209 lines
5.8 KiB
Nix
209 lines
5.8 KiB
Nix
{
|
|
pkgs,
|
|
config,
|
|
...
|
|
}: let
|
|
# Port configurations
|
|
ports = {
|
|
# System exporters
|
|
node = 9100;
|
|
systemd = 9558;
|
|
process = 9256;
|
|
|
|
# Infrastructure exporters
|
|
cadvisor = 8080;
|
|
caddy = 2019;
|
|
|
|
# Media exporters
|
|
jellyfin = 9220;
|
|
pihole = 9617;
|
|
|
|
# Servarr exporters (via exportarr)
|
|
sonarr = 9707;
|
|
radarr = 9708;
|
|
lidarr = 9709;
|
|
bazarr = 9710;
|
|
|
|
# Torrent
|
|
deluge = 9354;
|
|
};
|
|
in {
|
|
sops.secrets."pihole/password" = {};
|
|
services = {
|
|
prometheus = {
|
|
exporters = {
|
|
systemd = {
|
|
enable = true;
|
|
port = ports.systemd;
|
|
};
|
|
node = {
|
|
enable = true;
|
|
enabledCollectors = [
|
|
"systemd"
|
|
"textfile"
|
|
"filesystem"
|
|
"loadavg"
|
|
"meminfo"
|
|
"netdev"
|
|
"stat"
|
|
"time"
|
|
"uname"
|
|
"vmstat"
|
|
"diskstats"
|
|
"cpu"
|
|
];
|
|
port = ports.node;
|
|
};
|
|
process = {
|
|
enable = true;
|
|
settings.process_names = [
|
|
{
|
|
name = "{{.Comm}}";
|
|
cmdline = [".*"];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# Docker cAdvisor for container metrics
|
|
virtualisation.oci-containers.containers.cadvisor = {
|
|
image = "gcr.io/cadvisor/cadvisor:v0.49.1";
|
|
ports = ["${toString ports.cadvisor}:8080"];
|
|
volumes = [
|
|
"/:/rootfs:ro"
|
|
"/var/run:/var/run:ro"
|
|
"/sys:/sys:ro"
|
|
"/var/lib/docker/:/var/lib/docker:ro"
|
|
"/dev/disk/:/dev/disk:ro"
|
|
];
|
|
extraOptions = [
|
|
"--privileged"
|
|
"--device=/dev/kmsg"
|
|
];
|
|
};
|
|
|
|
# Jellyfin - use built-in metrics endpoint at http://localhost:8096/metrics
|
|
# No separate exporter needed - Prometheus will scrape directly
|
|
|
|
# Home Assistant - has built-in Prometheus integration
|
|
# Configure in Home Assistant configuration.yaml:
|
|
# prometheus:
|
|
# namespace: homeassistant
|
|
|
|
# Pi-hole exporter
|
|
# Uses sops-managed API token for authentication with Pi-hole v6
|
|
# To set the token: edit secrets/secrets.yaml and replace the placeholder at pihole.api_token
|
|
systemd.services.pihole-exporter = {
|
|
description = "Pi-hole Prometheus Exporter";
|
|
wantedBy = ["multi-user.target"];
|
|
after = ["network.target" "sops-nix.service"];
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
DynamicUser = true;
|
|
# Load API token from sops secret file
|
|
LoadCredential = "ppassword:${config.sops.secrets."pihole/password".path}";
|
|
ExecStart = ''
|
|
${pkgs.bash}/bin/bash -c '${pkgs.prometheus-pihole-exporter}/bin/pihole-exporter \
|
|
-pihole_hostname pihole.darksailor.dev \
|
|
-pihole_port 8053 \
|
|
-port ${toString ports.pihole} \
|
|
-pihole_password $(cat ''${CREDENTIALS_DIRECTORY}/ppassword)'
|
|
'';
|
|
Restart = "on-failure";
|
|
};
|
|
};
|
|
|
|
# Exportarr for Sonarr
|
|
# Disabled: needs API key configuration
|
|
# systemd.services.exportarr-sonarr = {
|
|
# description = "Exportarr Prometheus Exporter for Sonarr";
|
|
# wantedBy = ["multi-user.target"];
|
|
# after = ["network.target"];
|
|
# serviceConfig = {
|
|
# Type = "simple";
|
|
# DynamicUser = true;
|
|
# ExecStart = "${pkgs.exportarr}/bin/exportarr sonarr --port ${toString ports.sonarr} --url http://localhost:8989";
|
|
# Restart = "on-failure";
|
|
# };
|
|
# };
|
|
|
|
# Exportarr for Radarr
|
|
# Disabled: needs API key configuration
|
|
# systemd.services.exportarr-radarr = {
|
|
# description = "Exportarr Prometheus Exporter for Radarr";
|
|
# wantedBy = ["multi-user.target"];
|
|
# after = ["network.target"];
|
|
# serviceConfig = {
|
|
# Type = "simple";
|
|
# DynamicUser = true;
|
|
# ExecStart = "${pkgs.exportarr}/bin/exportarr radarr --port ${toString ports.radarr} --url http://localhost:7878";
|
|
# Restart = "on-failure";
|
|
# };
|
|
# };
|
|
|
|
# Exportarr for Lidarr
|
|
# Disabled: needs API key configuration
|
|
# systemd.services.exportarr-lidarr = {
|
|
# description = "Exportarr Prometheus Exporter for Lidarr";
|
|
# wantedBy = ["multi-user.target"];
|
|
# after = ["network.target"];
|
|
# serviceConfig = {
|
|
# Type = "simple";
|
|
# DynamicUser = true;
|
|
# ExecStart = "${pkgs.exportarr}/bin/exportarr lidarr --port ${toString ports.lidarr} --url http://localhost:8686";
|
|
# Restart = "on-failure";
|
|
# };
|
|
# };
|
|
|
|
# Exportarr for Bazarr
|
|
# Disabled: needs API key configuration
|
|
# systemd.services.exportarr-bazarr = {
|
|
# description = "Exportarr Prometheus Exporter for Bazarr";
|
|
# wantedBy = ["multi-user.target"];
|
|
# after = ["network.target"];
|
|
# serviceConfig = {
|
|
# Type = "simple";
|
|
# DynamicUser = true;
|
|
# ExecStart = "${pkgs.exportarr}/bin/exportarr bazarr --port ${toString ports.bazarr} --url http://localhost:6767";
|
|
# Restart = "on-failure";
|
|
# };
|
|
# };
|
|
|
|
# Deluge exporter
|
|
systemd.services.deluge-exporter = {
|
|
description = "Deluge Prometheus Exporter";
|
|
wantedBy = ["multi-user.target"];
|
|
after = ["network.target"];
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
DynamicUser = true;
|
|
ExecStart = "${pkgs.prometheus-deluge-exporter}/bin/deluge-exporter localhost:58846 --addr :${toString ports.deluge}";
|
|
Restart = "on-failure";
|
|
};
|
|
};
|
|
|
|
# Samba exporter - using a simple script to expose smbstatus metrics
|
|
# For now, we'll skip this and can add later if needed
|
|
|
|
# Open firewall ports for Prometheus exporters
|
|
networking.firewall = {
|
|
# Allow from Tailscale network
|
|
interfaces."tailscale0".allowedTCPPorts = [
|
|
ports.node
|
|
ports.systemd
|
|
ports.process
|
|
ports.cadvisor
|
|
ports.caddy
|
|
ports.jellyfin
|
|
ports.pihole
|
|
# ports.sonarr # Disabled - needs API key
|
|
# ports.radarr # Disabled - needs API key
|
|
# ports.lidarr # Disabled - needs API key
|
|
# ports.bazarr # Disabled - needs API key
|
|
ports.deluge
|
|
];
|
|
};
|
|
}
|