wiro.world / dotfiles
yep, more dotfiles
fork atom

weird-row-server: add tailscale prometheus exporter

wiro.world 1d5f04f9 b2fd15d1

verified
+41 -15
+14
hosts/weird-row-server/grafana.nix
··· 10 10 11 11 local.ports.prometheus = 9001; 12 12 local.ports.prometheus-node-exporter = 9002; 13 + local.ports.tailscale-exporter = 9005; 13 14 local.ports.caddy-metrics = 2019; 14 15 local.ports.authelia-metrics = 9004; 15 16 local.ports.headscale-metrics = 9003; ··· 22 23 file = secrets/grafana-smtp-password.age; 23 24 owner = "grafana"; 24 25 }; 26 + age.secrets.tailscale-exporter-env.file = secrets/tailscale-exporter-env.age; 25 27 services.grafana = { 26 28 enable = true; 27 29 ··· 86 88 enable = true; 87 89 port = config.local.ports.prometheus-node-exporter.number; 88 90 }; 91 + exporters.tailscale = { 92 + enable = true; 93 + port = config.local.ports.tailscale-exporter.number; 94 + environmentFile = config.age.secrets.tailscale-exporter-env.path; 95 + }; 89 96 90 97 # TODO: move them to their respective modules 91 98 scrapeConfigs = [ ··· 97 104 job_name = "node-exporter"; 98 105 static_configs = [ 99 106 { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; } 107 + 100 108 ]; 101 109 } 102 110 { ··· 106 114 { 107 115 job_name = "authelia"; 108 116 static_configs = [ { targets = [ "localhost:${config.local.ports.authelia-metrics.string}" ]; } ]; 117 + } 118 + { 119 + job_name = "tailscale"; 120 + static_configs = [ 121 + { targets = [ "localhost:${toString config.services.prometheus.exporters.tailscale.port}" ]; } 122 + ]; 109 123 } 110 124 ]; 111 125 };
+18 -15
hosts/weird-row-server/secrets/default.nix
··· 4 4 deploy = servers ++ users; 5 5 in 6 6 { 7 - # Defines `PDS_JWT_SECRET`, `PDS_ADMIN_PASSWORD`, `PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX`, `PDS_EMAIL_SMTP_URL`, `PDS_EMAIL_FROM_ADDRESS`. 8 - "pds-env.age".publicKeys = deploy; 7 + # Defines `TS_AUTHKEY`, `HETZNER_API_TOKEN` 8 + "caddy-env.age".publicKeys = deploy; 9 + "authelia-issuer-private-key.age".publicKeys = deploy; 10 + "authelia-jwt-secret.age".publicKeys = deploy; 11 + "authelia-ldap-password.age".publicKeys = deploy; 12 + "authelia-smtp-password.age".publicKeys = deploy; 13 + "authelia-storage-key.age".publicKeys = deploy; 14 + "grafana-oidc-secret.age".publicKeys = deploy; 15 + "grafana-smtp-password.age".publicKeys = deploy; 16 + "headscale-oidc-secret.age".publicKeys = deploy; 17 + # Defines `HYPIXEL_API_KEY`, `PROFILE_UUID` 18 + "hypixel-bank-tracker-main.age".publicKeys = deploy; 19 + "hypixel-bank-tracker-banana.age".publicKeys = deploy; 9 20 # Defines `LLDAP_JWT_SECRET`, `LLDAP_KEY_SEED`. 10 21 "lldap-env.age".publicKeys = deploy; 11 22 "lldap-user-pass.age".publicKeys = deploy; 12 - "headscale-oidc-secret.age".publicKeys = deploy; 13 - "grafana-oidc-secret.age".publicKeys = deploy; 14 - "grafana-smtp-password.age".publicKeys = deploy; 15 - "authelia-jwt-secret.age".publicKeys = deploy; 16 - "authelia-issuer-private-key.age".publicKeys = deploy; 17 - "authelia-storage-key.age".publicKeys = deploy; 18 - "authelia-ldap-password.age".publicKeys = deploy; 19 - "authelia-smtp-password.age".publicKeys = deploy; 23 + "miniflux-oidc-secret.age".publicKeys = deploy; 24 + # Defines `PDS_JWT_SECRET`, `PDS_ADMIN_PASSWORD`, `PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX`, `PDS_EMAIL_SMTP_URL`, `PDS_EMAIL_FROM_ADDRESS`. 25 + "pds-env.age".publicKeys = deploy; 26 + # Defines `TAILSCALE_TAILNET`, `TAILSCALE_OAUTH_CLIENT_ID`, `TAILSCALE_OAUTH_CLIENT_SECRET`. 27 + "tailscale-exporter-env.age".publicKeys = deploy; 20 28 "tuwunel-registration-tokens.age".publicKeys = deploy; 21 29 # Defines `SMTP_PASSWORD` 22 30 "vaultwarden-env.age".publicKeys = deploy; 23 - "miniflux-oidc-secret.age".publicKeys = deploy; 24 - # Defines `HYPIXEL_API_KEY`, `PROFILE_UUID` 25 - "hypixel-bank-tracker-main.age".publicKeys = deploy; 26 - "hypixel-bank-tracker-banana.age".publicKeys = deploy; 27 - "caddy-env.age".publicKeys = deploy; 28 31 }
+9
hosts/weird-row-server/secrets/tailscale-exporter-env.age
··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 sMF1bg 2QXKr7jApzwH7C+QoNwSs+dLdnMLqS61UVhg9FASlxQ 3 + Kn2UvjATuB+R5OjATNg2KdzFlAu8scfLe2QxY2jOZOY 4 + -> ssh-ed25519 SmMcWg frXMC+GoH+D+Vg966RB3JEZpKqKV9r9u9JjPRYx08SQ 5 + GNFCFb7G6JhN5BBZPZqyBtSezTWrmiumTw+AQ4u9LQ0 6 + -> ssh-ed25519 Q8rMFA efLEDhp2DxMjp5kqxYR9nkVaVRXdjZDADOtauE4poV4 7 + 1Fz1GKUnkC/ux0M7eSix4TATpzRB179vzI2vncCnqe4 8 + --- pYjmhg7vFoF1CAqtG2WriEK4Ng8OEVPze4itjzVY6lI 9 + �9�$4�_���`�(��t�n��=�pEo��Z�� %h�`;9�X����� �j� AߥM-��T�� >/&P�ѯ�ru�<��U�j+C`&}���+4��i���k�Wؕ��9 W�9a]?1b����}#��)K�y� $懚���ni#��x'�k$G���� on��4��R n�F�Y���