Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

feat: results f testing exporters for DNS last night

Browse source 
Relates to #70
This commit is contained in:
silver 2024-06-05 14:31:50 +01:00
parent a156d1ba1e
commit 152bc676fc
Signed by: silver
GPG key ID: 54E2C71918E93B74
2 changed files with 40 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
applications/dns.nix
View file

@ -342,6 +342,12 @@ in {
}; };
config = lib.mkIf cfg.server.enable { config = lib.mkIf cfg.server.enable {
# logging
services.prometheus.exporters.bind = {
enable = true;
openFirewall = true;
};
# services.skynet.backup.normal.backups = ["/etc/skynet/dns"]; # services.skynet.backup.normal.backups = ["/etc/skynet/dns"];
# open the firewall for this # open the firewall for this
@ -386,6 +392,10 @@ in {
# need to take a look at https://nixos.org/manual/nixos/unstable/#module-security-acme-config-dns # need to take a look at https://nixos.org/manual/nixos/unstable/#module-security-acme-config-dns
extraConfig = '' extraConfig = ''
include "/run/agenix/dns_dnskeys"; include "/run/agenix/dns_dnskeys";
statistics-channels {
inet 127.0.0.1 port 8053 allow { 127.0.0.1; };
};
''; '';
# piles of no valid RRSIG resolving 'com/DS/IN' errors # piles of no valid RRSIG resolving 'com/DS/IN' errors

41
applications/prometheus.nix
View file

@ -7,6 +7,25 @@
with lib; let with lib; let
name = "prometheus"; name = "prometheus";
cfg = config.services.skynet."${name}"; cfg = config.services.skynet."${name}";
# dont have to worry about any external addresses for this
# create a list of either "ip@port" or ""
# the ""s then get filtered out by filter_empty
exporters = {
dns = (
lib.attrsets.mapAttrsToList (
key: value:
if value.config.services.skynet.dns.server.enable
then "${value.config.deployment.targetHost}:${toString value.config.services.prometheus.exporters.bind.port}"
else ""
)
nodes
);
node = lib.attrsets.mapAttrsToList (key: value: "${value.config.deployment.targetHost}:${toString config.services.prometheus.exporters.node.port}") nodes;
};
# clears any invalid entries
filter_empty = inputs: (builtins.filter (value: value != "") inputs);
in { in {
imports = []; imports = [];
@ -19,7 +38,7 @@ in {
default = 9001; default = 9001;
}; };
other_nodes = mkOption { external.node = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [];
description = '' description = ''
@ -27,24 +46,16 @@ in {
''; '';
}; };
}; };
port_collecter = mkOption {
type = types.port;
default = 9002;
};
}; };
config = mkMerge [ config = mkMerge [
{ {
services.prometheus.exporters.node = { services.prometheus.exporters.node = {
enable = true; enable = true;
openFirewall = true;
# most collectors are on by default see https://github.com/prometheus/node_exporter for more options # most collectors are on by default see https://github.com/prometheus/node_exporter for more options
enabledCollectors = ["systemd"]; enabledCollectors = ["systemd"];
port = cfg.port_collecter;
}; };
# make sure the port is open
networking.firewall.allowedTCPPorts = [cfg.port_collecter];
} }
(mkIf cfg.server.enable { (mkIf cfg.server.enable {
services.prometheus = { services.prometheus = {
@ -55,7 +66,15 @@ in {
job_name = "node_exporter"; job_name = "node_exporter";
static_configs = [ static_configs = [
{ {
targets = (lib.attrsets.mapAttrsToList (key: value: "${value.config.deployment.targetHost}:${toString cfg.port_collecter}") nodes) ++ cfg.server.other_nodes; targets = filter_empty (exporters.node ++ cfg.server.external.node);
}
];
}
{
job_name = "bind";
static_configs = [
{
targets = filter_empty exporters.dns;
} }
]; ];
} }