78 lines
2 KiB
Nix
78 lines
2 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.clerie.monitoring;
|
|
|
|
monitoringServer = "kaon.net.entr0py.de";
|
|
networkBase = "fd00:23:23:23::";
|
|
serverPubKey = "iHrvJyvIWnsAc2FuXBy1ATuj2hy1jek0C9MqFcisH0k=";
|
|
|
|
in
|
|
|
|
{
|
|
options = {
|
|
clerie.monitoring = {
|
|
enable = mkEnableOption "clerie's Monitoring (with tweaks)";
|
|
networkBase = mkOption {
|
|
type = types.str;
|
|
default = networkBase;
|
|
};
|
|
server = mkOption {
|
|
type = types.str;
|
|
default = monitoringServer;
|
|
};
|
|
serverPort = mkOption {
|
|
type = types.int;
|
|
default = 51820;
|
|
};
|
|
id = mkOption {
|
|
type = types.str;
|
|
description = "ID of the Monitoring Interface (it is actually a part of an ip address)";
|
|
};
|
|
serverPublicKey = mkOption {
|
|
type = types.str;
|
|
default = serverPubKey;
|
|
};
|
|
pubkey = mkOption {
|
|
type = types.str;
|
|
description = "Public Key of the monitoring wireguard interface of this host";
|
|
};
|
|
privKeyFile = mkOption {
|
|
type = types.str;
|
|
example = "/run/keys/keyfile";
|
|
};
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
environment.systemPackages = with pkgs; [
|
|
wireguard
|
|
wireguard-tools
|
|
];
|
|
networking.wireguard.enable = true;
|
|
networking.wireguard.interfaces = {
|
|
wg-monitoring = {
|
|
ips = [ "${cfg.networkBase}${cfg.id}/64" ];
|
|
peers = [
|
|
{
|
|
endpoint = "${cfg.server}:${toString cfg.serverPort}";
|
|
persistentKeepalive = 25;
|
|
allowedIPs = [ "${cfg.networkBase}/64" ];
|
|
publicKey = "${cfg.serverPublicKey}";
|
|
}
|
|
];
|
|
privateKeyFile = "${cfg.privKeyFile}";
|
|
};
|
|
};
|
|
|
|
services.prometheus.exporters.node = {
|
|
enable = true;
|
|
#listenAddress = "${monitoring-network-base}${cfg.id}";
|
|
openFirewall = true;
|
|
firewallFilter = "-i wg-monitoring -p tcp -m tcp --dport 9100";
|
|
};
|
|
};
|
|
}
|