From db66e1d010d121306dbb8aeb74af78b33325ebcb Mon Sep 17 00:00:00 2001 From: Griffin Smith Date: Mon, 5 Oct 2020 12:56:05 -0400 Subject: feat(gs/mugwump): Enable prometheus-fail2ban-exporter Change-Id: I200f206b609675632ad6103c84cc37b629ef9708 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2025 Reviewed-by: glittershark Tested-by: BuildkiteCI --- .../system/system/machines/mugwump.nix | 31 ++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'users/glittershark') diff --git a/users/glittershark/system/system/machines/mugwump.nix b/users/glittershark/system/system/machines/mugwump.nix index a2c207c4b095..e28e3131788a 100644 --- a/users/glittershark/system/system/machines/mugwump.nix +++ b/users/glittershark/system/system/machines/mugwump.nix @@ -123,6 +123,11 @@ with lib; "systemd" "tcpstat" "wifi" + "textfile" + ]; + + extraFlags = [ + "--collector.textfile.directory=/var/lib/prometheus/node-exporter" ]; }; @@ -141,6 +146,32 @@ with lib; }]; }; + systemd.services."prometheus-fail2ban-exporter" = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "fail2ban.service" ]; + serviceConfig = { + User = "root"; + Type = "oneshot"; + ExecStart = pkgs.writeShellScript "prometheus-fail2ban-exporter" '' + set -eo pipefail + mkdir -p /var/lib/prometheus/node-exporter + exec ${pkgs.python3.withPackages (p: [ + p.prometheus_client + ])}/bin/python ${pkgs.fetchurl { + url = "https://raw.githubusercontent.com/jangrewe/prometheus-fail2ban-exporter/11066950b47bb2dbef96ea8544f76e46ed829e81/fail2ban-exporter.py"; + sha256 = "049lsvw1nj65bbvp8ygyz3743ayzdawrbjixaxmpm03qbrcfmwc4"; + }} + ''; + }; + + path = with pkgs; [ fail2ban ]; + }; + + systemd.timers."prometheus-fail2ban-exporter" = { + wantedBy = [ "multi-user.target" ]; + timerConfig.OnCalendar = "minutely"; + }; + security.acme.certs."metrics.gws.fyi" = { dnsProvider = "namecheap"; credentialsFile = "/etc/secrets/namecheap.env"; -- cgit 1.4.1