Newer
Older
{ publicIPv4
, hardware
, publicStoragePort
, ristrettoSigningKeyPath
, passValue
, sshUsers
, stateVersion
, monitoringvpnIPv4 ? null
, monitoringvpnKeyDir ? null
, vpnClientIPs ? null
Florian Sesser
committed
, nodeExporterTargets ? []
, nginxExporterTargets ? []
enableVpn = monitoringvpnKeyDir != null &&
monitoringvpnIPv4 != null &&
vpnClientIPs != null;
vpnSecrets = if !enableVpn then {} else {
"monitoringvpn-private-key" = {
source = monitoringvpnKeyDir + "/server.key";
destination = "/run/keys/monitoringvpn/server.key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
};
"monitoringvpn-preshared-key" = {
source = monitoringvpnKeyDir + "/preshared.key";
destination = "/run/keys/monitoringvpn/preshared.key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
};
};
Florian Sesser
committed
};
imports = [
hardware
../../nixos/modules/monitoring/vpn/server.nix
../../nixos/modules/monitoring/server/prometheus.nix
../../nixos/modules/monitoring/exporters/node.nix
# Loki 0.3.0 from Nixpkgs 19.09 is too old and does not work:
# ../../nixos/modules/monitoring/server/loki.nix
services.private-storage.monitoring.vpn.server = if !enableVpn then {} else {
inherit vpnClientIPs;
domain = "monitoring.private.storage";
prometheusUrl = "http://localhost:9090/";
lokiUrl = "http://localhost:3100/";
};
services.private-storage.monitoring.prometheus = {
inherit nodeExporterTargets;
inherit nginxExporterTargets;