From 85602e867b4e297f46c1017b88d511a99e9ed3a6 Mon Sep 17 00:00:00 2001 From: Kat Inskip Date: Sat, 12 Aug 2023 10:22:01 -0700 Subject: [PATCH] Hoem Assistant & Postgres data --- nixos/roles/monitoring-server/prometheus.nix | 26 ++++++++++++++++++++ nixos/roles/monitoring-server/scalpel.nix | 21 ++++++++++++---- nixos/roles/monitoring-server/secrets.nix | 5 +++- nixos/roles/monitoring-server/secrets.yaml | 5 ++-- 4 files changed, 49 insertions(+), 8 deletions(-) diff --git a/nixos/roles/monitoring-server/prometheus.nix b/nixos/roles/monitoring-server/prometheus.nix index d12ff3ba..d8659cca 100644 --- a/nixos/roles/monitoring-server/prometheus.nix +++ b/nixos/roles/monitoring-server/prometheus.nix @@ -8,6 +8,12 @@ enabledCollectors = ["systemd"]; port = 9002; }; + postgres = { + enable = true; + port = 9187; + runAsLocalSuperUser = true; + extraFlags = ["--auto-discover-databases"]; + }; domain = { enable = true; }; @@ -20,6 +26,18 @@ ./synapse-v2.rules ]; scrapeConfigs = [ + { + job_name = "tewi-hass"; + scrape_interval = "60s"; + metrics_path = "/api/prometheus"; + scheme = "https"; + bearer_token = "!!HOME_ASSISTANT_API_TOKEN!!"; + static_configs = [ + { + targets = ["home.gensokyo.zone:443"]; + } + ]; + } { job_name = "${config.networking.hostName}"; static_configs = [ @@ -36,6 +54,14 @@ } ]; } + { + job_name = "${config.networking.hostName}-postgres"; + static_configs = [ + { + targets = ["127.0.0.1:${toString config.services.prometheus.exporters.postgres.port}"]; + } + ]; + } { job_name = "${config.networking.hostName}-nginx"; static_configs = [ diff --git a/nixos/roles/monitoring-server/scalpel.nix b/nixos/roles/monitoring-server/scalpel.nix index 25220327..d968c09d 100644 --- a/nixos/roles/monitoring-server/scalpel.nix +++ b/nixos/roles/monitoring-server/scalpel.nix @@ -6,18 +6,29 @@ }: let inherit (lib.strings) addContextFrom; inherit (lib.modules) mkForce; - start = prev.config.systemd.services.telegraf.serviceConfig.ExecStart; - telegraf_cfgfile = builtins.head (builtins.match "^.*-config ([^\ ]*).*$" "${start}"); + telegraf_start = prev.config.systemd.services.telegraf.serviceConfig.ExecStart; + telegraf_cfgfile = builtins.head (builtins.match "^.*-config ([^\ ]*).*$" "${telegraf_start}"); + prometheus_start = prev.config.systemd.services.prometheus.serviceConfig.ExecStart; + prometheus_cfgfile = builtins.head (builtins.match "^.*-config\.file=([^\ ]*).*$" "${prometheus_start}"); in { systemd.services.telegraf.serviceConfig.ExecStart = mkForce ( - builtins.replaceStrings ["${telegraf_cfgfile}"] ["${config.scalpel.trafos."config.toml".destination} "] "${start}" + builtins.replaceStrings ["${telegraf_cfgfile}"] ["${config.scalpel.trafos."config.toml".destination} "] "${telegraf_start}" ); scalpel.trafos."config.toml" = { - source = addContextFrom start telegraf_cfgfile; + source = addContextFrom telegraf_start telegraf_cfgfile; matchers."TELEGRAF_API_KEY".secret = config.sops.secrets.telegraf_api_key.path; owner = "telegraf"; group = "telegraf"; mode = "0440"; }; - #environment.etc."ensure_telegraf_trafos".source = telegraf_cfgfile; + systemd.services.prometheus.serviceConfig.ExecStart = mkForce ( + builtins.replaceStrings ["${prometheus_cfgfile}"] ["${config.scalpel.trafos."prometheus.yml".destination} "] "${prometheus_start}" + ); + scalpel.trafos."prometheus.yml" = { + source = addContextFrom prometheus_start prometheus_cfgfile; + matchers."HOME_ASSISTANT_API_TOKEN".secret = config.sops.secrets.home_assistant_api_key.path; + owner = "prometheus"; + group = "prometheus"; + mode = "0440"; + }; } diff --git a/nixos/roles/monitoring-server/secrets.nix b/nixos/roles/monitoring-server/secrets.nix index 4f84c158..9bc87d31 100644 --- a/nixos/roles/monitoring-server/secrets.nix +++ b/nixos/roles/monitoring-server/secrets.nix @@ -3,7 +3,10 @@ _: { format = "yaml"; sopsFile = ./secrets.yaml; }; - + sops.secrets.home_assistant_api_key = { + format = "yaml"; + sopsFile = ./secrets.yaml; + }; scalpels = [ ./scalpel.nix ]; diff --git a/nixos/roles/monitoring-server/secrets.yaml b/nixos/roles/monitoring-server/secrets.yaml index 586cec03..cf7591f3 100644 --- a/nixos/roles/monitoring-server/secrets.yaml +++ b/nixos/roles/monitoring-server/secrets.yaml @@ -1,4 +1,5 @@ telegraf_api_key: ENC[AES256_GCM,data:XXMLlIxtFYmURr6QuRdZFL+Z3OIm1nm8ReZq/sAML1DzFKO8U2sbdyHjXnqUWw==,iv:mMpzUrZozfcxUSpxXki64loHWtt7VwdilWTLpie01NI=,tag:a0iRgCemgDCUxKV0gMoKow==,type:str] +home_assistant_api_key: ENC[AES256_GCM,data:+RSRYTXro9vZChEwTZNcyqFnwwDfdOEcXMbp7AAH6wo+R3+bVhTHNvUJU3q78CZkIzXquDDczvySHho28EUaKyUNXLWtmlHG99SL6qXPwZLbTpcMX+5pA//qcRHFss17LrxTXXkAuepQqWrSq8rxXEYshMsbLVo/L38jrW5y13YknLovXzUItRf4lDoX/fDhq6OD2EH1G6GoCjOUtIurzeaHMRo4nc4aO1/k1s9rAAVRBoFnFknM,iv:k2UuicBJ4UFKO6QV15ZUQ3Asur00MLT/DJzgKeZ+I8U=,tag:Wz6FPlu5CFQ3anljvGxenw==,type:str] sops: shamir_threshold: 1 kms: [] @@ -15,8 +16,8 @@ sops: T0NKQzIzY2g3TnBoT00xa0xBUW1BNDgK/Uj+ldtdx1E+hQlKBUWo9TEPa8vmk3dZ QWE6YSlY9kYjGNs+WHjnUXoO3VMmyzxNFFkrnOHLcfKQbi9p5Qrp0w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-29T22:20:58Z" - mac: ENC[AES256_GCM,data:wRPzcBx4PJqK8ziR1oiVT8RrCwzlz9IugY0VMC6q7fuSBDEPrZjJ3wqpP0crNzQuZD2otEiB8ooYlL3j/lLT+vMPuUzitM5J8V3uyLwGV5FLfqC3AgbDAwb7r/x2okpSWEffhwuTMUVZ6jJo0+/XoAWS+D4IULfa77nHg6YBuu0=,iv:vft9e7pz1v5Jkxx2HnKg4+HAFZ9uRBe8OhT5DB7Yx10=,tag:nYkl5vRBG0BI/z+IERambg==,type:str] + lastmodified: "2023-08-12T16:28:10Z" + mac: ENC[AES256_GCM,data:7t9dAJPUiOD93Hyt+YLVjR/SdqIcuLi8TFP2/8gzem8Hrn97Yqx5Iow57alFcOWcb1ymhSQLIWjh5RydhlnoeLj/HbacSKxxFirFFv842mBVKqbVyfQcNozGl5D0oo0yd8gKzXQ6BaKqel7ZeOeIeY6XKAzH2RH2r8Gj1kPhkHY=,iv:bZuu+kFJcc8SDA1uShXroQcLMjUj+DTSvsbIABLddFs=,tag:bNLzxOll5UL5uFJeoq5XzA==,type:str] pgp: - created_at: "2023-07-29T22:10:05Z" enc: |