{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.clerie.monitoring;
monitoring-network-base = "fd00:327:327:327::";
in
{
options = {
clerie.monitoring = {
enable = mkEnableOption "clerie's Monitoring";
id = mkOption {
type = types.str;
description = "ID of the Monitoring Interface (it is actually a part of an ip address)";
};
pubkey = mkOption {
type = types.str;
description = "Public Key of the monitoring wireguard interface of this host";
};
bird = mkEnableOption "Monitor bird";
blackbox = mkEnableOption "Monitor blackbox";
};
};
config = mkIf cfg.enable {
networking.wireguard.enable = true;
networking.wireguard.interfaces = {
wg-monitoring = {
ips = [ "${monitoring-network-base}${cfg.id}/64" ];
peers = [
{
endpoint = "[2001:638:904:ffca::7]:54523";
persistentKeepalive = 25;
allowedIPs = [ "${monitoring-network-base}/64" ];
publicKey = "eyhJKV41E1F0gZHBNqyzUnj72xg5f3bdDduVtpPN4AY=";
}
];
privateKeyFile = "/var/src/secrets/wireguard/wg-monitoring";
};
};
services.prometheus.exporters.node = {
enable = true;
#listenAddress = "${monitoring-network-base}${cfg.id}";
openFirewall = true;
firewallFilter = "-i wg-monitoring -p tcp -m tcp --dport 9100";
};
services.prometheus.exporters.bird = mkIf cfg.bird {
enable = true;
openFirewall = true;
firewallFilter = "-i wg-monitoring -p tcp -m tcp --dport 9324";
};
services.prometheus.exporters.blackbox = mkIf cfg.blackbox {
enable = true;
openFirewall = true;
firewallFilter = "-i wg-monitoring -p tcp -m tcp --dport 9115";
configFile = pkgs.writeText "blackbox.yml" ''
modules:
icmp6:
prober: icmp
icmp:
preferred_ip_protocol: ip6
ip_protocol_fallback: false
icmp4:
prober: icmp
icmp:
preferred_ip_protocol: ip4
ip_protocol_fallback: false
'';
};
};
}