diff options
| author | Griffin Smith <grfn@gws.fyi> | 2021-05-23T11·58+0200 |
|---|---|---|
| committer | grfn <grfn@gws.fyi> | 2021-06-12T15·51+0000 |
| commit | 702594ca64c6d9d7c29ee581a3ba1e1458746033 (patch) | |
| tree | 0f6c5c04ad6de613534039b2948a8eb0c982edbf /ops/modules/prometheus-fail2ban-exporter.nix | |
| parent | 8587bb5f67e6c3cd80fd10d98e375c1b4ca0b271 (diff) | |
refactor(ops): Break out prometheus-fail2ban-exporter module r/2651
Break out the configuration for the prometheus fail2ban exporter, which is a simple python script that exports stats from fail2ban as a prometheus-scrapable textfile, from Mugwump into a reusable nixos module in //ops/nixos/modules. Change-Id: I5451c9c5de6c7bc4431150ae596a9c758bf1b693 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3136 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
Diffstat (limited to 'ops/modules/prometheus-fail2ban-exporter.nix')
| -rw-r--r-- | ops/modules/prometheus-fail2ban-exporter.nix | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/ops/modules/prometheus-fail2ban-exporter.nix b/ops/modules/prometheus-fail2ban-exporter.nix new file mode 100644 index 000000000000..349364f9b7ed --- /dev/null +++ b/ops/modules/prometheus-fail2ban-exporter.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, depot, ... }: + +let + cfg = config.services.prometheus-fail2ban-exporter; +in + +{ + options.services.prometheus-fail2ban-exporter = with lib; { + enable = mkEnableOption "Prometheus Fail2ban Exporter"; + + interval = mkOption { + description = "Systemd calendar expression for how often to run the interval"; + type = types.string; + default = "minutely"; + example = "hourly"; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services."prometheus-fail2ban-exporter" = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "fail2ban.service" ]; + serviceConfig = { + User = "root"; + Type = "oneshot"; + ExecStart = pkgs.writeShellScript "prometheus-fail2ban-exporter" '' + set -eo pipefail + mkdir -p /var/lib/prometheus/node-exporter + exec prometheus-fail2ban-exporter + ''; + }; + + path = [ + pkgs.fail2ban + depot.third_party.prometheus-fail2ban-exporter + ]; + }; + + systemd.timers."prometheus-fail2ban-exporter" = { + wantedBy = [ "multi-user.target" ]; + timerConfig.OnCalendar = cfg.interval; + }; + + services.prometheus.exporters.node = { + enabledCollectors = [ "textfile" ]; + + extraFlags = [ + "--collector.textfile.directory=/var/lib/prometheus/node-exporter" + ]; + }; + }; +} |