forked from pub-solar/infra
feat(prometheus): add node-exporter to nachtigall,
protect endpoint https://nachtigall.pub.solar/metrics with TLS and basic auth
This commit is contained in:
parent
fdda65eea9
commit
d5b59ea18a
|
@ -25,6 +25,21 @@
|
|||
};
|
||||
}];
|
||||
}
|
||||
{
|
||||
job_name = "https-targets";
|
||||
scheme = "https";
|
||||
metrics_path = "/metrics";
|
||||
basic_auth = {
|
||||
username = "hakkonaut";
|
||||
password_file = "${config.age.secrets.nachtigall-metrics-prometheus-basic-auth-password.path}";
|
||||
};
|
||||
static_configs = [{
|
||||
targets = [ "nachtigall.pub.solar" ];
|
||||
labels = {
|
||||
instance = "nachtigall";
|
||||
};
|
||||
}];
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
19
hosts/nachtigall/apps/nginx-prometheus-exporters.nix
Normal file
19
hosts/nachtigall/apps/nginx-prometheus-exporters.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{ config, flake, ... }:
|
||||
|
||||
{
|
||||
age.secrets.nachtigall-metrics-basic-auth = {
|
||||
file = "${flake.self}/secrets/nachtigall-metrics-basic-auth.age";
|
||||
mode = "600";
|
||||
owner = "nginx";
|
||||
};
|
||||
services.nginx.virtualHosts = {
|
||||
"nachtigall.pub.solar" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
basicAuthFile = "${config.age.secrets.nachtigall-metrics-nginx-basic-auth.path}";
|
||||
locations."/metrics" = {
|
||||
proxyPass = "http://127.0.0.1:${toString(config.services.prometheus.exporters.node.port)}";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
14
hosts/nachtigall/apps/prometheus-exporters.nix
Normal file
14
hosts/nachtigall/apps/prometheus-exporters.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
services.prometheus = {
|
||||
exporters = {
|
||||
node = {
|
||||
enable = true;
|
||||
enabledCollectors = [ "systemd" ];
|
||||
port = 9002;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -21,9 +21,11 @@
|
|||
./apps/owncast.nix
|
||||
./apps/nginx-mastodon.nix
|
||||
./apps/nginx-mastodon-files.nix
|
||||
./apps/nginx-prometheus-exporters.nix
|
||||
./apps/nginx-website.nix
|
||||
./apps/opensearch.nix
|
||||
./apps/postgresql.nix
|
||||
./apps/prometheus-exporters.nix
|
||||
./apps/searx.nix
|
||||
|
||||
./apps/matrix/mautrix-telegram.nix
|
||||
|
|
31
secrets/nachtigall-metrics-basic-auth.age
Normal file
31
secrets/nachtigall-metrics-basic-auth.age
Normal file
|
@ -0,0 +1,31 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 Y0ZZaw FWuk2kYGB+GfoY3rWfeCosoBOLvUHrH7SR8Fv18o+XI
|
||||
YyOTULtyOJ3vfAOnYSMzeCCyipJ4Fqrr3PJgRtbElJg
|
||||
-> ssh-ed25519 iDKjwg Bq6lNuS5MOhsU/7ypHw/E70BktIA+SmN6e3pvrIqRBQ
|
||||
Xo0OOUXfOkPQfArhqSJyiAkH5lxcJIAO7M5krkCZNfc
|
||||
-> ssh-ed25519 uYcDNw EfB1B4CSNk8Oe5B7T+KSl9O5OsCrulaLOjR3PBtxpSk
|
||||
xJxkmBSENc5JosdRiEAC3a41WI6TmTlTxm+lclup+g4
|
||||
-> ssh-rsa kFDS0A
|
||||
dYH3A43wClFnDQp8m3ZnhTK5d8LeG6ZkqDQ5dS1yB//4G5TaUnMqOp5Q2G1gbgXY
|
||||
Zu9qYOHdUydn5HIRSwBXj/KbBm5xJ1zFImOszn7S5mk4iReHFyTnSzAi4utatQcY
|
||||
DEjGnvKKRoc7ih08+F44kq6DYnhUBFqF8eigQZIsyeWpiW6C1FzasL0KnXoedPG2
|
||||
AYJForNB8zKp7a2Evxi0MY7a+ldHAekktz1Fta2u9MvrWUtqP/yLqJhCwCNvos7J
|
||||
kG+XO4j0kiOQCIO9TOeLAu59+VCVM64mY+dp+xc8tX0fWuu7ItSAh6jRHzfgSKjC
|
||||
qDJc/1YpUG1EnYSH39mfVox3ndeMuVrG6Q1h509jZuxsw/zoDsbY3bbhTaUQ3X8Y
|
||||
5ShCponnEGBLqeSm1gALCAnlgu8IS4gL6ePKuAhN0qMYj6iiXP/Ugp3lTcv1TvFD
|
||||
KINnV/tas1CO3PApQm6JgijHEPT9zyUbqR/xN06+OCWbg4hHuEix+0OhM1T5w2xC
|
||||
KvKF30iUK0tU2hZvKdku2MpbP4N0cQLqBEWiyrUKHRMCdXi3kyO5D84UdWXvETAt
|
||||
BfEvZ8ZG5fiSXzbPLxVqObXFZUirLuWomWtstqkDuadL9xJkTcsbr8ZCCNpPhxdL
|
||||
oOfao+tox3RBilAS3AfQVhrPvD2rVUptm+0nPtnO3rY
|
||||
-> ssh-ed25519 YFSOsg T2OdtA0kY4DqDIxE1QxMV5aCygvKlI5LgXQ+QYYuOko
|
||||
l0Kzo02jGISCT1zrGf5soXYj7FMVrN/9REF3Zscbmik
|
||||
-> ssh-ed25519 iHV63A 75daRGD2TQ/mXRsckaH9sGGkHMkLxgHFhn0eDdkDsU8
|
||||
TXeoLqfU0ywQucPayYoG43Gr56uZoYIWaK9F2YJJ0FM
|
||||
-> ssh-ed25519 BVsyTA J/xNtG1CAzfoiKPsnWwDp4pId7d3MywXpfhKAmpze3I
|
||||
8uMO07Se/6krP79flt+XZfjIsw12kWsoD6LqZyLG70M
|
||||
-> B-grease y3$t@ ; Bs *w
|
||||
dUrvWB09znCDyvO7RnduMguc9pWTn19q1fc0MHFUXk7WQWns+4kpJIX1qljB5hz/
|
||||
NPAbNzwMDQKj6awHAth1iFLaEw
|
||||
--- rI4jrrXCiUpV/EzGsla+lxONmL5/Eel/LODoIM80jcM
|
||||
˜_°0àÆ7Jˆq•[÷ç<>è'/ù‘õŽi„Ü<E2809E>Òl°mÙ
|
||||
ÌÂ!JPþ¼>œ…wk¡ž·³¤+ é™)ÚÈPhUÜóç²O=>k=?ÂTÐ
|
|
@ -66,4 +66,6 @@ in {
|
|||
"grafana-admin-password.age".publicKeys = flora6Keys ++ baseKeys;
|
||||
"grafana-keycloak-client-secret.age".publicKeys = flora6Keys ++ baseKeys;
|
||||
"grafana-smtp-password.age".publicKeys = flora6Keys ++ baseKeys;
|
||||
|
||||
"nachtigall-metrics-basic-auth.age".publicKeys = flora6Keys ++ nachtigallKeys ++ baseKeys;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue