mirror of
https://github.com/RGBCube/ncc
synced 2025-07-27 10:07:44 +00:00
50 lines
1.5 KiB
Nix
50 lines
1.5 KiB
Nix
{ config, lib, pkgs, ... }: let
|
|
inherit (lib) enabled mkEnableOption mkIf mkOption types;
|
|
|
|
portFakeSSH = 22;
|
|
in {
|
|
config.services.prometheus.exporters.endlessh-go = mkIf config.isServer <| enabled {
|
|
listenAddress = "[::]";
|
|
};
|
|
|
|
# `services.endlessh-go.openFirewall` exposes both the Prometheus
|
|
# exporters port and the SSH port, and we don't want the metrics
|
|
# to leak, so we manually expose this like so.
|
|
config.networking.firewall.allowedTCPPorts = mkIf config.isServer <| [ portFakeSSH ];
|
|
|
|
config.services.endlessh-go = mkIf config.isServer <| enabled {
|
|
listenAddress = "[::]";
|
|
port = portFakeSSH;
|
|
|
|
extraOptions = [
|
|
"-alsologtostderr"
|
|
"-geoip_supplier max-mind-db"
|
|
"-max_mind_db ${pkgs.dbip-country-lite}/share/dbip/dbip-country-lite.mmdb"
|
|
];
|
|
|
|
prometheus = config.services.prometheus.exporters.endlessh-go;
|
|
};
|
|
|
|
# And yes, I've tried lib.mkAliasOptionModule.
|
|
# It doesn't work for a mysterious reason,
|
|
# says it can't find `services.prometheus.exporters.endlessh-go`.
|
|
#
|
|
# This works, however.
|
|
#
|
|
# TODO: I may be stupid, because the above note says that I tried
|
|
# to alias to a nonexistent option, rather than the other way around.
|
|
# Let's try mkAliasOptionModule again later.
|
|
options.services.prometheus.exporters.endlessh-go = {
|
|
enable = mkEnableOption "Prometheus integration";
|
|
|
|
listenAddress = mkOption {
|
|
type = types.str;
|
|
default = "0.0.0.0";
|
|
};
|
|
|
|
port = mkOption {
|
|
type = types.port;
|
|
default = 2112;
|
|
};
|
|
};
|
|
}
|