about summary refs log tree commit diff
diff options
context:
space:
mode:
authorGriffin Smith <grfn@gws.fyi>2020-10-05T16·56-0400
committerglittershark <grfn@gws.fyi>2020-10-12T18·50+0000
commitdb66e1d010d121306dbb8aeb74af78b33325ebcb (patch)
tree11aa35c1b129e7975298638bfd4c24fb221d2bd9
parentca4d698cb0a660df257b18c73ddfe95e8b0a5a82 (diff)
feat(gs/mugwump): Enable prometheus-fail2ban-exporter r/1840
Change-Id: I200f206b609675632ad6103c84cc37b629ef9708
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2025
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
-rw-r--r--users/glittershark/system/system/machines/mugwump.nix31
1 files changed, 31 insertions, 0 deletions
diff --git a/users/glittershark/system/system/machines/mugwump.nix b/users/glittershark/system/system/machines/mugwump.nix
index a2c207c4b095..e28e3131788a 100644
--- a/users/glittershark/system/system/machines/mugwump.nix
+++ b/users/glittershark/system/system/machines/mugwump.nix
@@ -123,6 +123,11 @@ with lib;
           "systemd"
           "tcpstat"
           "wifi"
+          "textfile"
+        ];
+
+        extraFlags = [
+          "--collector.textfile.directory=/var/lib/prometheus/node-exporter"
         ];
       };
 
@@ -141,6 +146,32 @@ with lib;
     }];
   };
 
+  systemd.services."prometheus-fail2ban-exporter" = {
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" "fail2ban.service" ];
+    serviceConfig = {
+      User = "root";
+      Type = "oneshot";
+      ExecStart = pkgs.writeShellScript "prometheus-fail2ban-exporter" ''
+        set -eo pipefail
+        mkdir -p /var/lib/prometheus/node-exporter
+        exec ${pkgs.python3.withPackages (p: [
+          p.prometheus_client
+        ])}/bin/python ${pkgs.fetchurl {
+          url = "https://raw.githubusercontent.com/jangrewe/prometheus-fail2ban-exporter/11066950b47bb2dbef96ea8544f76e46ed829e81/fail2ban-exporter.py";
+          sha256 = "049lsvw1nj65bbvp8ygyz3743ayzdawrbjixaxmpm03qbrcfmwc4";
+        }}
+      '';
+    };
+
+    path = with pkgs; [ fail2ban ];
+  };
+
+  systemd.timers."prometheus-fail2ban-exporter" = {
+    wantedBy = [ "multi-user.target" ];
+    timerConfig.OnCalendar = "minutely";
+  };
+
   security.acme.certs."metrics.gws.fyi" = {
     dnsProvider = "namecheap";
     credentialsFile = "/etc/secrets/namecheap.env";