prometheus

2026-01-14 08:45:02 +01:00 · 2024-08-07 14:39:23 +02:00 · 2024-08-07 14:39:23 +02:00 · ec7be408a1
commit ec7be408a1
parent 0d39279ac9
5 changed files with 58 additions and 3 deletions
--- a/newinfra/nix/hive.nix
+++ b/newinfra/nix/hive.nix
@ -21,7 +21,9 @@
        };
        dns2 = {
          publicIPv4 = "128.140.3.7";
-          publicIPv6 = "2a01:4f8:c2c:d616::";
+          # somehow this doesnt quite work yet, keep it out of DNS records
+          #publicIPv6 = "2a01:4f8:c2c:d616::";
+          publicIPv6 = null;
        };
        vps1 = {
          publicIPv4 = "161.97.165.1";
@ -43,7 +45,9 @@
        };
        vps4 = {
          publicIPv4 = "195.201.147.17";
-          publicIPv6 = "2a01:4f8:1c1c:cb18::";
+          # somehow this doesnt quite work yet, keep it out of DNS records
+          #publicIPv6 = "2a01:4f8:1c1c:cb18::1";
+          publicIPv6 = null;
          wg = {
            privateIP = "10.0.0.4";
            publicKey = "+n2XKKaSFdCanEGRd41cvnuwJ0URY0HsnpBl6ZrSBRs=";
@ -163,6 +167,7 @@
      ./modules/wg-mesh
      ./modules/ingress
      ./modules/garage
+      ./modules/prometheus
    ];

    deployment.tags = [ "eu" "apps" "wg" ];
--- a/newinfra/nix/modules/default/default.nix
+++ b/newinfra/nix/modules/default/default.nix
@ -21,6 +21,13 @@
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;

+  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 9100 ];
+  services.prometheus.exporters = {
+    node = {
+      enable = true;
+    };
+  };
+
  services.openssh = {
    enable = true;
    openFirewall = true;
--- a/newinfra/nix/modules/ingress/base.Caddyfile
+++ b/newinfra/nix/modules/ingress/base.Caddyfile
@ -10,8 +10,17 @@

 		insecure true
 	}
+
+	servers {
+		metrics
+	}
 }

 http:// {
 	respond "This is an HTTPS-only server, silly you. Go to https:// instead." 418
 }
+
+# HTTP
+:9010 {
+	metrics /metrics
+}
--- a/newinfra/nix/modules/ingress/default.nix
+++ b/newinfra/nix/modules/ingress/default.nix
@ -15,6 +15,8 @@ in
 {
  environment.systemPackages = [ caddy ];

+  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 9010 ]; # metrics
+
  networking.firewall = {
    allowedTCPPorts = [
      80 # HTTP
@ -54,7 +56,7 @@ in
            if name == "vps1" || name == "vps3" || name == "vps4" then ''
            noratrieb.dev {
                encode zstd gzip
-                header -Last-Modified
+                header -Last-Modified2a01:4f8:1c1c:cb18::
                root * ${import ./caddy-static-prepare {
                  name = "website";
                  src = website { inherit pkgs slides blog; };
--- a/newinfra/nix/modules/prometheus/default.nix
+++ b/newinfra/nix/modules/prometheus/default.nix
@ -0,0 +1,32 @@
+{ ... }: {
+  services.prometheus = {
+    enable = true;
+    globalConfig = { };
+    scrapeConfigs = [
+      {
+        job_name = "prometheus";
+        static_configs = [
+          { targets = [ "localhost:9090" ]; }
+        ];
+      }
+      {
+        job_name = "node";
+        static_configs = [
+          { targets = [ "vps1.local:9100" ]; }
+          { targets = [ "vps3.local:9100" ]; }
+          { targets = [ "vps4.local:9100" ]; }
+          { targets = [ "vps5.local:9100" ]; }
+        ];
+      }
+      {
+        job_name = "caddy";
+        static_configs = [
+          { targets = [ "vps1.local:9010" ]; }
+          { targets = [ "vps3.local:9010" ]; }
+          { targets = [ "vps4.local:9010" ]; }
+          { targets = [ "vps5.local:9010" ]; }
+        ];
+      }
+    ];
+  };
+}