1
0

Compare commits

...

5 Commits

7 changed files with 12496 additions and 0 deletions

View File

@ -38,6 +38,14 @@
services.openssh.challengeResponseAuthentication = false; services.openssh.challengeResponseAuthentication = false;
services.openssh.permitRootLogin = lib.mkDefault "no"; services.openssh.permitRootLogin = lib.mkDefault "no";
services.nginx = {
enableReload = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
security.acme = { security.acme = {
email = "letsencrypt@clerie.de"; email = "letsencrypt@clerie.de";
acceptTerms = true; acceptTerms = true;

View File

@ -0,0 +1,126 @@
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
../../configuration/common
../../configuration/proxmox-vm
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking.hostName = "monitoring-3";
networking.useDHCP = false;
networking.interfaces.ens18.ipv4.addresses = [ { address = "192.168.10.32"; prefixLength = 24; } ];
networking.interfaces.ens19.ipv6.addresses = [ { address = "2001:638:904:ffca::7"; prefixLength = 64; } ];
networking.defaultGateway = { address = "192.168.10.1"; interface = "ens18"; };
networking.defaultGateway6 = { address = "2001:638:904:ffca::1"; interface = "ens19"; };
networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
networking.hosts = {
"fd00:327:327:327::1" = [ "monitoring-3.mon.clerie.de" ];
"fd00:327:327:327::102" = [ "porter.mon.clerie.de" ];
};
networking.wireguard.enable = true;
networking.wireguard.interfaces = {
wg-monitoring = {
ips = [ "fd00:327:327:327::1/64" ];
listenPort = 54523;
peers = [
{
# porter
allowedIPs = [ "fd00:327:327:327::102/128" ];
publicKey = "+mJN+ustPo2ehP0wqajYs3nTdJ0SPuIDyiZQSHFIK3o=";
}
];
privateKeyFile = "/var/src/secrets/wireguard/wg-monitoring";
};
};
networking.firewall.allowedUDPPorts = [ 54523 ];
services.prometheus.exporters.node.enable = true;
services.prometheus = {
enable = true;
listenAddress = "[::1]";
scrapeConfigs = [
{
job_name = "prometheus";
scrape_interval = "20s";
scheme = "http";
static_configs = [
{
targets = [
"monitoring-3.mon.clerie.de:9090"
];
}
];
}
{
job_name = "node-exporter";
scrape_interval = "60s";
static_configs = [
{
targets = [
"monitoring-3.mon.clerie.de:9100"
"porter.mon.clerie.de:9100"
];
}
];
}
];
};
services.grafana = {
enable = true;
domain = "grafana.monitoring.clerie.de";
rootUrl = "https://grafana.monitoring.clerie.de";
port = 3001;
addr = "::1";
auth.anonymous.enable = true;
provision = {
enable = true;
datasources = [
{
type = "prometheus";
name = "Prometheus";
url = "http://[::1]:9090";
isDefault = true;
}
];
dashboards = [
{
options.path = ./dashboards;
}
];
};
};
services.nginx = {
enable = true;
virtualHosts = {
"prometheus.monitoring.clerie.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://[::1]:9090/";
};
"grafana.monitoring.clerie.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://[::1]:3001/";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
system.stateVersion = "21.03";
}

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,23 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/bd639939-ff9a-4ddf-b35c-b19f55e6a12c";
fsType = "ext4";
};
swapDevices = [ ];
}

View File

@ -165,5 +165,11 @@
} }
''; '';
clerie.monitoring = {
enable = true;
id = "102";
pubkey = "";
};
system.stateVersion = "21.03"; system.stateVersion = "21.03";
} }

View File

@ -7,6 +7,7 @@
./gitea ./gitea
./gre-tunnel ./gre-tunnel
./minecraft-server ./minecraft-server
./monitoring
./nginx-port-forward ./nginx-port-forward
]; ];
} }

View File

@ -0,0 +1,51 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.clerie.monitoring;
monitoring-network-base = "fd00:327:327:327::";
in
{
options = {
clerie.monitoring = {
enable = mkEnableOption "clerie's Monitoring";
id = mkOption {
type = types.str;
description = "ID of the Monitoring Interface (it is actually a part of an ip address)";
};
pubkey = mkOption {
type = types.str;
description = "Public Key of the monitoring wireguard interface of this host";
};
};
};
config = mkIf cfg.enable {
networking.wireguard.enable = true;
networking.wireguard.interfaces = {
wg-monitoring = {
ips = [ "${monitoring-network-base}${cfg.id}/64" ];
peers = [
{
endpoint = "[2001:638:904:ffca::7]:54523";
persistentKeepalive = 25;
allowedIPs = [ "${monitoring-network-base}/64" ];
publicKey = "eyhJKV41E1F0gZHBNqyzUnj72xg5f3bdDduVtpPN4AY=";
}
];
privateKeyFile = "/var/src/secrets/wireguard/wg-monitoring";
};
};
services.prometheus.exporters.node = {
enable = true;
#listenAddress = "${monitoring-network-base}${cfg.id}";
openFirewall = true;
firewallFilter = "-i wg-monitoring -p tcp -m tcp --dport 9100";
};
};
}