66 lines
1.9 KiB
Nix
66 lines
1.9 KiB
Nix
{ inputs, system, ... }:
|
|
let
|
|
selfPkgs = inputs.self.packages.${system};
|
|
in
|
|
{
|
|
boot.kernelParams = [ "psi=1" ];
|
|
|
|
networking.firewall.interfaces.wg0.allowedTCPPorts = [
|
|
9100
|
|
9882
|
|
9191
|
|
];
|
|
|
|
virtualisation.quadlet.containers = {
|
|
prometheus-node-exporter.containerConfig = {
|
|
image = "docker-archive:${selfPkgs.docker-prometheus-node-exporter}";
|
|
# Allow collecting host metrics, port :9100 by default
|
|
networks = [ "host" ];
|
|
podmanArgs = [
|
|
"--pid"
|
|
"host"
|
|
];
|
|
volumes = [
|
|
"/:/host:ro,rslave"
|
|
"/run/udev:/run/udev:ro"
|
|
"/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro"
|
|
"/etc/static/os-release:/host/etc/os-release:ro"
|
|
];
|
|
exec = [
|
|
"--log.level=warn"
|
|
"--path.rootfs=/host"
|
|
"--no-collector.arp"
|
|
"--no-collector.bonding"
|
|
"--no-collector.edac"
|
|
"--no-collector.fibrechannel"
|
|
"--no-collector.infiniband"
|
|
"--no-collector.ipvs"
|
|
"--no-collector.mdadm"
|
|
"--no-collector.nfs"
|
|
"--no-collector.nfsd"
|
|
"--no-collector.selinux"
|
|
"--no-collector.xfs"
|
|
"--no-collector.zfs"
|
|
"--collector.cpu_vulnerabilities"
|
|
"--collector.drm"
|
|
"--collector.ethtool"
|
|
"--collector.processes"
|
|
"--collector.systemd"
|
|
];
|
|
};
|
|
|
|
prometheus-podman-exporter.containerConfig = {
|
|
image = "docker-archive:${selfPkgs.docker-prometheus-podman-exporter}";
|
|
publishPorts = [ "9882:9882" ];
|
|
volumes = [ "/run/podman/podman.sock:/run/podman/podman.sock:ro" ];
|
|
exec = [ "--collector.enable-all" ];
|
|
};
|
|
|
|
prometheus-fail2ban-exporter.containerConfig = {
|
|
image = "docker-archive:${selfPkgs.docker-prometheus-fail2ban-exporter}";
|
|
publishPorts = [ "9191:9191" ];
|
|
volumes = [ "/run/fail2ban/fail2ban.sock:/var/run/fail2ban/fail2ban.sock:ro" ];
|
|
};
|
|
};
|
|
}
|