From 16354f076b9457d86017f4fbc21d4d974b9c0fd6 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sun, 21 Feb 2021 22:38:36 +0100
Subject: [PATCH] Add module to configure monitoring clients

---
 modules/monitoring/default.nix | 51 ++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 modules/monitoring/default.nix

diff --git a/modules/monitoring/default.nix b/modules/monitoring/default.nix
new file mode 100644
index 0000000..728ecb4
--- /dev/null
+++ b/modules/monitoring/default.nix
@@ -0,0 +1,51 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.clerie.monitoring;
+
+  monitoring-network-base = "fd00:327:327:327::";
+
+in
+
+{
+  options = {
+    clerie.monitoring = {
+      enable = mkEnableOption "clerie's Monitoring";
+      id = mkOption {
+        type = types.str;
+        description = "ID of the Monitoring Interface (it is actually a part of an ip address)";
+      };
+      pubkey = mkOption {
+        type = types.str;
+        description = "Public Key of the monitoring wireguard interface of this host";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    networking.wireguard.enable = true;
+    networking.wireguard.interfaces = {
+      wg-monitoring = {
+        ips = [ "${monitoring-network-base}${cfg.id}/64" ];
+        peers = [
+          {
+            endpoint = "[2001:638:904:ffca::7]:54523";
+            persistentKeepalive = 25;
+            allowedIPs = [ "${monitoring-network-base}/64" ];
+            publicKey = "eyhJKV41E1F0gZHBNqyzUnj72xg5f3bdDduVtpPN4AY=";
+          }
+        ];
+        privateKeyFile = "/var/src/secrets/wireguard/wg-monitoring";
+      };
+    };
+
+    services.prometheus.exporters.node = {
+      enable = true;
+      #listenAddress = "${monitoring-network-base}${cfg.id}";
+      openFirewall = true;
+      firewallFilter = "-i wg-monitoring -p tcp -m tcp --dport 9100";
+    };
+  };
+}