Completed the part with caddy. Problems with exporterr and api keys

2024-09-10 19:51:27 +02:00 · 2024-09-10 19:51:27 +02:00 · 4e649d4344
commit 4e649d4344
parent 58d5c8a812
6 changed files with 147 additions and 20 deletions
--- a/hosts/arr/default.nix
+++ b/hosts/arr/default.nix
@ -10,13 +10,12 @@
    networking.tailscale = {
      enable = false;
-      exitNode = "vps";
+      exitNode = "vps.neon-dory.ts.net";
      # authKeyFile = builtins.toFile "authKey" ''${parameters.tailscaleAuthKey}'';
    };
-    services.download-pod = {
+    services.media-mgr = {
      programs.enable = true;
      proxy.enable = false;
    };
    virtualisation = {
--- a/hosts/metrics/default.nix
+++ b/hosts/metrics/default.nix
@ -4,25 +4,45 @@
  lib,
  ...
 }:
 let
  tailscaleMagicDNS = "neon-dory.ts.net";
 in
 {
  age.secrets = {
    tailscale-authKey.file = ../../secrets/tailscale-authKey.age;
    cloudflare-tegola-apiKey = {
      file = ../../secrets/cloudflare-tegola-apiKey.age;
      mode = "440";
      owner = config.services.caddy.user;
      group = config.services.caddy.group;
    };
  };
  my = {
    utils.commons.enable = true;
-    networking.tailscale = {
+    services.media-mgr = {
-      enable = true;
+      exportMetrics.enable = true;
-      exitNode = "vps";
+      proxy = {
-      authKeyFile = config.age.secrets.tailscale-authKey.path;
+        enable = true;
        domain = "tegola.pro";
        host = "arr.internal";
      };
    };
    monitoring = {
      prometheus = {
        enable = true;
        proxy = {
          domain = "tegola.pro";
          host = "metrics.internal";
        };
      };
    };
    networking = {
      tailscale = {
        enable = true;
        magicDNSDomain = tailscaleMagicDNS;
        authKeyFile = config.age.secrets.tailscale-authKey.path;
      };
      caddy.enable = true;
    };
    virtualisation = {
@ -38,11 +58,24 @@
  services = {
    openssh.enable = true;
-    prometheus = {
+    prometheus.scrapeConfigs = [
-      enable = true;
+      {
-    };
+        job_name = "metrics-host";
        static_configs = [
          { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }
        ];
      }
    ];
    prometheus.exporters = {
      node = {
        enable = true;
        enabledCollectors = [ "systemd" ];
      };
    };
  };
  networking.nameservers = [ "192.168.1.2" ];
  system.stateVersion = "24.05";
 }
--- a/modules/default.nix
+++ b/modules/default.nix
@ -2,6 +2,7 @@
  imports = [
    # Folders
    ./desktop
    ./monitoring
    ./networking
    ./services
    ./systems
--- a/modules/monitoring/default.nix
+++ b/modules/monitoring/default.nix
@ -0,0 +1 @@
 { imports = [ ./prometheus.nix ]; }
--- a/modules/monitoring/prometheus.nix
+++ b/modules/monitoring/prometheus.nix
@ -0,0 +1,77 @@
 { config
 , pkgs
 , lib
 , ...
 }:
 with lib;
 let
  cfg = config.my.monitoring.prometheus;
 in
 {
  options.my.monitoring.prometheus = {
    enable = lib.mkEnableOption "Enable prometheus as a data scraper";
    proxy = {
      enable = lib.mkEnableOption "Set the proxy entry for this service";
      domain = lib.mkOption {
        default = "example.com";
        type = lib.types.str;
        description = ''
          The domain where Caddy is reachable
        '';
      };
      host = lib.mkOption {
        default = "localhost";
        type = lib.types.str;
        description = ''
          Host name where the download manager stack is running
        '';
      };
    };
  };
  config = lib.mkMerge [
    (lib.mkIf cfg.enable {
      services.prometheus = {
        enable = true;
        scrapeConfigs = [
          {
            job_name = "download-mgr-stack";
            static_configs = [
              {
                targets = [
                  "localhost:${toString config.services.prometheus.exporters.exportarr-prowlarr.port}"
                  "localhost:${toString config.services.prometheus.exporters.exportarr-radarr.port}"
                  "localhost:${toString config.services.prometheus.exporters.exportarr-sonarr.port}"
                  "localhost:${toString config.services.prometheus.exporters.exportarr-lidarr.port}"
                  "localhost:${toString config.services.prometheus.exporters.exportarr-readarr.port}"
                ];
              }
            ];
          }
        ];
      };
      networking.firewall.allowedTCPPorts = [ 9090 ];
    })
    (lib.mkIf (cfg.proxy != { }) {
      services.caddy = with cfg.proxy; {
        virtualHosts."prometheus.${domain}".extraConfig = ''
          reverse_proxy http://${host}:9090
          import cloudflare
        '';
      };
    })
  ];
 }
--- a/modules/networking/tailscale.nix
+++ b/modules/networking/tailscale.nix
@ -1,7 +1,8 @@
-{ lib
+{
-, config
+  lib,
-, pkgs
+  config,
-, ...
+  pkgs,
  ...
 }:
 with lib;
 let
@ -26,6 +27,15 @@ in
      '';
    };
    magicDNSDomain = mkOption {
      type = types.str;
      default = "";
      example = "example.ts.net";
      description = ''
        This unique name is used when registering DNS entries, sharing your device to other tailnets, and issuing TLS certificates
      '';
    };
    exitNode = mkOption {
      type = types.str;
      default = "";
@ -53,6 +63,12 @@ in
      useRoutingFeatures = if cfg.exitNode == "" then "none" else "both";
      extraUpFlags = [ "--exit-node=${cfg.exitNode}" ] ++ cfg.extraUpFlags;
    };
    networking = {
      nameservers = [ "100.100.100.100" ];
      search = [ cfg.magicDNSDomain ];
    };
  };
 }