diff --git a/.agenix_config.nix b/.agenix_config.nix
index 3452bf2..5519a5c 100644
Binary files a/.agenix_config.nix and b/.agenix_config.nix differ
diff --git a/flake.nix b/flake.nix
index 23b9659..1d2a6d3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -133,6 +133,7 @@
usersPath = ./users;
hostsPath = ./hosts;
packagesPath = ./packages;
+ sharedPath = ./shared;
} // specialArgs;
modules =
diff --git a/hosts/istal/services/prometheus.nix b/hosts/istal/services/prometheus.nix
index ad19ba3..fe5bab9 100644
--- a/hosts/istal/services/prometheus.nix
+++ b/hosts/istal/services/prometheus.nix
@@ -1,17 +1,5 @@
-{ config, ... }:
+{ sharedPath, ... }:
{
- services.prometheus.exporters.node = {
- enable = true;
- port = 40000;
- # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix
- enabledCollectors = [ "systemd" ];
- # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help
- extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ];
- };
-
- networking.firewall.allowedTCPPorts = [
- config.services.prometheus.exporters.node.port
- ];
-
+ imports = [ (sharedPath + "/prometheus/node.nix") ];
}
diff --git a/hosts/tatos/services/prometheus.nix b/hosts/tatos/services/prometheus.nix
index 7bcceaa..9a5653a 100644
--- a/hosts/tatos/services/prometheus.nix
+++ b/hosts/tatos/services/prometheus.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, sharedPath, ... }:
let
nodeExporterPort = 40000;
@@ -10,26 +10,14 @@ let
};
in
{
+ imports = [ (sharedPath + "/prometheus/node.nix") ];
+
age.secrets.prometheus-basicauth-password = {
file = ./prometheus-basicauth-password.age;
owner = "prometheus";
group = "prometheus";
};
- services.prometheus.exporters.node = {
- enable = true;
- port = nodeExporterPort;
- # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix
- enabledCollectors = [ "systemd" ];
- # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help
- extraFlags = [
- "--collector.ethtool"
- "--collector.softirqs"
- "--collector.tcpstat"
- "--collector.wifi"
- ];
- };
-
# https://wiki.nixos.org/wiki/Prometheus
# https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters-configuration
# https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix
@@ -41,6 +29,7 @@ in
scrapeConfigs = [
{
job_name = "node_dev";
+ inherit basic_auth;
static_configs = [
{
targets = [
diff --git a/shared/prometheus/nginx.nix b/shared/prometheus/nginx.nix
new file mode 100644
index 0000000..86c0cab
--- /dev/null
+++ b/shared/prometheus/nginx.nix
@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+ imports = [ ./web-config.nix ];
+
+ services.prometheus.exporters.nginx = {
+ enable = true;
+ port = 40001;
+ sslVerify = true;
+ openFirewall = true;
+ };
+
+ services.nginx.statusPage = true;
+
+}
diff --git a/shared/prometheus/node.nix b/shared/prometheus/node.nix
new file mode 100644
index 0000000..0216c03
--- /dev/null
+++ b/shared/prometheus/node.nix
@@ -0,0 +1,18 @@
+{ ... }:
+
+{
+ imports = [ ./web-config.nix ];
+
+ services.prometheus.exporters.node = {
+ enable = true;
+ port = 40000;
+ openFirewall = true;
+ enabledCollectors = [ "systemd" ];
+ extraFlags = [
+ "--collector.ethtool"
+ "--collector.softirqs"
+ "--collector.tcpstat"
+ "--collector.wifi"
+ ];
+ };
+}
diff --git a/shared/prometheus/web-config.nix b/shared/prometheus/web-config.nix
new file mode 100644
index 0000000..fd90291
--- /dev/null
+++ b/shared/prometheus/web-config.nix
@@ -0,0 +1,17 @@
+{ config, lib, ... }:
+
+let
+ webConfigFileFlag = "--web.config.file=${config.age.secrets.prometheus-web-config.path}";
+ extraFlags = lib.mkAfter [webConfigFileFlag];
+in
+{
+ age.secrets.prometheus-web-config = {
+ file = ./web-config.yml.age;
+ mode = "444";
+ };
+
+ services.prometheus.exporters = {
+ node = { inherit extraFlags; };
+ nginx = { inherit extraFlags; };
+ };
+}
diff --git a/shared/prometheus/web-config.yml.age b/shared/prometheus/web-config.yml.age
new file mode 100644
index 0000000..1c51a12
Binary files /dev/null and b/shared/prometheus/web-config.yml.age differ