From a0d026d2229bac7ef9349bb0bc6a6967f7593067 Mon Sep 17 00:00:00 2001 From: RGBCube Date: Fri, 12 Jan 2024 18:05:56 +0300 Subject: [PATCH] Add Prometheus --- hosts/cube/default.nix | 4 ++-- hosts/cube/mail.nix | 12 ++++++++++++ hosts/cube/nginx.nix | 7 +++++++ hosts/cube/prometheus.nix | 9 +++++++++ secrets/cube.mail.password.age | Bin 0 -> 223 bytes ...ssword.hash.age => cube.rgb.password.hash.age} | Bin secrets/secrets.nix | 3 ++- 7 files changed, 32 insertions(+), 3 deletions(-) create mode 100644 hosts/cube/prometheus.nix create mode 100644 secrets/cube.mail.password.age rename secrets/{cube.password.hash.age => cube.rgb.password.hash.age} (100%) diff --git a/hosts/cube/default.nix b/hosts/cube/default.nix index 7f799a5..97b57ef 100644 --- a/hosts/cube/default.nix +++ b/hosts/cube/default.nix @@ -8,13 +8,13 @@ time.timeZone = "Europe/Amsterdam"; - users.users.root.passwordFile = config.age.secrets."cube.password.hash".path; + users.users.root.passwordFile = config.age.secrets."cube.rgb.password.hash".path; users.users.rgb = normalUser { description = "RGB"; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ keys.rgbcube ]; - hashedPasswordFile = config.age.secrets."cube.password.hash".path; + hashedPasswordFile = config.age.secrets."cube.rgb.password.hash".path; }; }) diff --git a/hosts/cube/mail.nix b/hosts/cube/mail.nix index 720fd79..59aadfe 100644 --- a/hosts/cube/mail.nix +++ b/hosts/cube/mail.nix @@ -5,6 +5,18 @@ let fqdn = "mail.${domain}"; in serverSystemConfiguration { + services.prometheus.exporters = { + dmarc = enabled { + imap.host = domain; + imap.passwordFile = config.age.secrets."cube.mail.password".path; + imap.username = "contact@${domain}"; + }; + + dovecot = enabled {}; + postfix = enabled {}; + rspamd = enabled {}; + }; + mailserver = enabled { inherit fqdn; diff --git a/hosts/cube/nginx.nix b/hosts/cube/nginx.nix index 182686a..d42bcaf 100644 --- a/hosts/cube/nginx.nix +++ b/hosts/cube/nginx.nix @@ -3,7 +3,14 @@ serverSystemConfiguration { networking.firewall.allowedTCPPorts = [ 80 443 ]; + services.prometheus.exporters = { + nginxlog = enabled {}; + nginx = enabled {}; + }; + services.nginx = enabled { + statusPage = true; + recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; diff --git a/hosts/cube/prometheus.nix b/hosts/cube/prometheus.nix new file mode 100644 index 0000000..51832f7 --- /dev/null +++ b/hosts/cube/prometheus.nix @@ -0,0 +1,9 @@ +{ ulib, ... }: with ulib; + +serverSystemConfiguration { + services.prometheus = enabled { + exporters.node = enabled { + enabledCollectors = [ "systemd" ]; + }; + }; +} diff --git a/secrets/cube.mail.password.age b/secrets/cube.mail.password.age new file mode 100644 index 0000000000000000000000000000000000000000..77bc291807a47793dae1eed79f92e10bb5b47eed GIT binary patch literal 223 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUFE{ZY;DOd2Ra5C0T z%qb2}H!RL7_RloVFVgo84=nM{t_t%o4>Yqd_D=CF zC{K+@D)#ZN$_%oMDlEw|D%7tk^$aaBNavDdU}w)j=m*Zw9Iw=SEnS#xii ZhqL*dGux)``O>w`>(%}x=hPoe004U7QEvbM literal 0 HcmV?d00001 diff --git a/secrets/cube.password.hash.age b/secrets/cube.rgb.password.hash.age similarity index 100% rename from secrets/cube.password.hash.age rename to secrets/cube.rgb.password.hash.age diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 10cad13..f0d3f02 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -5,7 +5,8 @@ rec { }; "acme.age".publicKeys = [ keys.cube ]; - "cube.password.hash.age".publicKeys = [ keys.cube ]; + "cube.rgb.password.hash.age".publicKeys = [ keys.cube ]; + "cube.mail.password.age".publicKeys = [ keys.cube ]; "cube.mail.password.hash.age".publicKeys = [ keys.cube ]; "cube.id.age".publicKeys = [ keys.rgbcube ]; "enka.said.password.hash.age".publicKeys = [ keys.rgbcube ];