"; access = "proxy";
}]; url = "http://127.0.0.1:${toString config.services.prometheus.port}";
}
];
}; };
}; };
settings = { settings = {
@ -148,14 +150,16 @@
}; };
}; };
scrapeConfigs = [ scrapeConfigs = let
port = builtins.toString myData.ports.exporters.node;
in [
{ {
job_name = "${config.networking.hostName}.${config.networking.domain}"; job_name = "${config.networking.hostName}.${config.networking.domain}";
static_configs = [ static_configs = [{targets = ["127.0.0.1:${port}"];}];
{ }
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"]; {
} job_name = "hel1-a.servers.jakst";
]; static_configs = [{targets = ["${myData.hosts."hel1-a.servers.jakst".jakstIP}:${port}"];}];
} }
]; ];
}; };

36
modules/services/friendlyport/default.nix
View File

@ -4,7 +4,13 @@
myData, myData,
... ...
}: { }: {
options.mj.services.friendlyport = with lib.types; { options.mj.services.friendlyport.motiejus = with lib.types; {
ports = lib.mkOption {
type = listOf int;
default = [];
};
};
options.mj.services.friendlyport.vpn = with lib.types; {
ports = lib.mkOption { ports = lib.mkOption {
type = listOf int; type = listOf int;
default = []; default = [];
@ -12,15 +18,33 @@
}; };
config = let config = let
ports = builtins.concatStringsSep "," (map builtins.toString config.mj.services.friendlyport.ports); portsM = config.mj.services.friendlyport.motiejus.ports;
portsV = config.mj.services.friendlyport.vpn.ports;
portsMStr = builtins.concatStringsSep "," (map builtins.toString config.mj.services.friendlyport.motiejus.ports);
portsVStr = builtins.concatStringsSep "," (map builtins.toString config.mj.services.friendlyport.vpn.ports);
hosts = lib.attrVals ["mxp10.motiejus.jakst" "fwmine.motiejus.jakst"] myData.hosts; hosts = lib.attrVals ["mxp10.motiejus.jakst" "fwmine.motiejus.jakst"] myData.hosts;
ips = lib.catAttrs "jakstIP" hosts; ips = lib.catAttrs "jakstIP" hosts;
startLines = map (ip: "iptables -A INPUT -p tcp --match multiport --dports ${ports} --source ${ip} -j ACCEPT") ips; startLinesM =
if builtins.length portsM > 0
then map (ip: "iptables -A INPUT -p tcp --match multiport --dports ${portsMStr} --source ${ip} -j ACCEPT") ips
else [];
startLinesV =
if builtins.length portsV > 0
then "iptables -A INPUT -p tcp --match multiport --dports ${portsVStr} --source ${myData.tailscale_subnet.cidr} -j ACCEPT"
else "";
# TODO: when stopping the firewall, systemd uses the old ports. So this is a two-phase process. # TODO: when stopping the firewall, systemd uses the old ports. So this is a two-phase process.
# How to stop the old one and start the new one? # How to stop the old one and start the new one?
stopLines = map (ip: "iptables -D INPUT -p tcp --match multiport --dports ${ports} --source ${ip} -j ACCEPT || :") ips; stopLinesM =
if builtins.length portsM > 0
then map (ip: "iptables -D INPUT -p tcp --match multiport --dports ${portsMStr} --source ${ip} -j ACCEPT || :") ips
else [];
stopLinesV =
if builtins.length portsV > 0
then "iptables -D INPUT -p tcp --match multiport --dports ${portsVStr} --source ${myData.tailscale_subnet.cidr} -j ACCEPT || :"
else "";
in { in {
networking.firewall.extraCommands = lib.concatLines startLines; networking.firewall.extraCommands = lib.concatLines (startLinesM ++ [startLinesV]);
networking.firewall.extraStopCommands = lib.concatLines stopLines; networking.firewall.extraStopCommands = lib.concatLines (stopLinesM ++ [stopLinesV]);
}; };
} }

2
modules/services/syncthing/default.nix
View File

@ -14,7 +14,7 @@ in {
}; };
config = lib.mkIf config.mj.services.syncthing.enable { config = lib.mkIf config.mj.services.syncthing.enable {
mj.services.friendlyport.ports = [8384]; mj.services.friendlyport.motiejus.ports = [8384];
services.syncthing = { services.syncthing = {
enable = config.mj.services.syncthing.enable; enable = config.mj.services.syncthing.enable;