karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace telegraf with node exporter

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-04-19 17:57:34 +03:00
parent 3f1531fbd1
commit 1a445ab6fd
37 changed files with 3099 additions and 421 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/common/configs/system/boot/default.nix
View File

@@ -13,6 +13,5 @@
initrd.systemd.enable = true; initrd.systemd.enable = true;
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
supportedFilesystems = [ "btrfs" ];
}; };
} }

5
hosts/common/configs/system/btrfs/default.nix
View File

@@ -1,5 +1,10 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
boot = {
initrd.supportedFilesystems = [ "btrfs" ];
supportedFilesystems = [ "btrfs" ];
};
services.btrfs.autoScrub = { services.btrfs.autoScrub = {
enable = true; enable = true;
interval = "weekly"; interval = "weekly";

13
hosts/common/configs/system/impermanence/default.nix
View File

@@ -1,9 +1,4 @@
{ { config, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];
@@ -11,15 +6,15 @@
# https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/administration/systemd-state.section.md # https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/administration/systemd-state.section.md
# https://github.com/NixOS/nixpkgs/pull/286140/files # https://github.com/NixOS/nixpkgs/pull/286140/files
# https://git.eisfunke.com/config/nixos/-/blob/e65e1dc21d06d07b454005762b177ef151f8bfb6/nixos/machine-id.nix # https://git.eisfunke.com/config/nixos/-/blob/e65e1dc21d06d07b454005762b177ef151f8bfb6/nixos/machine-id.nix
sops.secrets."machineId".mode = "0444"; sops.secrets.machineId.mode = "0444";
fileSystems."/persist".neededForBoot = true; fileSystems."/persist".neededForBoot = true;
environment = { environment = {
impermanence.enable = true; impermanence.enable = true;
etc."machine-id".source = pkgs.runCommandLocal "machine-id-link" { } '' etc.machine-id.source = pkgs.runCommandLocal "machine-id-link" { } ''
ln -s ${config.sops.secrets."machineId".path} $out ln -s ${config.sops.secrets.machineId.path} $out
''; '';
persistence = { persistence = {

4
hosts/common/configs/system/nix/default.nix
View File

@@ -8,7 +8,7 @@
../../../../../secrets/personal/secrets.yaml; ../../../../../secrets/personal/secrets.yaml;
}; };
templates."nix-access-tokens" = { templates.nix-access-tokens = {
content = '' content = ''
access-tokens = github.com=${config.sops.placeholder."git/credentials/github.com/public/password"} access-tokens = github.com=${config.sops.placeholder."git/credentials/github.com/public/password"}
''; '';
@@ -33,7 +33,7 @@
registry.self.flake = inputs.self; registry.self.flake = inputs.self;
extraOptions = '' extraOptions = ''
!include ${config.sops.templates."nix-access-tokens".path} !include ${config.sops.templates.nix-access-tokens.path}
''; '';
}; };
} }

16
hosts/common/configs/system/sshd/default.nix
View File

@@ -1,13 +1,5 @@
{ ... }: { ... }:
{ {
nixpkgs.overlays = [
(final: prev: {
fail2ban = prev.fail2ban.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [ ./remove-umask.patch ];
});
})
];
environment = { environment = {
enableAllTerminfo = true; enableAllTerminfo = true;
persistence."/persist/state"."/var/lib/fail2ban" = { }; persistence."/persist/state"."/var/lib/fail2ban" = { };
@@ -32,12 +24,4 @@
}; };
}; };
}; };
systemd.services.fail2ban.serviceConfig = {
User = "root";
Group = "fail2ban";
UMask = "0117";
};
users.groups.fail2ban = { };
} }

15
hosts/common/configs/system/sshd/remove-umask.patch
View File

@@ -1,15 +0,0 @@
diff --git a/fail2ban/server/server.py b/fail2ban/server/server.py
index e438c4ca..aeee4075 100644
--- a/fail2ban/server/server.py
+++ b/fail2ban/server/server.py
@@ -108,9 +108,7 @@ class Server:
signal.signal(s, new)
def start(self, sock, pidfile, force=False, observer=True, conf={}):
- # First set the mask to only allow access to owner
- os.umask(0o077)
- # Second daemonize before logging etc, because it will close all handles:
+ # Daemonize before logging etc, because it will close all handles:
if self.__daemon: # pragma: no cover
logSys.info("Starting in daemon mode")
ret = self.__createDaemon()

117
hosts/common/configs/system/telegraf/default.nix
View File

@@ -1,117 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (
subject.user == "telegraf"
&& action.id.indexOf("org.freedesktop.systemd1.") == 0
)
{ return polkit.Result.YES; }
});
'';
services.telegraf = {
enable = true;
extraConfig = {
agent.quiet = true;
outputs.prometheus_client = [ { listen = ":9273"; } ];
inputs =
{
cpu = [ { report_active = true; } ];
disk = [
{
mount_points = lib.attrsets.mapAttrsToList (_: fs: fs.mountPoint) config.fileSystems;
}
];
diskio = [ { skip_serial_number = false; } ];
kernel = [ { } ];
mem = [ { } ];
processes = [ { } ];
swap = [ { } ];
system = [ { } ];
internal = [ { } ];
# TODO: Enable
# linux_cpu = [ { } ];
net = [ { ignore_protocol_stats = true; } ];
# TODO: Enable
# sensors = [ { remove_numbers = false; } ];
smart = [ { } ];
# TODO: Enable
# amd_rocm_smi = [ { } ];
systemd_units = [ { } ];
}
// lib.attrsets.optionalAttrs config.virtualisation.podman.enable {
docker = [
{
endpoint = "unix:///var/run/podman/podman.sock";
perdevice = false;
perdevice_include = [
"cpu"
"blkio"
"network"
];
}
];
}
// lib.attrsets.optionalAttrs config.services.fail2ban.enable {
fail2ban = [ { } ];
}
// lib.attrsets.optionalAttrs (config.networking.wireguard.interfaces != { }) {
wireguard = [ { } ];
};
};
};
systemd.services.telegraf = {
path =
with pkgs;
[
dbus
smartmontools
# TODO: Enable
# lm_sensors
# rocmPackages.rocm-smi
]
++ lib.lists.optional config.services.fail2ban.enable fail2ban;
environment = {
DBUS_SYSTEM_BUS_ADDRESS = "unix:path=/var/run/dbus/system_bus_socket";
};
serviceConfig = {
AmbientCapabilities = [
"CAP_NET_RAW"
"CAP_SYS_RAWIO"
] ++ lib.lists.optional (config.networking.wireguard.interfaces != { }) "CAP_NET_ADMIN";
SupplementaryGroups =
[
"disk"
]
++ lib.lists.optional config.virtualisation.podman.enable "podman"
++ lib.lists.optional config.services.fail2ban.enable "fail2ban";
};
};
}

58
hosts/common/configs/user/console/telegraf/default.nix
View File

@@ -1,58 +0,0 @@
{
user ? throw "user argument is required",
home ? throw "home argument is required",
}:
{
config,
lib,
pkgs,
...
}:
let
port = 9273 + config.users.users.${user}.uid;
hmConfig = config.home-manager.users.${user};
in
{
home-manager.users.${user}.systemd.user.services.telegraf =
let
telegrafConfig = (pkgs.formats.toml { }).generate "config.toml" {
agent.quiet = true;
outputs.prometheus_client = [ { listen = ":${builtins.toString port}"; } ];
inputs =
{
systemd_units = [
{ scope = "user"; }
];
}
// lib.attrsets.optionalAttrs hmConfig.services.podman.enable {
docker = [
{
endpoint =
let
uid = builtins.toString config.users.users.${user}.uid;
in
"unix:///var/run/user/${uid}/podman/podman.sock";
perdevice = false;
perdevice_include = [
"cpu"
"blkio"
"network"
];
}
];
};
};
in
{
Unit.Description = "Telegraf Agent";
Install.WantedBy = [ "default.target" ];
Service = {
ExecStart = "${config.services.telegraf.package}/bin/telegraf -config ${telegrafConfig}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
};
};
}

24
hosts/common/configs/user/gui/firefox/default.nix
View File

@@ -38,14 +38,14 @@ in
EmailTracking = true; EmailTracking = true;
}; };
FirefoxHome = { FirefoxHome = {
"Locked" = true; Locked = true;
"Search" = true; Search = true;
"TopSites" = true; TopSites = true;
"SponsoredTopSites" = false; SponsoredTopSites = false;
"Highlights" = false; Highlights = false;
"Pocket" = false; Pocket = false;
"SponsoredPocket" = false; SponsoredPocket = false;
"Snippets" = false; Snippets = false;
}; };
NoDefaultBookmarks = true; NoDefaultBookmarks = true;
OfferToSaveLogins = false; OfferToSaveLogins = false;
@@ -94,10 +94,10 @@ in
]; ];
force = true; force = true;
engines = { engines = {
"google".metaData.alias = "@g"; google.metaData.alias = "@g";
"ddg".metaData.alias = "@d"; ddg.metaData.alias = "@d";
"wikipedia".metaData.alias = "@w"; wikipedia.metaData.alias = "@w";
"nix" = { nix = {
urls = [ urls = [
{ {
template = "https://mynixos.com/search"; template = "https://mynixos.com/search";

110
hosts/common/configs/user/gui/obsidian/default.nix
View File

@@ -308,85 +308,85 @@ in
settings = { settings = {
"markerIconRules" = [ "markerIconRules" = [
{ {
"ruleName" = "default"; ruleName = "default";
"preset" = true; preset = true;
"iconDetails" = { iconDetails = {
"prefix" = "fas"; prefix = "fas";
"icon" = "fa-circle"; icon = "fa-circle";
"markerColor" = "blue"; markerColor = "blue";
}; };
} }
{ {
"ruleName" = "#restaurant"; ruleName = "#restaurant";
"preset" = false; preset = false;
"iconDetails" = { iconDetails = {
"prefix" = "fas"; prefix = "fas";
"icon" = "fa-utensils"; icon = "fa-utensils";
"markerColor" = "red"; markerColor = "red";
}; };
} }
{ {
"ruleName" = "#bar"; ruleName = "#bar";
"preset" = false; preset = false;
"iconDetails" = { iconDetails = {
"prefix" = "fas"; prefix = "fas";
"icon" = "fa-martini-glass"; icon = "fa-martini-glass";
"markerColor" = "purple"; markerColor = "purple";
}; };
} }
{ {
"ruleName" = "#coffee"; ruleName = "#coffee";
"preset" = false; preset = false;
"iconDetails" = { iconDetails = {
"prefix" = "fas"; prefix = "fas";
"icon" = "fa-mug-hot"; icon = "fa-mug-hot";
"markerColor" = "purple"; markerColor = "purple";
}; };
} }
{ {
"ruleName" = "#culture"; ruleName = "#culture";
"preset" = false; preset = false;
"iconDetails" = { iconDetails = {
"prefix" = "fas"; prefix = "fas";
"icon" = "fa-building-columns"; icon = "fa-building-columns";
"markerColor" = "black"; markerColor = "black";
}; };
} }
{ {
"ruleName" = "#shopping"; ruleName = "#shopping";
"preset" = false; preset = false;
"iconDetails" = { iconDetails = {
"prefix" = "fas"; prefix = "fas";
"icon" = "fa-shopping-bag"; icon = "fa-shopping-bag";
"markerColor" = "yellow"; markerColor = "yellow";
}; };
} }
{ {
"ruleName" = "#entertainment"; ruleName = "#entertainment";
"preset" = false; preset = false;
"iconDetails" = { iconDetails = {
"prefix" = "fas"; prefix = "fas";
"icon" = "fa-microphone"; icon = "fa-microphone";
"markerColor" = "pink"; markerColor = "pink";
}; };
} }
{ {
"ruleName" = "#nature"; ruleName = "#nature";
"preset" = false; preset = false;
"iconDetails" = { iconDetails = {
"prefix" = "fas"; prefix = "fas";
"icon" = "fa-tree"; icon = "fa-tree";
"markerColor" = "green"; markerColor = "green";
}; };
} }
]; ];
"searchProvider" = "google"; searchProvider = "google";
"geocodingApiMethod" = "path"; geocodingApiMethod = "path";
"geocodingApiPath" = hmConfig.sops.secrets."google/geocoding".path; geocodingApiPath = hmConfig.sops.secrets."google/geocoding".path;
"useGooglePlaces" = true; useGooglePlaces = true;
"letZoomBeyondMax" = true; letZoomBeyondMax = true;
"showGeolinkPreview" = true; showGeolinkPreview = true;
"newNotePath" = "Inbox"; newNotePath = "Inbox";
}; };
} }
{ {

4
hosts/common/configs/user/gui/vscode/options.nix
View File

@@ -64,8 +64,8 @@ in
(lib.mkIf cfg.copilot.enable { (lib.mkIf cfg.copilot.enable {
"github.copilot.enable" = { "github.copilot.enable" = {
"*" = true; "*" = true;
"plaintext" = true; plaintext = true;
"markdown" = true; markdown = true;
}; };
"chat.editing.alwaysSaveWithGeneratedChanges" = true; "chat.editing.alwaysSaveWithGeneratedChanges" = true;
}) })

4
hosts/jupiter-vps/configs/podman/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ ... }:
{
imports = [ ./prometheus ];
}

65
hosts/jupiter-vps/configs/podman/prometheus/default.nix Normal file
View File

@@ -0,0 +1,65 @@
{ inputs, system, ... }:
let
selfPkgs = inputs.self.packages.${system};
in
{
boot.kernelParams = [ "psi=1" ];
networking.firewall.interfaces.wg0.allowedTCPPorts = [
9100
9882
9191
];
virtualisation.quadlet.containers = {
prometheus-node-exporter.containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus-node-exporter}";
# Allow collecting host metrics, port :9100 by default
networks = [ "host" ];
podmanArgs = [
"--pid"
"host"
];
volumes = [
"/:/host:ro,rslave"
"/run/udev:/run/udev:ro"
"/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro"
"/etc/static/os-release:/host/etc/os-release:ro"
];
exec = [
"--log.level=warn"
"--path.rootfs=/host"
"--no-collector.arp"
"--no-collector.bonding"
"--no-collector.edac"
"--no-collector.fibrechannel"
"--no-collector.infiniband"
"--no-collector.ipvs"
"--no-collector.mdadm"
"--no-collector.nfs"
"--no-collector.nfsd"
"--no-collector.selinux"
"--no-collector.xfs"
"--no-collector.zfs"
"--collector.cpu_vulnerabilities"
"--collector.drm"
"--collector.ethtool"
"--collector.processes"
"--collector.systemd"
];
};
prometheus-podman-exporter.containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus-podman-exporter}";
publishPorts = [ "9882:9882" ];
volumes = [ "/run/podman/podman.sock:/run/podman/podman.sock:ro" ];
exec = [ "--collector.enable-all" ];
};
prometheus-fail2ban-exporter.containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus-fail2ban-exporter}";
publishPorts = [ "9191:9191" ];
volumes = [ "/run/fail2ban/fail2ban.sock:/var/run/fail2ban/fail2ban.sock:ro" ];
};
};
}

4
hosts/jupiter-vps/configs/wireguard/default.nix
View File

@@ -10,7 +10,7 @@ in
"net.ipv4.conf.all.proxy_arp" = 1; "net.ipv4.conf.all.proxy_arp" = 1;
}; };
sops.secrets."wireguard" = { }; sops.secrets.wireguard = { };
networking = { networking = {
firewall = { firewall = {
@@ -21,7 +21,7 @@ in
wireguard.interfaces.wg0 = { wireguard.interfaces.wg0 = {
ips = [ "10.0.0.1/24" ]; ips = [ "10.0.0.1/24" ];
listenPort = wireguardPort; listenPort = wireguardPort;
privateKeyFile = config.sops.secrets."wireguard".path; privateKeyFile = config.sops.secrets.wireguard.path;
peers = [ peers = [
{ {

3
hosts/jupiter-vps/default.nix
View File

@@ -6,10 +6,12 @@
./hardware ./hardware
../common/configs/system/btrfs
../common/configs/system/impermanence ../common/configs/system/impermanence
../common/configs/system/neovim ../common/configs/system/neovim
../common/configs/system/nix ../common/configs/system/nix
../common/configs/system/nixpkgs ../common/configs/system/nixpkgs
../common/configs/system/podman
../common/configs/system/sops ../common/configs/system/sops
../common/configs/system/sshd ../common/configs/system/sshd
../common/configs/system/system ../common/configs/system/system
@@ -17,6 +19,7 @@
../common/configs/system/zsh ../common/configs/system/zsh
./configs/boot ./configs/boot
./configs/podman
./configs/wireguard ./configs/wireguard
]; ];

20
hosts/jupiter-vps/format.nix
View File

@@ -26,10 +26,22 @@
name = "root"; name = "root";
size = "100%"; size = "100%";
content = { content = {
type = "filesystem"; type = "btrfs";
format = "ext4"; extraArgs = [ "-f" ];
mountpoint = "/"; subvolumes =
mountOptions = [ "defaults" ]; let
mountOptions = [
"compress=zstd:1"
"noatime"
"user_subvol_rm_allowed"
];
in
{
"@" = {
mountpoint = "/";
inherit mountOptions;
};
};
}; };
}; };
}; };

4
hosts/jupiter/configs/wireguard/default.nix
View File

@@ -11,7 +11,7 @@ let
jupiterPublicIPv4 = "51.89.210.124"; jupiterPublicIPv4 = "51.89.210.124";
in in
{ {
sops.secrets."wireguard" = { }; sops.secrets.wireguard = { };
networking = { networking = {
firewall.allowedUDPPorts = [ wireguardPort ]; firewall.allowedUDPPorts = [ wireguardPort ];
@@ -33,7 +33,7 @@ in
"${jupiterPublicIPv4}/32" "${jupiterPublicIPv4}/32"
]; ];
listenPort = wireguardPort; listenPort = wireguardPort;
privateKeyFile = config.sops.secrets."wireguard".path; privateKeyFile = config.sops.secrets.wireguard.path;
table = "wireguard"; table = "wireguard";
postSetup = [ "${ip} rule add from ${jupiterPublicIPv4} table ${table}" ]; postSetup = [ "${ip} rule add from ${jupiterPublicIPv4} table ${table}" ];

1
hosts/jupiter/default.nix
View File

@@ -23,7 +23,6 @@
../common/configs/system/sshd ../common/configs/system/sshd
../common/configs/system/sudo ../common/configs/system/sudo
../common/configs/system/system ../common/configs/system/system
../common/configs/system/telegraf
../common/configs/system/users ../common/configs/system/users
../common/configs/system/zsh ../common/configs/system/zsh

62
hosts/jupiter/users/storm/configs/console/podman/authelia/default.nix
View File

@@ -74,7 +74,7 @@ in
jwks = [ { key = hmConfig.sops.placeholder."authelia/oidcKey"; } ]; jwks = [ { key = hmConfig.sops.placeholder."authelia/oidcKey"; } ];
authorization_policies = { authorization_policies = {
admin = { admin_two_factor = {
default_policy = "deny"; default_policy = "deny";
rules = [ rules = [
{ {
@@ -83,6 +83,16 @@ in
} }
]; ];
}; };
admin_one_factor = {
default_policy = "deny";
rules = [
{
policy = "one_factor";
subject = [ "group:admins" ];
}
];
};
}; };
}; };
@@ -105,6 +115,8 @@ in
}; };
theme = "auto"; theme = "auto";
telemetry.metrics.enabled = true;
} }
); );
@@ -125,13 +137,13 @@ in
networks.authelia.networkConfig.internal = true; networks.authelia.networkConfig.internal = true;
volumes = { volumes = {
"authelia-redis" = { }; authelia-redis = { };
"authelia-postgresql" = { }; authelia-postgresql = { };
authelia = { }; authelia = { };
}; };
containers = { containers = {
"authelia-init" = { authelia-init = {
containerConfig = { containerConfig = {
image = "docker-archive:${selfPkgs.docker-yq}"; image = "docker-archive:${selfPkgs.docker-yq}";
volumes = [ volumes = [
@@ -140,7 +152,7 @@ in
]; ];
exec = [ exec = [
"eval-all" "eval-all"
". as $item ireduce ({}; . * $item)" ". as $item ireduce ({}; . *+ $item)"
"/etc/authelia/users.yaml" "/etc/authelia/users.yaml"
"/etc/authelia/users.yaml.default" "/etc/authelia/users.yaml.default"
"-i" "-i"
@@ -167,6 +179,7 @@ in
networks = [ networks = [
networks.authelia.ref networks.authelia.ref
networks.traefik.ref networks.traefik.ref
networks.prometheus.ref
]; ];
exec = [ exec = [
"--config" "--config"
@@ -183,18 +196,18 @@ in
}; };
unitConfig.After = [ unitConfig.After = [
"${containers."authelia-init"._serviceName}.service" "${containers.authelia-init._serviceName}.service"
"${containers."authelia-postgresql"._serviceName}.service" "${containers.authelia-postgresql._serviceName}.service"
"${containers."authelia-redis"._serviceName}.service" "${containers.authelia-redis._serviceName}.service"
"sops-nix.service" "sops-nix.service"
]; ];
}; };
"authelia-postgresql" = { authelia-postgresql = {
containerConfig = { containerConfig = {
image = "docker-archive:${selfPkgs.docker-postgresql}"; image = "docker-archive:${selfPkgs.docker-postgresql}";
networks = [ networks.authelia.ref ]; networks = [ networks.authelia.ref ];
volumes = [ "${volumes."authelia-postgresql".ref}:/var/lib/postgresql/data" ]; volumes = [ "${volumes.authelia-postgresql.ref}:/var/lib/postgresql/data" ];
environments = { environments = {
POSTGRES_DB = "authelia"; POSTGRES_DB = "authelia";
POSTGRES_USER = "authelia"; POSTGRES_USER = "authelia";
@@ -205,12 +218,37 @@ in
unitConfig.After = [ "sops-nix.service" ]; unitConfig.After = [ "sops-nix.service" ];
}; };
"authelia-redis".containerConfig = { authelia-redis.containerConfig = {
image = "docker-archive:${selfPkgs.docker-redis}"; image = "docker-archive:${selfPkgs.docker-redis}";
networks = [ networks.authelia.ref ]; networks = [ networks.authelia.ref ];
volumes = [ "${volumes."authelia-redis".ref}:/var/lib/redis" ]; volumes = [ "${volumes.authelia-redis.ref}:/var/lib/redis" ];
exec = [ "--save 60 1" ]; exec = [ "--save 60 1" ];
}; };
prometheus-init.containerConfig.volumes =
let
autheliaConfig = (pkgs.formats.yaml { }).generate "authelia.yml" {
scrape_configs =
let
hostname = config.networking.hostName;
in
[
{
job_name = "${hostname}-authelia";
static_configs = [
{
targets = [ "authelia:9959" ];
labels = {
app = "authelia";
inherit user hostname;
};
}
];
}
];
};
in
[ "${autheliaConfig}:/etc/prometheus/conf.d/authelia.yml" ];
}; };
}; };

1
hosts/jupiter/users/storm/configs/console/podman/default.nix
View File

@@ -11,6 +11,7 @@ in
(import ./authelia { inherit user home; }) (import ./authelia { inherit user home; })
(import ./grafana { inherit user home; }) (import ./grafana { inherit user home; })
(import ./ntfy { inherit user home; }) (import ./ntfy { inherit user home; })
(import ./prometheus { inherit user home; })
(import ./traefik { inherit user home; }) (import ./traefik { inherit user home; })
(import ./whoami { inherit user home; }) (import ./whoami { inherit user home; })
]; ];

2219
hosts/jupiter/users/storm/configs/console/podman/grafana/dashboards/system.json Normal file
View File

File diff suppressed because it is too large Load Diff

97
hosts/jupiter/users/storm/configs/console/podman/grafana/default.nix
View File

@@ -13,7 +13,7 @@
let let
selfPkgs = inputs.self.packages.${system}; selfPkgs = inputs.self.packages.${system};
hmConfig = config.home-manager.users.${user}; hmConfig = config.home-manager.users.${user};
inherit (hmConfig.virtualisation.quadlet) volumes containers networks; inherit (hmConfig.virtualisation.quadlet) networks;
autheliaClientId = "4R5ofTZgOjO5Nrbcm9f6KqBLZXy8LwPS5s3E3BUfPS2mRy0wSV41XZGLrLgiR4Z0MblyGzW211AHL7GCCaJu5KonLUKyRjoyuiAr"; autheliaClientId = "4R5ofTZgOjO5Nrbcm9f6KqBLZXy8LwPS5s3E3BUfPS2mRy0wSV41XZGLrLgiR4Z0MblyGzW211AHL7GCCaJu5KonLUKyRjoyuiAr";
in in
{ {
@@ -34,7 +34,7 @@ in
client_name = "Grafana"; client_name = "Grafana";
client_secret = hmConfig.sops.placeholder."grafana/authelia/digest"; client_secret = hmConfig.sops.placeholder."grafana/authelia/digest";
redirect_uris = [ "https://stats.karaolidis.com/login/generic_oauth" ]; redirect_uris = [ "https://stats.karaolidis.com/login/generic_oauth" ];
authorization_policy = "admin"; authorization_policy = "admin_one_factor";
require_pkce = true; require_pkce = true;
pkce_challenge_method = "S256"; pkce_challenge_method = "S256";
} }
@@ -122,87 +122,9 @@ in
}; };
virtualisation.quadlet = { virtualisation.quadlet = {
networks = { networks.grafana.networkConfig.internal = true;
grafana.networkConfig.internal = true;
# Allow access to host telegraf via non-internal network
grafana-prometheus = { };
};
volumes = {
"grafana-prometheus-data" = { };
"grafana-prometheus-config" = { };
};
containers = { containers = {
"grafana-prometheus-init" =
let
prometheusConfig = (pkgs.formats.yaml { }).generate "prometheus.yml" {
global = {
scrape_interval = "10s";
evaluation_interval = "10s";
};
scrape_configs = [
{
job_name = "telegraf";
static_configs = [
{
targets = [ "host.containers.internal:9273" ];
labels.app = "telegraf";
}
{
targets = [
"host.containers.internal:${builtins.toString (9273 + config.users.users.${user}.uid)}"
];
labels.app = "telegraf-storm";
}
];
}
];
};
in
{
containerConfig = {
image = "docker-archive:${selfPkgs.docker-yq}";
volumes = [
"${volumes."grafana-prometheus-config".ref}:/etc/prometheus"
"${prometheusConfig}:/etc/prometheus/conf.d/prometheus.yml"
];
entrypoint = "/bin/bash";
exec = [
"-c"
"yq eval-all '. as $item ireduce ({}; . * $item)' /etc/prometheus/conf.d/*.yml > /etc/prometheus/prometheus.yml"
];
};
serviceConfig = {
Type = "oneshot";
Restart = "on-failure";
};
};
"grafana-prometheus" = {
containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus}";
volumes = [
"${volumes."grafana-prometheus-config".ref}:/etc/prometheus"
"${volumes."grafana-prometheus-data".ref}:/var/lib/prometheus"
];
networks = [
networks.grafana.ref
networks.grafana-prometheus.ref
];
exec = [
"--config.file=/etc/prometheus/prometheus.yml"
"--storage.tsdb.path=/var/lib/prometheus"
"--storage.tsdb.retention.time=1y"
"--log.level=warn"
];
};
unitConfig.After = [ "${containers."grafana-prometheus-init"._serviceName}.service" ];
};
grafana = { grafana = {
containerConfig = { containerConfig = {
image = "docker-archive:${selfPkgs.docker-grafana}"; image = "docker-archive:${selfPkgs.docker-grafana}";
@@ -217,17 +139,12 @@ in
]; ];
}; };
unitConfig.After = [ unitConfig.After = [ "sops-nix.service" ];
"${containers."grafana-prometheus"._serviceName}.service"
"${containers."grafana-image-renderer"._serviceName}.service"
];
}; };
"grafana-image-renderer" = { grafana-image-renderer.containerConfig = {
containerConfig = { image = "docker-archive:${selfPkgs.docker-grafana-image-renderer}";
image = "docker-archive:${selfPkgs.docker-grafana-image-renderer}"; networks = [ networks.grafana.ref ];
networks = [ networks.grafana.ref ];
};
}; };
authelia.containerConfig.volumes = [ authelia.containerConfig.volumes = [

66
hosts/jupiter/users/storm/configs/console/podman/ntfy/default.nix
View File

@@ -71,6 +71,8 @@ in
enable-signup = false; enable-signup = false;
enable-login = true; enable-login = true;
enable-reservations = false; enable-reservations = false;
metrics-listen-http = ":9090";
} }
); );
@@ -111,26 +113,54 @@ in
volumes.ntfy = { }; volumes.ntfy = { };
containers.ntfy = { containers = {
containerConfig = { ntfy = {
image = "docker-archive:${selfPkgs.docker-ntfy}"; containerConfig = {
networks = [ image = "docker-archive:${selfPkgs.docker-ntfy}";
networks.ntfy.ref networks = [
networks.traefik.ref networks.ntfy.ref
]; networks.traefik.ref
volumes = [ networks.prometheus.ref
"${volumes.ntfy.ref}:/var/lib/ntfy" ];
"${hmConfig.sops.templates."ntfy-server.yml".path}:/etc/ntfy/server.yml:ro" volumes = [
"${hmConfig.sops.templates."ntfy-init.sh".path}:/entrypoint.sh:ro" "${volumes.ntfy.ref}:/var/lib/ntfy"
]; "${hmConfig.sops.templates."ntfy-server.yml".path}:/etc/ntfy/server.yml:ro"
entrypoint = "/entrypoint.sh"; "${hmConfig.sops.templates."ntfy-init.sh".path}:/entrypoint.sh:ro"
labels = [ ];
"traefik.enable=true" entrypoint = "/entrypoint.sh";
"traefik.http.routers.ntfy.rule=Host(`ntfy.karaolidis.com`)" labels = [
]; "traefik.enable=true"
"traefik.http.routers.ntfy.rule=Host(`ntfy.karaolidis.com`)"
];
};
unitConfig.After = [ "sops-nix.service" ];
}; };
unitConfig.After = [ "sops-nix.service" ]; prometheus-init.containerConfig.volumes =
let
ntfyConfig = (pkgs.formats.yaml { }).generate "ntfy.yml" {
scrape_configs =
let
hostname = config.networking.hostName;
in
[
{
job_name = "${hostname}-ntfy";
static_configs = [
{
targets = [ "ntfy:9090" ];
labels = {
app = "ntfy.sh";
inherit user hostname;
};
}
];
}
];
};
in
[ "${ntfyConfig}:/etc/prometheus/conf.d/ntfy.yml" ];
}; };
}; };
}; };

310
hosts/jupiter/users/storm/configs/console/podman/prometheus/default.nix Normal file
View File

@@ -0,0 +1,310 @@
{
user ? throw "user argument is required",
home ? throw "home argument is required",
}:
{
config,
inputs,
pkgs,
system,
lib,
...
}:
let
selfPkgs = inputs.self.packages.${system};
hmConfig = config.home-manager.users.${user};
jupiterVpsConfig = inputs.self.nixosConfigurations.jupiter-vps.config;
inherit (hmConfig.virtualisation.quadlet) volumes containers networks;
in
{
boot.kernelParams = [ "psi=1" ];
# The below containers all need to run as root to collect host metrics.
virtualisation.quadlet.containers = {
prometheus-node-exporter.containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus-node-exporter}";
# Allow collecting host metrics, port :9100 by default
networks = [ "host" ];
podmanArgs = [
"--pid"
"host"
];
volumes = [
"/:/host:ro,rslave"
"/run/udev:/run/udev:ro"
"/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro"
"/etc/static/os-release:/host/etc/os-release:ro"
];
exec = [
"--log.level=warn"
"--path.rootfs=/host"
"--no-collector.arp"
"--no-collector.bonding"
"--no-collector.edac"
"--no-collector.fibrechannel"
"--no-collector.infiniband"
"--no-collector.ipvs"
"--no-collector.mdadm"
"--no-collector.nfs"
"--no-collector.nfsd"
"--no-collector.selinux"
"--no-collector.xfs"
"--no-collector.zfs"
"--collector.cpu_vulnerabilities"
"--collector.drm"
"--collector.ethtool"
"--collector.processes"
"--collector.systemd"
];
};
prometheus-podman-exporter.containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus-podman-exporter}";
publishPorts = [ "9882:9882" ];
volumes = [ "/run/podman/podman.sock:/run/podman/podman.sock:ro" ];
exec = [ "--collector.enable-all" ];
};
prometheus-fail2ban-exporter.containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus-fail2ban-exporter}";
publishPorts = [ "9191:9191" ];
volumes = [ "/run/fail2ban/fail2ban.sock:/var/run/fail2ban/fail2ban.sock:ro" ];
};
prometheus-smartctl-exporter.containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus-smartctl-exporter}";
publishPorts = [ "9633:9633" ];
podmanArgs = [ "--privileged" ];
};
};
home-manager.users.${user} = {
virtualisation.quadlet = {
networks = {
prometheus.networkConfig.internal = true;
prometheus-ext = { };
};
volumes = {
prometheus-data = { };
prometheus-config = { };
};
containers = {
prometheus-node-exporter.containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus-node-exporter}";
networks = [ networks.prometheus.ref ];
volumes =
let
uid = builtins.toString config.users.users.${user}.uid;
in
[ "/run/user/${uid}/bus:/var/run/dbus/system_bus_socket:ro" ];
exec = [
"--log.level=warn"
"--path.rootfs=/host"
"--collector.disable-defaults"
"--collector.systemd"
];
};
prometheus-podman-exporter.containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus-podman-exporter}";
networks = [ networks.prometheus.ref ];
volumes =
let
uid = builtins.toString config.users.users.${user}.uid;
in
[ "/run/user/${uid}/podman/podman.sock:/run/podman/podman.sock:ro" ];
exec = [ "--collector.enable-all" ];
};
prometheus-init =
let
prometheusConfig = (pkgs.formats.yaml { }).generate "prometheus.yml" {
global.scrape_interval = "15s";
scrape_configs =
let
hostname = config.networking.hostName;
jupiterVpsHostname = jupiterVpsConfig.networking.hostName;
in
[
{
job_name = "${hostname}-node-exporter";
static_configs = [
{
targets = [ "host.containers.internal:9100" ];
labels = {
app = "node-exporter";
user = "root";
inherit hostname;
};
}
{
targets = [ "prometheus-node-exporter:9100" ];
labels = {
app = "node-exporter";
inherit user hostname;
};
}
];
}
{
job_name = "${hostname}-podman-exporter";
static_configs = [
{
targets = [ "host.containers.internal:9882" ];
labels = {
app = "podman-exporter";
user = "root";
inherit hostname;
};
}
{
targets = [ "prometheus-podman-exporter:9882" ];
labels = {
app = "podman-exporter";
inherit user hostname;
};
}
];
}
{
job_name = "${hostname}-fail2ban-exporter";
static_configs = [
{
targets = [ "host.containers.internal:9191" ];
labels = {
app = "fail2ban-exporter";
user = "root";
inherit hostname;
};
}
];
}
{
job_name = "${hostname}-smartctl-exporter";
static_configs = [
{
targets = [ "host.containers.internal:9633" ];
labels = {
app = "smartctl-exporter";
user = "root";
inherit hostname;
};
}
];
}
{
job_name = "${jupiterVpsHostname}-node-exporter";
static_configs = [
{
targets = [ "10.0.0.1:9100" ];
labels = {
app = "node-exporter";
user = "root";
hostname = jupiterVpsHostname;
};
}
];
}
{
job_name = "${jupiterVpsHostname}-podman-exporter";
static_configs = [
{
targets = [ "10.0.0.1:9882" ];
labels = {
app = "podman-exporter";
user = "root";
hostname = jupiterVpsHostname;
};
}
];
}
{
job_name = "${jupiterVpsHostname}-fail2ban-exporter";
static_configs = [
{
targets = [ "10.0.0.1:9191" ];
labels = {
app = "fail2ban-exporter";
user = "root";
hostname = jupiterVpsHostname;
};
}
];
}
];
};
in
{
containerConfig = {
image = "docker-archive:${selfPkgs.docker-yq}";
volumes = [
"${volumes.prometheus-config.ref}:/etc/prometheus"
"${prometheusConfig}:/etc/prometheus/conf.d/prometheus.yml"
];
entrypoint = "/bin/bash";
exec = [
"-c"
"yq eval-all '. as $item ireduce ({}; . *+ $item)' /etc/prometheus/conf.d/*.yml > /etc/prometheus/prometheus.yml"
];
};
serviceConfig = {
Type = "oneshot";
Restart = "on-failure";
};
};
prometheus = {
containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus}";
volumes = [
"${volumes.prometheus-config.ref}:/etc/prometheus"
"${volumes.prometheus-data.ref}:/var/lib/prometheus"
];
networks = [
networks.grafana.ref
networks.prometheus.ref
# Access to root exporters
networks.prometheus-ext.ref
];
exec = [
"--log.level=debug"
"--config.file=/etc/prometheus/prometheus.yml"
"--storage.tsdb.path=/var/lib/prometheus"
"--storage.tsdb.retention.time=1y"
];
};
unitConfig.After = [ "${containers.prometheus-init._serviceName}.service" ];
};
grafana.containerConfig.volumes =
let
datasource = (pkgs.formats.yaml { }).generate "prometheus.yaml" {
apiVersion = 1;
datasources = [
{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://prometheus:9090";
uid = "prometheus";
jsonData = {
httpMethod = "POST";
manageAlerts = true;
prometheusType = "Prometheus";
prometheusVersion = lib.strings.getVersion pkgs.prometheus;
};
}
];
};
in
[ "${datasource}:/etc/grafana/conf/provisioning/datasources/prometheus.yaml" ];
};
};
};
}

36
hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix
View File

@@ -43,7 +43,10 @@ in
traefik = { traefik = {
containerConfig = { containerConfig = {
image = "docker-archive:${selfPkgs.docker-traefik}"; image = "docker-archive:${selfPkgs.docker-traefik}";
networks = [ networks.traefik.ref ]; networks = [
networks.traefik.ref
networks.prometheus.ref
];
volumes = volumes =
let let
uid = builtins.toString config.users.users.${user}.uid; uid = builtins.toString config.users.users.${user}.uid;
@@ -84,6 +87,8 @@ in
"--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare" "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
"--certificatesresolvers.letsencrypt.acme.email=nick@karaolidis.com" "--certificatesresolvers.letsencrypt.acme.email=nick@karaolidis.com"
"--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
"--metrics.prometheus=true"
]; ];
labels = [ labels = [
"traefik.enable=true" "traefik.enable=true"
@@ -135,12 +140,37 @@ in
}; };
in in
[ "${config}:/etc/authelia/conf.d/traefik.yaml:ro" ]; [ "${config}:/etc/authelia/conf.d/traefik.yaml:ro" ];
prometheus-init.containerConfig.volumes =
let
traefikConfig = (pkgs.formats.yaml { }).generate "traefik.yml" {
scrape_configs =
let
hostname = config.networking.hostName;
in
[
{
job_name = "${hostname}-traefik";
static_configs = [
{
targets = [ "traefik:8080" ];
labels = {
app = "traefik";
inherit user hostname;
};
}
];
}
];
};
in
[ "${traefikConfig}:/etc/prometheus/conf.d/traefik.yml" ];
}; };
}; };
# https://github.com/eriksjolund/podman-traefik-socket-activation # https://github.com/eriksjolund/podman-traefik-socket-activation
systemd.user.sockets = { systemd.user.sockets = {
"traefik-http" = { traefik-http = {
Socket = { Socket = {
ListenStream = "0.0.0.0:80"; ListenStream = "0.0.0.0:80";
FileDescriptorName = "http"; FileDescriptorName = "http";
@@ -152,7 +182,7 @@ in
}; };
}; };
"traefik-https" = { traefik-https = {
Socket = { Socket = {
ListenStream = "0.0.0.0:443"; ListenStream = "0.0.0.0:443";
FileDescriptorName = "https"; FileDescriptorName = "https";

1
hosts/jupiter/users/storm/default.nix
View File

@@ -13,7 +13,6 @@ in
(import ../../../common/configs/user/console/neovim { inherit user home; }) (import ../../../common/configs/user/console/neovim { inherit user home; })
(import ../../../common/configs/user/console/podman { inherit user home; }) (import ../../../common/configs/user/console/podman { inherit user home; })
(import ../../../common/configs/user/console/sops { inherit user home; }) (import ../../../common/configs/user/console/sops { inherit user home; })
(import ../../../common/configs/user/console/telegraf { inherit user home; })
(import ../../../common/configs/user/console/tmux { inherit user home; }) (import ../../../common/configs/user/console/tmux { inherit user home; })
(import ../../../common/configs/user/console/zsh { inherit user home; }) (import ../../../common/configs/user/console/zsh { inherit user home; })

13
packages/default.nix
View File

@@ -16,6 +16,16 @@
docker-ntfy = import ./docker/ntfy { inherit pkgs; }; docker-ntfy = import ./docker/ntfy { inherit pkgs; };
docker-postgresql = import ./docker/postgresql { inherit pkgs; }; docker-postgresql = import ./docker/postgresql { inherit pkgs; };
docker-prometheus = import ./docker/prometheus { inherit pkgs; }; docker-prometheus = import ./docker/prometheus { inherit pkgs; };
docker-prometheus-fail2ban-exporter = import ./docker/prometheus-fail2ban-exporter {
inherit pkgs inputs system;
};
docker-prometheus-node-exporter = import ./docker/prometheus-node-exporter { inherit pkgs; };
docker-prometheus-podman-exporter = import ./docker/prometheus-podman-exporter {
inherit pkgs inputs system;
};
docker-prometheus-smartctl-exporter = import ./docker/prometheus-smartctl-exporter {
inherit pkgs;
};
docker-redis = import ./docker/redis { inherit pkgs; }; docker-redis = import ./docker/redis { inherit pkgs; };
docker-traefik = import ./docker/traefik { inherit pkgs; }; docker-traefik = import ./docker/traefik { inherit pkgs; };
docker-whoami = import ./docker/whoami { inherit pkgs; }; docker-whoami = import ./docker/whoami { inherit pkgs; };
@@ -38,6 +48,9 @@
obsidian-theme-minimal = import ./obsidian/themes/minimal { inherit pkgs; }; obsidian-theme-minimal = import ./obsidian/themes/minimal { inherit pkgs; };
prometheus-fail2ban-exporter = import ./prometheus-fail2ban-exporter { inherit pkgs; };
prometheus-podman-exporter = import ./prometheus-podman-exporter { inherit pkgs; };
ssh-known-hosts-github = import ./ssh/known-hosts/github { inherit pkgs inputs system; }; ssh-known-hosts-github = import ./ssh/known-hosts/github { inherit pkgs inputs system; };
# SAS # SAS

2
packages/docker/postgresql/entrypoint.sh
View File

@@ -14,7 +14,7 @@ mkfifo "$LOG_PIPE"
( (
while IFS= read -r line; do while IFS= read -r line; do
if echo "$line" | grep -qE "ERROR|FATAL|PANIC"; then if echo "$line" | grep -qEi "ERROR|FATAL|PANIC"; then
echo "$line" >&2 echo "$line" >&2
else else
echo "$line" echo "$line"

36
packages/docker/prometheus-fail2ban-exporter/default.nix Normal file
View File

@@ -0,0 +1,36 @@
{
pkgs,
inputs,
system,
...
}:
let
selfPkgs = inputs.self.packages.${system};
entrypoint = pkgs.writeTextFile {
name = "entrypoint";
executable = true;
destination = "/bin/entrypoint";
text = builtins.readFile ./entrypoint.sh;
};
in
pkgs.dockerTools.buildImage {
name = "prometheus-fail2ban-exporter";
fromImage = import ../base { inherit pkgs; };
copyToRoot = pkgs.buildEnv {
name = "root";
paths = [
entrypoint
selfPkgs.prometheus-fail2ban-exporter
];
pathsToLink = [ "/bin" ];
};
config = {
Entrypoint = [ "/bin/entrypoint" ];
ExposedPorts = {
"9191/tcp" = { };
};
};
}

23
packages/docker/prometheus-fail2ban-exporter/entrypoint.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/sh
set -o errexit
set -o nounset
mkdir -p /tmp
LOG_PIPE="$(mktemp -u)"
mkfifo "$LOG_PIPE"
(
while IFS= read -r line; do
if echo "$line" | grep -qEi "WARN|ERROR|FATAL"; then
echo "$line" >&2
else
echo "$line"
fi
done < "$LOG_PIPE"
) &
LOG_PID=$!
trap 'kill $LOG_PID' EXIT
exec /bin/prometheus-fail2ban-exporter "$@" > "$LOG_PIPE" 2>&1

19
packages/docker/prometheus-node-exporter/default.nix Normal file
View File

@@ -0,0 +1,19 @@
{ pkgs, ... }:
pkgs.dockerTools.buildImage {
name = "prometheus-node-exporter";
fromImage = import ../base { inherit pkgs; };
copyToRoot = pkgs.buildEnv {
name = "root";
paths = with pkgs; [ prometheus-node-exporter ];
pathsToLink = [ "/bin" ];
};
config = {
Entrypoint = [ "/bin/node_exporter" ];
Cmd = [ "--log.level=warn" ];
ExposedPorts = {
"9100/tcp" = { };
};
};
}

40
packages/docker/prometheus-podman-exporter/default.nix Normal file
View File

@@ -0,0 +1,40 @@
{
pkgs,
inputs,
system,
...
}:
let
selfPkgs = inputs.self.packages.${system};
entrypoint = pkgs.writeTextFile {
name = "entrypoint";
executable = true;
destination = "/bin/entrypoint";
text = builtins.readFile ./entrypoint.sh;
};
in
pkgs.dockerTools.buildImage {
name = "prometheus-podman-exporter";
fromImage = import ../base { inherit pkgs; };
copyToRoot = pkgs.buildEnv {
name = "root";
paths = [
entrypoint
selfPkgs.prometheus-podman-exporter
];
pathsToLink = [ "/bin" ];
};
runAsRoot = ''
${pkgs.dockerTools.shadowSetup}
'';
config = {
Entrypoint = [ "/bin/entrypoint" ];
ExposedPorts = {
"9882/tcp" = { };
};
};
}

23
packages/docker/prometheus-podman-exporter/entrypoint.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/sh
set -o errexit
set -o nounset
mkdir -p /tmp
LOG_PIPE="$(mktemp -u)"
mkfifo "$LOG_PIPE"
(
while IFS= read -r line; do
if echo "$line" | grep -qEi "WARN|ERROR|FATAL"; then
echo "$line" >&2
else
echo "$line"
fi
done < "$LOG_PIPE"
) &
LOG_PID=$!
trap 'kill $LOG_PID' EXIT
exec /bin/prometheus-podman-exporter "$@" > "$LOG_PIPE" 2>&1

19
packages/docker/prometheus-smartctl-exporter/default.nix Normal file
View File

@@ -0,0 +1,19 @@
{ pkgs, ... }:
pkgs.dockerTools.buildImage {
name = "prometheus-smartctl-exporter";
fromImage = import ../base { inherit pkgs; };
copyToRoot = pkgs.buildEnv {
name = "root";
paths = with pkgs; [ prometheus-smartctl-exporter ];
pathsToLink = [ "/bin" ];
};
config = {
Entrypoint = [ "/bin/smartctl_exporter" ];
Cmd = [ "--log.level=warn" ];
ExposedPorts = {
"9633/tcp" = { };
};
};
}

3
packages/docker/prometheus/default.nix
View File

@@ -14,5 +14,8 @@ pkgs.dockerTools.buildImage {
ExposedPorts = { ExposedPorts = {
"9090/tcp" = { }; "9090/tcp" = { };
}; };
Volumes = {
"/var/lib/prometheus" = { };
};
}; };
} }

31
packages/prometheus-fail2ban-exporter/default.nix Normal file
View File

@@ -0,0 +1,31 @@
{ pkgs, ... }:
# AUTO-UPDATE: nix-update --flake prometheus-fail2ban-exporter
pkgs.buildGoModule rec {
pname = "prometheus-fail2ban-exporter";
version = "0.10.3";
src = pkgs.fetchFromGitLab {
owner = "hctrdev";
repo = "fail2ban-prometheus-exporter";
rev = "v${version}";
hash = "sha256-CyYGY6SovnvgExB22G+LEKRDRzbDZWhWUjctJMkprYs=";
};
vendorHash = "sha256-ogdRXbS1EG402qlnj5SfuI/1P/Pi0+xwJrJsc6vwdds=";
env.CGO_ENABLED = 0;
ldflags = [
"-s"
"-w"
"-X main.version=${version}"
"-X main.commit=${version}"
"-X main.date=1970-01-01T00:00:00Z"
"-X main.builtBy=NixOS"
];
installPhase = ''
mkdir -p $out/bin
cp -r "$GOPATH/bin/fail2ban-prometheus-exporter" $out/bin/prometheus-fail2ban-exporter
'';
}

51
packages/prometheus-podman-exporter/default.nix Normal file
View File

@@ -0,0 +1,51 @@
{ pkgs, ... }:
# AUTO-UPDATE: nix-update --flake prometheus-podman-exporter
pkgs.buildGoModule rec {
pname = "prometheus-podman-exporter";
version = "1.15.0";
src = pkgs.fetchFromGitHub {
owner = "containers";
repo = "prometheus-podman-exporter";
rev = "v${version}";
hash = "sha256-eXuLiJx0WsPlPAN5ZwQIp89thXiNS6AGE9p3aqjD+K8=";
};
vendorHash = null;
nativeBuildInputs = with pkgs; [
makeWrapper
pkg-config
];
buildInputs = with pkgs; [
btrfs-progs
gpgme
];
tags = [
"containers_image_openpgp"
"remote"
];
ldflags = [
"-s"
"-w"
"-X github.com/containers/prometheus-podman-exporter/cmd.buildVersion=${version}"
"-X github.com/containers/prometheus-podman-exporter/cmd.buildRevision=${builtins.head (pkgs.lib.strings.splitString "." version)}"
"-X github.com/containers/prometheus-podman-exporter/cmd.buildBranch=HEAD"
];
# Don't run tests because they require a running podman daemon
doCheck = false;
postInstall = ''
wrapProgram $out/bin/prometheus-podman-exporter \
--run '
: "''${CONTAINER_HOST:=}"
if [ -z "$CONTAINER_HOST" ]; then
export CONTAINER_HOST=$([ "$UID" -eq 0 ] && echo "unix:///run/podman/podman.sock" || echo "unix://''${XDG_RUNTIME_DIR:-/run/user/$UID}/podman/podman.sock")
fi
'
'';
}