Completed the part with caddy. Problems with exporterr and api keys

2024-09-10 19:51:27 +02:00 · 2024-09-10 19:51:27 +02:00 · 4e649d4344
commit 4e649d4344
parent 58d5c8a812
6 changed files with 147 additions and 20 deletions
--- a/hosts/arr/default.nix
+++ b/hosts/arr/default.nix
@ -10,13 +10,12 @@

    networking.tailscale = {
      enable = false;
-      exitNode = "vps";
+      exitNode = "vps.neon-dory.ts.net";
      # authKeyFile = builtins.toFile "authKey" ''${parameters.tailscaleAuthKey}'';
    };

-    services.download-pod = {
+    services.media-mgr = {
      programs.enable = true;
-      proxy.enable = false;
    };

    virtualisation = {
--- a/hosts/metrics/default.nix
+++ b/hosts/metrics/default.nix
@ -4,27 +4,47 @@
  lib,
  ...
 }:
+let
+  tailscaleMagicDNS = "neon-dory.ts.net";
+in
 {

  age.secrets = {
    tailscale-authKey.file = ../../secrets/tailscale-authKey.age;
-    cloudflare-tegola-apiKey = {
-      file = ../../secrets/cloudflare-tegola-apiKey.age;
-      mode = "440";
-      owner = config.services.caddy.user;
-      group = config.services.caddy.group;
-    };
  };

  my = {
    utils.commons.enable = true;

-    networking.tailscale = {
+    services.media-mgr = {
+      exportMetrics.enable = true;
+      proxy = {
        enable = true;
-      exitNode = "vps";
+        domain = "tegola.pro";
+        host = "arr.internal";
+      };
+    };
+
+    monitoring = {
+      prometheus = {
+        enable = true;
+        proxy = {
+          domain = "tegola.pro";
+          host = "metrics.internal";
+        };
+      };
+    };
+
+    networking = {
+      tailscale = {
+        enable = true;
+        magicDNSDomain = tailscaleMagicDNS;
        authKeyFile = config.age.secrets.tailscale-authKey.path;
      };

+      caddy.enable = true;
+    };
+
    virtualisation = {
      proxmox.enable = true;
    };
@ -38,11 +58,24 @@
  services = {
    openssh.enable = true;

-    prometheus = {
+    prometheus.scrapeConfigs = [
+      {
+        job_name = "metrics-host";
+        static_configs = [
+          { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }
+        ];
+      }
+    ];
+
+    prometheus.exporters = {
+      node = {
        enable = true;
+        enabledCollectors = [ "systemd" ];
+      };
+    };
  };

-  };
+  networking.nameservers = [ "192.168.1.2" ];

  system.stateVersion = "24.05";
 }
--- a/modules/default.nix
+++ b/modules/default.nix
@ -2,6 +2,7 @@
  imports = [
    # Folders
    ./desktop
+    ./monitoring
    ./networking
    ./services
    ./systems
--- a/modules/monitoring/default.nix
+++ b/modules/monitoring/default.nix
@ -0,0 +1 @@
+{ imports = [ ./prometheus.nix ]; }
--- a/modules/monitoring/prometheus.nix
+++ b/modules/monitoring/prometheus.nix
@ -0,0 +1,77 @@
+{ config
+, pkgs
+, lib
+, ...
+}:
+
+with lib;
+
+let
+  cfg = config.my.monitoring.prometheus;
+
+in
+{
+  options.my.monitoring.prometheus = {
+    enable = lib.mkEnableOption "Enable prometheus as a data scraper";
+
+    proxy = {
+      enable = lib.mkEnableOption "Set the proxy entry for this service";
+
+      domain = lib.mkOption {
+        default = "example.com";
+        type = lib.types.str;
+        description = ''
+          The domain where Caddy is reachable
+        '';
+      };
+
+      host = lib.mkOption {
+        default = "localhost";
+        type = lib.types.str;
+        description = ''
+          Host name where the download manager stack is running
+        '';
+      };
+
+    };
+
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
+
+      services.prometheus = {
+        enable = true;
+        scrapeConfigs = [
+          {
+            job_name = "download-mgr-stack";
+            static_configs = [
+              {
+                targets = [
+                  "localhost:${toString config.services.prometheus.exporters.exportarr-prowlarr.port}"
+                  "localhost:${toString config.services.prometheus.exporters.exportarr-radarr.port}"
+                  "localhost:${toString config.services.prometheus.exporters.exportarr-sonarr.port}"
+                  "localhost:${toString config.services.prometheus.exporters.exportarr-lidarr.port}"
+                  "localhost:${toString config.services.prometheus.exporters.exportarr-readarr.port}"
+                ];
+              }
+            ];
+          }
+        ];
+      };
+
+      networking.firewall.allowedTCPPorts = [ 9090 ];
+
+    })
+
+    (lib.mkIf (cfg.proxy != { }) {
+      services.caddy = with cfg.proxy; {
+        virtualHosts."prometheus.${domain}".extraConfig = ''
+          reverse_proxy http://${host}:9090
+          import cloudflare
+        '';
+      };
+    })
+  ];
+
+}
--- a/modules/networking/tailscale.nix
+++ b/modules/networking/tailscale.nix
@ -1,7 +1,8 @@
-{ lib
-, config
-, pkgs
-, ...
+{
+  lib,
+  config,
+  pkgs,
+  ...
 }:
 with lib;
 let
@ -26,6 +27,15 @@ in
      '';
    };

+    magicDNSDomain = mkOption {
+      type = types.str;
+      default = "";
+      example = "example.ts.net";
+      description = ''
+        This unique name is used when registering DNS entries, sharing your device to other tailnets, and issuing TLS certificates
+      '';
+    };
+
    exitNode = mkOption {
      type = types.str;
      default = "";
@ -53,6 +63,12 @@ in
      useRoutingFeatures = if cfg.exitNode == "" then "none" else "both";
      extraUpFlags = [ "--exit-node=${cfg.exitNode}" ] ++ cfg.extraUpFlags;
    };
+
+    networking = {
+      nameservers = [ "100.100.100.100" ];
+      search = [ cfg.magicDNSDomain ];
+    };
+
  };

 }