karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cleanup

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-06-25 23:03:12 +01:00
parent b9d57d2d58
commit aca10fdc66
12 changed files with 420 additions and 425 deletions
Download Patch File Download Diff File Expand all files Collapse all files

434
hosts/jupiter/users/storm/configs/console/podman/prometheus/default.nix
View File

@@ -14,11 +14,11 @@ let
selfPkgs = inputs.self.packages.${system};
hmConfig = config.home-manager.users.${user};
jupiterVpsConfig = inputs.self.nixosConfigurations.jupiter-vps.config;
inherit (hmConfig.virtualisation.quadlet) volumes containers networks;
in
{
boot.kernelParams = [ "psi=1" ];
# TODO: Secure with unix sockets
# The below containers all need to run as root to collect host metrics.
virtualisation.quadlet.containers = {
prometheus-node-exporter.containerConfig = {
@@ -78,233 +78,237 @@ in
};
};
home-manager.users.${user} = {
virtualisation.quadlet = {
networks = {
prometheus.networkConfig.internal = true;
prometheus-ext = { };
};
volumes = {
prometheus-data = { };
prometheus-config = { };
};
containers = {
prometheus-node-exporter.containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus-node-exporter}";
networks = [ networks.prometheus.ref ];
volumes =
let
uid = builtins.toString config.users.users.${user}.uid;
in
[ "/run/user/${uid}/bus:/var/run/dbus/system_bus_socket:ro" ];
exec = [
"--log.level=warn"
"--path.rootfs=/host"
"--collector.disable-defaults"
"--collector.systemd"
];
home-manager.users.${user} =
let
inherit (hmConfig.virtualisation.quadlet) volumes containers networks;
in
{
virtualisation.quadlet = {
networks = {
prometheus.networkConfig.internal = true;
prometheus-ext = { };
};
prometheus-podman-exporter.containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus-podman-exporter}";
networks = [ networks.prometheus.ref ];
volumes =
let
uid = builtins.toString config.users.users.${user}.uid;
in
[ "/run/user/${uid}/podman/podman.sock:/run/podman/podman.sock:ro" ];
exec = [ "--collector.enable-all" ];
volumes = {
prometheus-data = { };
prometheus-config = { };
};
prometheus-init =
let
prometheusConfig = (pkgs.formats.yaml { }).generate "prometheus.yaml" {
global.scrape_interval = "15s";
scrape_configs =
let
hostname = config.networking.hostName;
jupiterVpsHostname = jupiterVpsConfig.networking.hostName;
in
[
{
job_name = "${hostname}-node-exporter";
static_configs = [
{
targets = [ "host.containers.internal:9100" ];
labels = {
app = "node-exporter";
user = "root";
inherit hostname;
};
}
{
targets = [ "prometheus-node-exporter:9100" ];
labels = {
app = "node-exporter";
inherit user hostname;
};
}
];
}
{
job_name = "${hostname}-podman-exporter";
static_configs = [
{
targets = [ "host.containers.internal:9882" ];
labels = {
app = "podman-exporter";
user = "root";
inherit hostname;
};
}
{
targets = [ "prometheus-podman-exporter:9882" ];
labels = {
app = "podman-exporter";
inherit user hostname;
};
}
];
}
{
job_name = "${hostname}-fail2ban-exporter";
static_configs = [
{
targets = [ "host.containers.internal:9191" ];
labels = {
app = "fail2ban-exporter";
user = "root";
inherit hostname;
};
}
];
}
{
job_name = "${hostname}-smartctl-exporter";
static_configs = [
{
targets = [ "host.containers.internal:9633" ];
labels = {
app = "smartctl-exporter";
user = "root";
inherit hostname;
};
}
];
}
{
job_name = "${jupiterVpsHostname}-node-exporter";
static_configs = [
{
targets = [ "10.0.0.1:9100" ];
labels = {
app = "node-exporter";
user = "root";
hostname = jupiterVpsHostname;
};
}
];
}
{
job_name = "${jupiterVpsHostname}-podman-exporter";
static_configs = [
{
targets = [ "10.0.0.1:9882" ];
labels = {
app = "podman-exporter";
user = "root";
hostname = jupiterVpsHostname;
};
}
];
}
{
job_name = "${jupiterVpsHostname}-fail2ban-exporter";
static_configs = [
{
targets = [ "10.0.0.1:9191" ];
labels = {
app = "fail2ban-exporter";
user = "root";
hostname = jupiterVpsHostname;
};
}
];
}
];
};
in
{
containerConfig = {
image = "docker-archive:${selfPkgs.docker-yq}";
volumes = [
"${volumes.prometheus-config.ref}:/etc/prometheus"
"${prometheusConfig}:/etc/prometheus/conf.d/prometheus.yaml"
];
entrypoint = "/bin/bash";
exec = [
"-c"
"yq eval-all '. as $item ireduce ({}; . *+ $item)' /etc/prometheus/conf.d/*.yaml > /etc/prometheus/prometheus.yaml"
];
};
serviceConfig = {
Type = "oneshot";
Restart = "on-failure";
};
};
prometheus = {
containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus}";
volumes = [
"${volumes.prometheus-config.ref}:/etc/prometheus"
"${volumes.prometheus-data.ref}:/var/lib/prometheus"
];
networks = [
networks.grafana.ref
networks.prometheus.ref
# Access to root exporters
networks.prometheus-ext.ref
];
containers = {
prometheus-node-exporter.containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus-node-exporter}";
networks = [ networks.prometheus.ref ];
volumes =
let
uid = builtins.toString config.users.users.${user}.uid;
in
[ "/run/user/${uid}/bus:/var/run/dbus/system_bus_socket:ro" ];
exec = [
"--log.level=warn"
"--config.file=/etc/prometheus/prometheus.yaml"
"--storage.tsdb.path=/var/lib/prometheus"
"--storage.tsdb.retention.time=1y"
"--path.rootfs=/host"
"--collector.disable-defaults"
"--collector.systemd"
];
};
unitConfig.After = [ "${containers.prometheus-init._serviceName}.service" ];
};
prometheus-podman-exporter.containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus-podman-exporter}";
networks = [ networks.prometheus.ref ];
volumes =
let
uid = builtins.toString config.users.users.${user}.uid;
in
[ "/run/user/${uid}/podman/podman.sock:/run/podman/podman.sock:ro" ];
exec = [ "--collector.enable-all" ];
};
grafana.containerConfig.volumes =
let
datasource = (pkgs.formats.yaml { }).generate "prometheus.yaml" {
apiVersion = 1;
prometheus-init =
let
prometheusConfig = (pkgs.formats.yaml { }).generate "prometheus.yaml" {
global.scrape_interval = "15s";
datasources = [
{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://prometheus:9090";
uid = "prometheus";
jsonData = {
httpMethod = "POST";
manageAlerts = true;
prometheusType = "Prometheus";
prometheusVersion = lib.strings.getVersion pkgs.prometheus;
};
}
scrape_configs =
let
hostname = config.networking.hostName;
jupiterVpsHostname = jupiterVpsConfig.networking.hostName;
in
[
{
job_name = "${hostname}-node-exporter";
static_configs = [
{
targets = [ "host.containers.internal:9100" ];
labels = {
app = "node-exporter";
user = "root";
inherit hostname;
};
}
{
targets = [ "prometheus-node-exporter:9100" ];
labels = {
app = "node-exporter";
inherit user hostname;
};
}
];
}
{
job_name = "${hostname}-podman-exporter";
static_configs = [
{
targets = [ "host.containers.internal:9882" ];
labels = {
app = "podman-exporter";
user = "root";
inherit hostname;
};
}
{
targets = [ "prometheus-podman-exporter:9882" ];
labels = {
app = "podman-exporter";
inherit user hostname;
};
}
];
}
{
job_name = "${hostname}-fail2ban-exporter";
static_configs = [
{
targets = [ "host.containers.internal:9191" ];
labels = {
app = "fail2ban-exporter";
user = "root";
inherit hostname;
};
}
];
}
{
job_name = "${hostname}-smartctl-exporter";
static_configs = [
{
targets = [ "host.containers.internal:9633" ];
labels = {
app = "smartctl-exporter";
user = "root";
inherit hostname;
};
}
];
}
{
job_name = "${jupiterVpsHostname}-node-exporter";
static_configs = [
{
targets = [ "10.0.0.1:9100" ];
labels = {
app = "node-exporter";
user = "root";
hostname = jupiterVpsHostname;
};
}
];
}
{
job_name = "${jupiterVpsHostname}-podman-exporter";
static_configs = [
{
targets = [ "10.0.0.1:9882" ];
labels = {
app = "podman-exporter";
user = "root";
hostname = jupiterVpsHostname;
};
}
];
}
{
job_name = "${jupiterVpsHostname}-fail2ban-exporter";
static_configs = [
{
targets = [ "10.0.0.1:9191" ];
labels = {
app = "fail2ban-exporter";
user = "root";
hostname = jupiterVpsHostname;
};
}
];
}
];
};
in
{
containerConfig = {
image = "docker-archive:${selfPkgs.docker-yq}";
volumes = [
"${volumes.prometheus-config.ref}:/etc/prometheus"
"${prometheusConfig}:/etc/prometheus/conf.d/prometheus.yaml"
];
entrypoint = "/bin/bash";
exec = [
"-c"
"yq eval-all '. as $item ireduce ({}; . *+ $item)' /etc/prometheus/conf.d/*.yaml > /etc/prometheus/prometheus.yaml"
];
};
serviceConfig = {
Type = "oneshot";
Restart = "on-failure";
};
};
prometheus = {
containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus}";
volumes = [
"${volumes.prometheus-config.ref}:/etc/prometheus"
"${volumes.prometheus-data.ref}:/var/lib/prometheus"
];
networks = [
networks.grafana.ref
networks.prometheus.ref
# Access to root exporters
networks.prometheus-ext.ref
];
exec = [
"--log.level=warn"
"--config.file=/etc/prometheus/prometheus.yaml"
"--storage.tsdb.path=/var/lib/prometheus"
"--storage.tsdb.retention.time=1y"
];
};
in
[ "${datasource}:/etc/grafana/conf/provisioning/datasources/prometheus.yaml" ];
unitConfig.After = [ "${containers.prometheus-init._serviceName}.service" ];
};
grafana.containerConfig.volumes =
let
datasource = (pkgs.formats.yaml { }).generate "prometheus.yaml" {
apiVersion = 1;
datasources = [
{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://prometheus:9090";
uid = "prometheus";
jsonData = {
httpMethod = "POST";
manageAlerts = true;
prometheusType = "Prometheus";
prometheusVersion = lib.strings.getVersion pkgs.prometheus;
};
}
];
};
in
[ "${datasource}:/etc/grafana/conf/provisioning/datasources/prometheus.yaml" ];
};
};
};
};
}