nixos/caddy: export metrics to prometheus

2024-09-07 20:38:10 +08:00 · 2024-09-07 20:38:10 +08:00 · 5f8f3eb171
commit 5f8f3eb171
parent 2ef8aaf319
2 changed files with 70 additions and 29 deletions
--- a/hosts/tyo0/services/prometheus.nix
+++ b/hosts/tyo0/services/prometheus.nix
@ -19,18 +19,17 @@ in
      listenAddress = "127.0.0.1";
      port = ports.blackbox;
      configFile = (pkgs.formats.yaml { }).generate "config.yaml" {
-        modules = {
-          http_2xx = {
+        modules.http_2xx = {
          prober = "http";
-          };
+          http.fail_if_not_ssl = true;
        };
      };
    };

    scrapeConfigs = [
      {
-        job_name = "metrics";
-        scheme = "https";
+        job_name = "node_exporter";
+        metrics_path = "/metrics";
        basic_auth = {
          username = "prometheus";
          password_file = config.sops.secrets."prometheus/auth".path;
@ -43,8 +42,29 @@ in
        };
      }
      {
-        job_name = "http";
-        scheme = "http";
+        job_name = "caddy";
+        metrics_path = "/caddy";
+        basic_auth = {
+          username = "prometheus";
+          password_file = config.sops.secrets."prometheus/auth".path;
+        };
+        static_configs = lib.singleton {
+          targets = [
+            "tyo0.ny4.dev"
+            "pek0.ny4.dev"
+          ];
+        };
+      }
+      {
+        job_name = "blackbox_exporter";
+        static_configs = lib.singleton {
+          targets = [
+            "127.0.0.1:${toString ports.blackbox}"
+          ];
+        };
+      }
+      {
+        job_name = "blackbox_probe";
        metrics_path = "/probe";
        params = {
          module = [ "http_2xx" ];
@ -90,12 +110,12 @@ in
          rules = [
            {
              alert = "NodeDown";
-              expr = ''up == 0'';
+              expr = ''up{job="node_exporter"} == 0'';
              for = "5m";
            }
            {
              alert = "HTTPDown";
-              expr = ''probe_http_status_code < 200 or probe_http_status_code > 299'';
+              expr = ''up{job="blackbox_probe"} == 0 or probe_success{job="blackbox_probe"} == 0'';
              for = "5m";
            }
            {
--- a/nixos/profiles/prometheus/default.nix
+++ b/nixos/profiles/prometheus/default.nix
@ -7,7 +7,9 @@
    enabledCollectors = [ "systemd" ];
  };

-  services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
+  services.caddy.settings.apps.http.servers.srv0.metrics = { };
+  services.caddy.settings.apps.http.servers.srv0.routes = [
+    {
      match = lib.singleton {
        host = [ config.networking.fqdn ];
        path = [ "/metrics" ];
@ -25,5 +27,24 @@
          upstreams = lib.singleton { dial = "127.0.0.1:9091"; };
        }
      ];
+    }
+    {
+      match = lib.singleton {
+        host = [ config.networking.fqdn ];
+        path = [ "/caddy" ];
      };
+      handle = [
+        {
+          handler = "authentication";
+          providers.http_basic.accounts = lib.singleton {
+            username = "prometheus";
+            password = "$2a$14$2Phk4tobM04H4XiGegB3TuEXkyORCKMKW8TptYPTPXUWmZgtGBj/.";
+          };
+        }
+        {
+          handler = "metrics";
+        }
+      ];
+    }
+  ];
 }