1
0
nixfiles/hosts/monitoring-3/configuration.nix

144 lines
3.7 KiB
Nix

{ config, pkgs, lib, ... }:
with lib;
let
hosts = (import ../../lib/hosts.nix { inherit pkgs; }).hosts;
monitoringHosts = filterAttrs (name: host:
attrByPath ["clerie" "monitoring" "enable"] false host.config)
hosts;
monitoringHostsNames = mapAttrs' (name: host:
nameValuePair "fd00:327:327:327::${host.config.clerie.monitoring.id}" ["${host.config.networking.hostName}.mon.clerie.de"])
monitoringHosts;
monitoringPeers = mapAttrsToList (name: host: {
allowedIPs = [ "fd00:327:327:327::${host.config.clerie.monitoring.id}/128" ];
publicKey = host.config.clerie.monitoring.pubkey;
})
monitoringHosts;
monitoringTargets = mapAttrsToList (name: host:
"${host.config.networking.hostName}.mon.clerie.de:9100")
monitoringHosts;
in {
imports =
[
./hardware-configuration.nix
../../configuration/common
../../configuration/proxmox-vm
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking.hostName = "monitoring-3";
networking.useDHCP = false;
networking.interfaces.ens18.ipv4.addresses = [ { address = "192.168.10.32"; prefixLength = 24; } ];
networking.interfaces.ens19.ipv6.addresses = [ { address = "2001:638:904:ffca::7"; prefixLength = 64; } ];
networking.defaultGateway = { address = "192.168.10.1"; interface = "ens18"; };
networking.defaultGateway6 = { address = "2001:638:904:ffca::1"; interface = "ens19"; };
networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
networking.hosts = {
"fd00:327:327:327::1" = [ "monitoring-3.mon.clerie.de" ];
}
// monitoringHostsNames;
networking.wireguard.enable = true;
networking.wireguard.interfaces = {
wg-monitoring = {
ips = [ "fd00:327:327:327::1/64" ];
listenPort = 54523;
peers = monitoringPeers;
privateKeyFile = "/var/src/secrets/wireguard/wg-monitoring";
};
};
networking.firewall.allowedUDPPorts = [ 54523 ];
services.prometheus.exporters.node.enable = true;
services.prometheus = {
enable = true;
listenAddress = "[::1]";
scrapeConfigs = [
{
job_name = "prometheus";
scrape_interval = "20s";
scheme = "http";
static_configs = [
{
targets = [
"monitoring-3.mon.clerie.de:9090"
];
}
];
}
{
job_name = "node-exporter";
scrape_interval = "60s";
static_configs = [
{
targets = [
"monitoring-3.mon.clerie.de:9100"
]
++ monitoringTargets;
}
];
}
];
};
services.grafana = {
enable = true;
domain = "grafana.monitoring.clerie.de";
rootUrl = "https://grafana.monitoring.clerie.de";
port = 3001;
addr = "::1";
auth.anonymous.enable = true;
provision = {
enable = true;
datasources = [
{
type = "prometheus";
name = "Prometheus";
url = "http://[::1]:9090";
isDefault = true;
}
];
dashboards = [
{
options.path = ./dashboards;
}
];
};
};
services.nginx = {
enable = true;
virtualHosts = {
"prometheus.monitoring.clerie.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://[::1]:9090/";
};
"grafana.monitoring.clerie.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://[::1]:3001/";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
system.stateVersion = "21.03";
}