sam/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add restic-exporter to prometheus metrics

Browse source
This commit is contained in:
Sam 2025-01-31 21:17:49 +00:00
parent c73aa9933a
commit 37c50ce7b5
2 changed files with 46 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
flake.lock generated
View file

@ -539,11 +539,11 @@
}, },
"nix-secrets": { "nix-secrets": {
"locked": { "locked": {
"lastModified": 1737899664, "lastModified": 1738356588,
"narHash": "sha256-iZpzTSERNQ5UvFfEzrBLuEmcRUGjBSal7ShtXurYq8Q=", "narHash": "sha256-mb3P2bNaZuCz1is4NR05r2xm66n6ABQAkYLP5U5/eCY=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "a9844a78dcbdc8a84679835112970d80822b113c", "rev": "3ae59d3cfe419e10087da719129cca5c01b8cbcd",
"revCount": 257, "revCount": 267,
"type": "git", "type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
}, },

43
hosts/common/optional/nixos-containers/metrics-server.nix
View file

@ -2,6 +2,7 @@
pkgs, pkgs,
lib, lib,
configVars, configVars,
inputs,
... ...
}: let }: let
containerName = "metrics-server"; containerName = "metrics-server";
@ -15,6 +16,7 @@
bitcoinNode = configVars.networking.addresses.bitcoin-node.ip; bitcoinNode = configVars.networking.addresses.bitcoin-node.ip;
postres = configVars.networking.addresses.postgres.ip; postres = configVars.networking.addresses.postgres.ip;
backupServer = configVars.networking.addresses.backup-server.ip; backupServer = configVars.networking.addresses.backup-server.ip;
sops-nix = inputs.sops-nix;
http_endpoints = configVars.metrics-server.blackbox.http_endpoints; http_endpoints = configVars.metrics-server.blackbox.http_endpoints;
@ -52,6 +54,10 @@ in {
hostPath = metricsServerContainerData; hostPath = metricsServerContainerData;
isReadOnly = false; isReadOnly = false;
}; };
"/etc/ssh/ssh_host_ed25519_key" = {
hostPath = "/etc/ssh/ssh_host_ed25519_key";
isReadOnly = true;
};
}; };
config = { config = {
@ -59,7 +65,10 @@ in {
lib, lib,
config, config,
... ...
}: { }: let
secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml";
in {
networking = { networking = {
defaultGateway = "${gatewayIp}"; defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [ interfaces.eth0.ipv4.addresses = [
@ -79,9 +88,23 @@ in {
useHostResolvConf = lib.mkForce false; useHostResolvConf = lib.mkForce false;
}; };
sops = {
defaultSopsFile = "${secretsFile}";
validateSopsFiles = false;
age = {
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
};
secrets = {
"software/restic-passphrase" = {};
"software/restic-exporter-credentials" = {};
};
};
services.resolved.enable = true; services.resolved.enable = true;
imports = [ imports = [
sops-nix.nixosModules.sops
]; ];
environment.systemPackages = [ environment.systemPackages = [
@ -110,6 +133,16 @@ in {
} }
]; ];
} }
{
job_name = "restic-exporter";
static_configs = [
{
targets = [
"0.0.0.0:8001"
];
}
];
}
{ {
job_name = "blackbox"; job_name = "blackbox";
@ -175,6 +208,14 @@ in {
enabledCollectors = ["systemd"]; enabledCollectors = ["systemd"];
port = 9002; port = 9002;
}; };
restic = {
enable = true;
repository = "";
environmentFile = config.sops.secrets."software/restic-exporter-credentials".path;
passwordFile = config.sops.secrets."software/restic-passphrase".path;
refreshInterval = 10800; # refresh every 3 hours
port = 8001;
};
}; };
}; };