Hoem Assistant & Postgres data

nixos/roles/monitoring-server/prometheus.nix

@@ -8,6 +8,12 @@
         enabledCollectors = ["systemd"];
         port = 9002;
       };
+      postgres = {
+        enable = true;
+        port = 9187;
+        runAsLocalSuperUser = true;
+        extraFlags = ["--auto-discover-databases"];
+      };
       domain = {
         enable = true;
       };
@@ -20,6 +26,18 @@
       ./synapse-v2.rules
     ];
     scrapeConfigs = [
+      {
+        job_name = "tewi-hass";
+        scrape_interval = "60s";
+        metrics_path = "/api/prometheus";
+        scheme = "https";
+        bearer_token = "!!HOME_ASSISTANT_API_TOKEN!!";
+        static_configs = [
+          {
+            targets = ["home.gensokyo.zone:443"];
+          }
+        ];
+      }
       {
         job_name = "${config.networking.hostName}";
         static_configs = [
@@ -36,6 +54,14 @@
           }
         ];
       }
+      {
+        job_name = "${config.networking.hostName}-postgres";
+        static_configs = [
+          {
+            targets = ["127.0.0.1:${toString config.services.prometheus.exporters.postgres.port}"];
+          }
+        ];
+      }
       {
         job_name = "${config.networking.hostName}-nginx";
         static_configs = [

nixos/roles/monitoring-server/scalpel.nix

@@ -6,18 +6,29 @@
 }: let
   inherit (lib.strings) addContextFrom;
   inherit (lib.modules) mkForce;
-  start = prev.config.systemd.services.telegraf.serviceConfig.ExecStart;
+  telegraf_start = prev.config.systemd.services.telegraf.serviceConfig.ExecStart;
-  telegraf_cfgfile = builtins.head (builtins.match "^.*-config ([^\ ]*).*$" "${start}");
+  telegraf_cfgfile = builtins.head (builtins.match "^.*-config ([^\ ]*).*$" "${telegraf_start}");
+  prometheus_start = prev.config.systemd.services.prometheus.serviceConfig.ExecStart;
+  prometheus_cfgfile = builtins.head (builtins.match "^.*-config\.file=([^\ ]*).*$" "${prometheus_start}");
 in {
   systemd.services.telegraf.serviceConfig.ExecStart = mkForce (
-    builtins.replaceStrings ["${telegraf_cfgfile}"] ["${config.scalpel.trafos."config.toml".destination} "] "${start}"
+    builtins.replaceStrings ["${telegraf_cfgfile}"] ["${config.scalpel.trafos."config.toml".destination} "] "${telegraf_start}"
   );
   scalpel.trafos."config.toml" = {
-    source = addContextFrom start telegraf_cfgfile;
+    source = addContextFrom telegraf_start telegraf_cfgfile;
     matchers."TELEGRAF_API_KEY".secret = config.sops.secrets.telegraf_api_key.path;
     owner = "telegraf";
     group = "telegraf";
     mode = "0440";
   };
-  #environment.etc."ensure_telegraf_trafos".source = telegraf_cfgfile;
+  systemd.services.prometheus.serviceConfig.ExecStart = mkForce (
+    builtins.replaceStrings ["${prometheus_cfgfile}"] ["${config.scalpel.trafos."prometheus.yml".destination} "] "${prometheus_start}"
+  );
+  scalpel.trafos."prometheus.yml" = {
+    source = addContextFrom prometheus_start prometheus_cfgfile;
+    matchers."HOME_ASSISTANT_API_TOKEN".secret = config.sops.secrets.home_assistant_api_key.path;
+    owner = "prometheus";
+    group = "prometheus";
+    mode = "0440";
+  };
 }

nixos/roles/monitoring-server/secrets.nix

@@ -3,7 +3,10 @@ _: {
     format = "yaml";
     sopsFile = ./secrets.yaml;
   };
-
+  sops.secrets.home_assistant_api_key = {
+    format = "yaml";
+    sopsFile = ./secrets.yaml;
+  };
   scalpels = [
     ./scalpel.nix
   ];

nixos/roles/monitoring-server/secrets.yaml

@@ -1,4 +1,5 @@
 telegraf_api_key: ENC[AES256_GCM,data:XXMLlIxtFYmURr6QuRdZFL+Z3OIm1nm8ReZq/sAML1DzFKO8U2sbdyHjXnqUWw==,iv:mMpzUrZozfcxUSpxXki64loHWtt7VwdilWTLpie01NI=,tag:a0iRgCemgDCUxKV0gMoKow==,type:str]
+home_assistant_api_key: ENC[AES256_GCM,data:+RSRYTXro9vZChEwTZNcyqFnwwDfdOEcXMbp7AAH6wo+R3+bVhTHNvUJU3q78CZkIzXquDDczvySHho28EUaKyUNXLWtmlHG99SL6qXPwZLbTpcMX+5pA//qcRHFss17LrxTXXkAuepQqWrSq8rxXEYshMsbLVo/L38jrW5y13YknLovXzUItRf4lDoX/fDhq6OD2EH1G6GoCjOUtIurzeaHMRo4nc4aO1/k1s9rAAVRBoFnFknM,iv:k2UuicBJ4UFKO6QV15ZUQ3Asur00MLT/DJzgKeZ+I8U=,tag:Wz6FPlu5CFQ3anljvGxenw==,type:str]
 sops:
     shamir_threshold: 1
     kms: []
@@ -15,8 +16,8 @@ sops:
             T0NKQzIzY2g3TnBoT00xa0xBUW1BNDgK/Uj+ldtdx1E+hQlKBUWo9TEPa8vmk3dZ
             QWE6YSlY9kYjGNs+WHjnUXoO3VMmyzxNFFkrnOHLcfKQbi9p5Qrp0w==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-07-29T22:20:58Z"
+    lastmodified: "2023-08-12T16:28:10Z"
-    mac: ENC[AES256_GCM,data:wRPzcBx4PJqK8ziR1oiVT8RrCwzlz9IugY0VMC6q7fuSBDEPrZjJ3wqpP0crNzQuZD2otEiB8ooYlL3j/lLT+vMPuUzitM5J8V3uyLwGV5FLfqC3AgbDAwb7r/x2okpSWEffhwuTMUVZ6jJo0+/XoAWS+D4IULfa77nHg6YBuu0=,iv:vft9e7pz1v5Jkxx2HnKg4+HAFZ9uRBe8OhT5DB7Yx10=,tag:nYkl5vRBG0BI/z+IERambg==,type:str]
+    mac: ENC[AES256_GCM,data:7t9dAJPUiOD93Hyt+YLVjR/SdqIcuLi8TFP2/8gzem8Hrn97Yqx5Iow57alFcOWcb1ymhSQLIWjh5RydhlnoeLj/HbacSKxxFirFFv842mBVKqbVyfQcNozGl5D0oo0yd8gKzXQ6BaKqel7ZeOeIeY6XKAzH2RH2r8Gj1kPhkHY=,iv:bZuu+kFJcc8SDA1uShXroQcLMjUj+DTSvsbIABLddFs=,tag:bNLzxOll5UL5uFJeoq5XzA==,type:str]
     pgp:
         - created_at: "2023-07-29T22:10:05Z"
           enc: |