shared/prometheus: add basic auth for node exporters

This commit is contained in:
Dmitriy Pleshevskiy 2025-02-03 02:35:02 +03:00
parent b2f119d95d
commit 89e8823e63
Signed by: pleshevskiy
GPG key ID: 17041163DA10A9A2
8 changed files with 57 additions and 29 deletions

Binary file not shown.

View file

@ -133,6 +133,7 @@
usersPath = ./users;
hostsPath = ./hosts;
packagesPath = ./packages;
sharedPath = ./shared;
} // specialArgs;
modules =

View file

@ -1,17 +1,5 @@
{ config, ... }:
{ sharedPath, ... }:
{
services.prometheus.exporters.node = {
enable = true;
port = 40000;
# https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix
enabledCollectors = [ "systemd" ];
# /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help
extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ];
};
networking.firewall.allowedTCPPorts = [
config.services.prometheus.exporters.node.port
];
imports = [ (sharedPath + "/prometheus/node.nix") ];
}

View file

@ -1,4 +1,4 @@
{ config, ... }:
{ config, sharedPath, ... }:
let
nodeExporterPort = 40000;
@ -10,26 +10,14 @@ let
};
in
{
imports = [ (sharedPath + "/prometheus/node.nix") ];
age.secrets.prometheus-basicauth-password = {
file = ./prometheus-basicauth-password.age;
owner = "prometheus";
group = "prometheus";
};
services.prometheus.exporters.node = {
enable = true;
port = nodeExporterPort;
# https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix
enabledCollectors = [ "systemd" ];
# /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help
extraFlags = [
"--collector.ethtool"
"--collector.softirqs"
"--collector.tcpstat"
"--collector.wifi"
];
};
# https://wiki.nixos.org/wiki/Prometheus
# https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters-configuration
# https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix
@ -41,6 +29,7 @@ in
scrapeConfigs = [
{
job_name = "node_dev";
inherit basic_auth;
static_configs = [
{
targets = [

View file

@ -0,0 +1,15 @@
{ ... }:
{
imports = [ ./web-config.nix ];
services.prometheus.exporters.nginx = {
enable = true;
port = 40001;
sslVerify = true;
openFirewall = true;
};
services.nginx.statusPage = true;
}

View file

@ -0,0 +1,18 @@
{ ... }:
{
imports = [ ./web-config.nix ];
services.prometheus.exporters.node = {
enable = true;
port = 40000;
openFirewall = true;
enabledCollectors = [ "systemd" ];
extraFlags = [
"--collector.ethtool"
"--collector.softirqs"
"--collector.tcpstat"
"--collector.wifi"
];
};
}

View file

@ -0,0 +1,17 @@
{ config, lib, ... }:
let
webConfigFileFlag = "--web.config.file=${config.age.secrets.prometheus-web-config.path}";
extraFlags = lib.mkAfter [webConfigFileFlag];
in
{
age.secrets.prometheus-web-config = {
file = ./web-config.yml.age;
mode = "444";
};
services.prometheus.exporters = {
node = { inherit extraFlags; };
nginx = { inherit extraFlags; };
};
}

Binary file not shown.