Add blackbox-exporter for certificate expiry checks #231
|
@ -28,6 +28,11 @@
|
||||||
group = "grafana";
|
group = "grafana";
|
||||||
user = "grafana";
|
user = "grafana";
|
||||||
};
|
};
|
||||||
|
"grafana-dashboards/blackbox-exporter_rev3.json" = {
|
||||||
|
source = ./grafana-dashboards/blackbox-exporter_rev3.json;
|
||||||
|
group = "grafana";
|
||||||
|
user = "grafana";
|
||||||
|
};
|
||||||
"grafana-dashboards/synapse.json" = {
|
"grafana-dashboards/synapse.json" = {
|
||||||
source = ./grafana-dashboards/synapse.json;
|
source = ./grafana-dashboards/synapse.json;
|
||||||
group = "grafana";
|
group = "grafana";
|
||||||
|
|
1085
modules/grafana/grafana-dashboards/blackbox-exporter_rev3.json
Normal file
1085
modules/grafana/grafana-dashboards/blackbox-exporter_rev3.json
Normal file
File diff suppressed because it is too large
Load diff
|
@ -198,10 +198,10 @@ lib.mapAttrsToList
|
||||||
description = "{{$labels.instance}}: healtcheck {{$labels.job}} fails!";
|
description = "{{$labels.instance}}: healtcheck {{$labels.job}} fails!";
|
||||||
};
|
};
|
||||||
*/
|
*/
|
||||||
#cert_expiry = {
|
cert_expiry = {
|
||||||
# condition = "(probe_ssl_earliest_cert_expiry - time())/(3600*24) < 30";
|
condition = "(probe_ssl_earliest_cert_expiry - time())/(3600*24) < 21";
|
||||||
# description = "{{$labels.instance}}: The TLS certificate will expire in less than 30 days: {{$value}}s";
|
description = "{{$labels.instance}}: The TLS certificate will expire in less than 21 days: {{$value}}s";
|
||||||
#};
|
};
|
||||||
|
|
||||||
# ignore devices that disabled S.M.A.R.T (example if attached via USB)
|
# ignore devices that disabled S.M.A.R.T (example if attached via USB)
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,10 @@
|
||||||
flake,
|
flake,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
|
let
|
||||||
|
# TODO add hosts here
|
||||||
|
blackboxTargets = [ "https://pablo.tools" ];
|
||||||
|
|||||||
|
in
|
||||||
{
|
{
|
||||||
age.secrets.alertmanager-envfile = {
|
age.secrets.alertmanager-envfile = {
|
||||||
file = "${flake.self}/secrets/alertmanager-envfile.age";
|
file = "${flake.self}/secrets/alertmanager-envfile.age";
|
||||||
|
@ -27,6 +31,32 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
port = 9001;
|
port = 9001;
|
||||||
exporters = {
|
exporters = {
|
||||||
|
blackbox = {
|
||||||
|
enable = true;
|
||||||
|
# Default port is 9115
|
||||||
|
openFirewall = false;
|
||||||
|
|
||||||
|
configFile = pkgs.writeTextFile {
|
||||||
|
name = "blackbox-exporter-config";
|
||||||
|
text = ''
|
||||||
|
modules:
|
||||||
|
http_2xx:
|
||||||
|
prober: http
|
||||||
|
timeout: 5s
|
||||||
|
http:
|
||||||
|
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
|
||||||
|
valid_status_codes: [] # Defaults to 2xx
|
||||||
|
method: GET
|
||||||
|
no_follow_redirects: false
|
||||||
|
fail_if_ssl: false
|
||||||
|
fail_if_not_ssl: false
|
||||||
|
tls_config:
|
||||||
|
insecure_skip_verify: false
|
||||||
|
preferred_ip_protocol: "ip4" # defaults to "ip6"
|
||||||
|
ip_protocol_fallback: true # fallback to "ip6"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
node = {
|
node = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enabledCollectors = [ "systemd" ];
|
enabledCollectors = [ "systemd" ];
|
||||||
|
@ -38,6 +68,30 @@
|
||||||
scrape_timeout = "9s";
|
scrape_timeout = "9s";
|
||||||
};
|
};
|
||||||
scrapeConfigs = [
|
scrapeConfigs = [
|
||||||
|
{
|
||||||
|
job_name = "blackbox";
|
||||||
|
scrape_interval = "5m";
|
||||||
|
metrics_path = "/probe";
|
||||||
|
params = {
|
||||||
|
module = [ "http_2xx" ];
|
||||||
|
};
|
||||||
|
static_configs = [ { targets = blackboxTargets; } ];
|
||||||
|
|
||||||
|
relabel_configs = [
|
||||||
|
{
|
||||||
|
source_labels = [ "__address__" ];
|
||||||
|
target_label = "__param_target";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
source_labels = [ "__param_target" ];
|
||||||
|
target_label = "instance";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
target_label = "__address__";
|
||||||
|
replacement = "127.0.0.1:9115"; # The blackbox exporter's real hostname:port.
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
{
|
{
|
||||||
job_name = "node-exporter";
|
job_name = "node-exporter";
|
||||||
static_configs = [
|
static_configs = [
|
||||||
|
|
Loading…
Reference in a new issue
This probably still needs to happen?