From b93608a8fa590204c4e868ffa7dddc3ee80daa7a Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 6 Jun 2024 12:52:55 +0200 Subject: [PATCH] metronom: add promtail, prometheus node-exporter configure wireguard to push logs to and scrape metrics from flora-6 open firewall for node-exporter port on wg-ssh interface --- hosts/default.nix | 2 ++ hosts/flora-6/wireguard.nix | 10 ++++++++++ modules/prometheus-exporters/default.nix | 3 +++ modules/prometheus/default.nix | 6 ++++++ 4 files changed, 21 insertions(+) diff --git a/hosts/default.nix b/hosts/default.nix index 378e990c..f0a54d7e 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -68,6 +68,8 @@ self.nixosModules.unlock-zfs-on-boot self.nixosModules.core self.nixosModules.mail + self.nixosModules.prometheus-exporters + self.nixosModules.promtail self.inputs.simple-nixos-mailserver.nixosModule ]; diff --git a/hosts/flora-6/wireguard.nix b/hosts/flora-6/wireguard.nix index c5bcd64d..f37f8980 100644 --- a/hosts/flora-6/wireguard.nix +++ b/hosts/flora-6/wireguard.nix @@ -28,6 +28,16 @@ "fd00:fae:fae:fae:fae:1::/96" ]; } + { + # metronom.pub.solar + endpoint = "49.13.236.167:51820"; + publicKey = "zOSYGO7MfnOOUnzaTcWiKRQM0qqxR3JQrwx/gtEtHmo="; + allowedIPs = [ + "10.7.6.3/32" + "fd00:fae:fae:fae:fae:3::/96" + ]; + persistentKeepalive = 15; + } ]; }; }; diff --git a/modules/prometheus-exporters/default.nix b/modules/prometheus-exporters/default.nix index 996a7717..1c9a474c 100644 --- a/modules/prometheus-exporters/default.nix +++ b/modules/prometheus-exporters/default.nix @@ -1,5 +1,8 @@ { config, ... }: { + # Only expose prometheus exporter port via wireguard interface + networking.firewall.interfaces.wg-ssh.allowedTCPPorts = [ 9002 ]; + services.prometheus = { exporters = { node = { diff --git a/modules/prometheus/default.nix b/modules/prometheus/default.nix index 564d6506..62a37958 100644 --- a/modules/prometheus/default.nix +++ b/modules/prometheus/default.nix @@ -53,6 +53,12 @@ instance = "nachtigall"; }; } + { + targets = [ "metronom.wg.${config.pub-solar-os.networking.domain}:${toString config.services.prometheus.exporters.node.port}" ]; + labels = { + instance = "metronom"; + }; + } ]; } {