Add Prometheus

2025-07-30 11:37:44 +00:00 · 2024-01-12 18:05:56 +03:00 · 2024-01-12 18:05:56 +03:00 · a0d026d222
commit a0d026d222
parent 7728c6ce6a
7 changed files with 32 additions and 3 deletions
--- a/hosts/cube/default.nix
+++ b/hosts/cube/default.nix
@ -8,13 +8,13 @@

  time.timeZone = "Europe/Amsterdam";

-  users.users.root.passwordFile = config.age.secrets."cube.password.hash".path;
+  users.users.root.passwordFile = config.age.secrets."cube.rgb.password.hash".path;

  users.users.rgb = normalUser {
    description                 = "RGB";
    extraGroups                 = [ "wheel" ];
    openssh.authorizedKeys.keys = [ keys.rgbcube ];
-    hashedPasswordFile          = config.age.secrets."cube.password.hash".path;
+    hashedPasswordFile          = config.age.secrets."cube.rgb.password.hash".path;
  };
 })

--- a/hosts/cube/mail.nix
+++ b/hosts/cube/mail.nix
@ -5,6 +5,18 @@ let

  fqdn = "mail.${domain}";
 in serverSystemConfiguration {
+  services.prometheus.exporters = {
+    dmarc = enabled {
+      imap.host         = domain;
+      imap.passwordFile = config.age.secrets."cube.mail.password".path;
+      imap.username     = "contact@${domain}";
+    };
+
+    dovecot = enabled {};
+    postfix = enabled {};
+    rspamd  = enabled {};
+  };
+
  mailserver = enabled {
    inherit fqdn;

--- a/hosts/cube/nginx.nix
+++ b/hosts/cube/nginx.nix
@ -3,7 +3,14 @@
 serverSystemConfiguration {
  networking.firewall.allowedTCPPorts = [ 80 443 ];

+  services.prometheus.exporters = {
+    nginxlog = enabled {};
+    nginx    = enabled {};
+  };
+
  services.nginx = enabled {
+    statusPage = true;
+
    recommendedGzipSettings  = true;
    recommendedOptimisation  = true;
    recommendedProxySettings = true;
--- a/hosts/cube/prometheus.nix
+++ b/hosts/cube/prometheus.nix
@ -0,0 +1,9 @@
+{ ulib, ... }: with ulib;
+
+serverSystemConfiguration {
+  services.prometheus = enabled {
+    exporters.node = enabled {
+      enabledCollectors = [ "systemd" ];
+    };
+  };
+}
--- a/secrets/cube.mail.password.age
+++ b/secrets/cube.mail.password.age
--- a/secrets/cube.rgb.password.hash.age
+++ b/secrets/cube.rgb.password.hash.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -5,7 +5,8 @@ rec {
  };

  "acme.age".publicKeys                     = [ keys.cube ];
-  "cube.password.hash.age".publicKeys       = [ keys.cube ];
+  "cube.rgb.password.hash.age".publicKeys   = [ keys.cube ];
+  "cube.mail.password.age".publicKeys       = [ keys.cube ];
  "cube.mail.password.hash.age".publicKeys  = [ keys.cube ];
  "cube.id.age".publicKeys                  = [ keys.rgbcube ];
  "enka.said.password.hash.age".publicKeys  = [ keys.rgbcube ];