From 702594ca64c6d9d7c29ee581a3ba1e1458746033 Mon Sep 17 00:00:00 2001
From: Griffin Smith <grfn@gws.fyi>
Date: Sun, 23 May 2021 13:58:24 +0200
Subject: refactor(ops): Break out prometheus-fail2ban-exporter module

Break out the configuration for the prometheus fail2ban exporter, which
is a simple python script that exports stats from fail2ban as a
prometheus-scrapable textfile, from Mugwump into a reusable nixos module
in //ops/nixos/modules.

Change-Id: I5451c9c5de6c7bc4431150ae596a9c758bf1b693
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3136
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
---
 users/grfn/system/system/default.nix          |  4 +---
 users/grfn/system/system/machines/mugwump.nix | 34 ++-------------------------
 2 files changed, 3 insertions(+), 35 deletions(-)

(limited to 'users/grfn/system')

diff --git a/users/grfn/system/system/default.nix b/users/grfn/system/system/default.nix
index 503b3a2046b5..489be1369bc0 100644
--- a/users/grfn/system/system/default.nix
+++ b/users/grfn/system/system/default.nix
@@ -9,9 +9,7 @@ rec {
 
   mugwump = import ./machines/mugwump.nix;
 
-  mugwumpSystem = (depot.third_party.nixos {
-    configuration = mugwump;
-  }).system;
+  mugwumpSystem = (depot.ops.nixos.nixosFor mugwump).system;
 
   roswell = import ./machines/roswell.nix;
 
diff --git a/users/grfn/system/system/machines/mugwump.nix b/users/grfn/system/system/machines/mugwump.nix
index f9b6e0a1daba..6a95635c9020 100644
--- a/users/grfn/system/system/machines/mugwump.nix
+++ b/users/grfn/system/system/machines/mugwump.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, pkgs, modulesPath, depot, ... }:
 
 with lib;
 
@@ -6,6 +6,7 @@ with lib;
   imports = [
     ../modules/common.nix
     (modulesPath + "/installer/scan/not-detected.nix")
+    "${depot.path}/ops/modules/prometheus-fail2ban-exporter.nix"
   ];
 
   networking.hostName = "mugwump";
@@ -158,11 +159,6 @@ with lib;
           "systemd"
           "tcpstat"
           "wifi"
-          "textfile"
-        ];
-
-        extraFlags = [
-          "--collector.textfile.directory=/var/lib/prometheus/node-exporter"
         ];
       };
 
@@ -230,32 +226,6 @@ with lib;
     }];
   };
 
-  systemd.services."prometheus-fail2ban-exporter" = {
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network.target" "fail2ban.service" ];
-    serviceConfig = {
-      User = "root";
-      Type = "oneshot";
-      ExecStart = pkgs.writeShellScript "prometheus-fail2ban-exporter" ''
-        set -eo pipefail
-        mkdir -p /var/lib/prometheus/node-exporter
-        exec ${pkgs.python3.withPackages (p: [
-          p.prometheus_client
-        ])}/bin/python ${pkgs.fetchurl {
-          url = "https://raw.githubusercontent.com/jangrewe/prometheus-fail2ban-exporter/11066950b47bb2dbef96ea8544f76e46ed829e81/fail2ban-exporter.py";
-          sha256 = "049lsvw1nj65bbvp8ygyz3743ayzdawrbjixaxmpm03qbrcfmwc4";
-        }}
-      '';
-    };
-
-    path = with pkgs; [ fail2ban ];
-  };
-
-  systemd.timers."prometheus-fail2ban-exporter" = {
-    wantedBy = [ "multi-user.target" ];
-    timerConfig.OnCalendar = "minutely";
-  };
-
   virtualisation.docker.enable = true;
 
   services.buildkite-agents = listToAttrs (map (n: rec {
-- 
cgit 1.4.1