diff options
author | Griffin Smith <grfn@gws.fyi> | 2020-10-05T16·56-0400 |
---|---|---|
committer | glittershark <grfn@gws.fyi> | 2020-10-12T18·50+0000 |
commit | db66e1d010d121306dbb8aeb74af78b33325ebcb (patch) | |
tree | 11aa35c1b129e7975298638bfd4c24fb221d2bd9 | |
parent | ca4d698cb0a660df257b18c73ddfe95e8b0a5a82 (diff) |
feat(gs/mugwump): Enable prometheus-fail2ban-exporter r/1840
Change-Id: I200f206b609675632ad6103c84cc37b629ef9708 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2025 Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
-rw-r--r-- | users/glittershark/system/system/machines/mugwump.nix | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/users/glittershark/system/system/machines/mugwump.nix b/users/glittershark/system/system/machines/mugwump.nix index a2c207c4b095..e28e3131788a 100644 --- a/users/glittershark/system/system/machines/mugwump.nix +++ b/users/glittershark/system/system/machines/mugwump.nix @@ -123,6 +123,11 @@ with lib; "systemd" "tcpstat" "wifi" + "textfile" + ]; + + extraFlags = [ + "--collector.textfile.directory=/var/lib/prometheus/node-exporter" ]; }; @@ -141,6 +146,32 @@ with lib; }]; }; + systemd.services."prometheus-fail2ban-exporter" = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "fail2ban.service" ]; + serviceConfig = { + User = "root"; + Type = "oneshot"; + ExecStart = pkgs.writeShellScript "prometheus-fail2ban-exporter" '' + set -eo pipefail + mkdir -p /var/lib/prometheus/node-exporter + exec ${pkgs.python3.withPackages (p: [ + p.prometheus_client + ])}/bin/python ${pkgs.fetchurl { + url = "https://raw.githubusercontent.com/jangrewe/prometheus-fail2ban-exporter/11066950b47bb2dbef96ea8544f76e46ed829e81/fail2ban-exporter.py"; + sha256 = "049lsvw1nj65bbvp8ygyz3743ayzdawrbjixaxmpm03qbrcfmwc4"; + }} + ''; + }; + + path = with pkgs; [ fail2ban ]; + }; + + systemd.timers."prometheus-fail2ban-exporter" = { + wantedBy = [ "multi-user.target" ]; + timerConfig.OnCalendar = "minutely"; + }; + security.acme.certs."metrics.gws.fyi" = { dnsProvider = "namecheap"; credentialsFile = "/etc/secrets/namecheap.env"; |