torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

nixos-exporter: enable NATS cache sharing #38

Merged
torjus merged 1 commits from nixos-exporter-nats-cache into master 2026-02-08 22:58:24 +00:00
Conversation 0 Commits 1 Files Changed 6 +44 -4
6 changed files with 44 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
flake.lock generated
View File

@@ -49,11 +49,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770422522, "lastModified": 1770590420,
"narHash": "sha256-WmIFnquu4u58v8S2bOVWmknRwHn4x88CRfBFTzJ1inQ=", "narHash": "sha256-Gih+2ufQXcZQzrlSrgZWcG7u9TjQT7z/6qybnX5yJn8=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "cf0ce858997af4d8dcc2ce10393ff393e17fc911", "rev": "acfb142788dc994cf64931f55063393d807c6ebf",
"revCount": 11, "revCount": 14,
"type": "git", "type": "git",
"url": "https://git.t-juice.club/torjus/nixos-exporter" "url": "https://git.t-juice.club/torjus/nixos-exporter"
}, },

1
flake.nix
View File

@@ -217,6 +217,7 @@
pkgs.opentofu pkgs.opentofu
pkgs.openbao pkgs.openbao
pkgs.kanidm_1_8 pkgs.kanidm_1_8
pkgs.nkeys
(pkgs.callPackage ./scripts/create-host { }) (pkgs.callPackage ./scripts/create-host { })
homelab-deploy.packages.${pkgs.system}.default homelab-deploy.packages.${pkgs.system}.default
]; ];

9
services/nats/default.nix
View File

@@ -35,9 +35,18 @@
HOMELAB = { HOMELAB = {
jetstream = "enabled"; jetstream = "enabled";
users = [ users = [
# alerttonotify (full access to HOMELAB account)
{ {
nkey = "UASLNKLWGICRTZMIXVD3RXLQ57XRIMCKBHP5V3PYFFRNO3E3BIJBCYMZ"; nkey = "UASLNKLWGICRTZMIXVD3RXLQ57XRIMCKBHP5V3PYFFRNO3E3BIJBCYMZ";
} }
# nixos-exporter (restricted to nixos-exporter subjects)
{
nkey = "UBCL3ODHVERVZJNGUJ567YBBKHQZOV3LK3WO6TVVSGQOCTK2NQ3IJVRV"; # Replace with public key from: nix develop -c nk -gen user -pubout
permissions = {
publish = [ "nixos-exporter.>" ];
subscribe = [ "nixos-exporter.>" ];
};
}
]; ];
}; };

17
system/monitoring/metrics.nix
View File

@@ -19,14 +19,31 @@
]; ];
}; };
# Fetch NKey from Vault for NATS authentication
vault.secrets.nixos-exporter-nkey = {
secretPath = "shared/nixos-exporter/nkey";
extractKey = "nkey";
};
services.prometheus.exporters.nixos = { services.prometheus.exporters.nixos = {
enable = true; enable = true;
# Default port: 9971 # Default port: 9971
flake = { flake = {
enable = true; enable = true;
url = "git+https://git.t-juice.club/torjus/nixos-servers.git"; url = "git+https://git.t-juice.club/torjus/nixos-servers.git";
nats = {
enable = true;
url = "nats://nats1.home.2rjus.net:4222";
credentialsFile = "/run/secrets/nixos-exporter-nkey";
}; };
}; };
};
# Ensure exporter starts after Vault secret is available
systemd.services.prometheus-nixos-exporter = {
after = [ "vault-secret-nixos-exporter-nkey.service" ];
requires = [ "vault-secret-nixos-exporter-nkey.service" ];
};
# Register nixos-exporter as a Prometheus scrape target # Register nixos-exporter as a Prometheus scrape target
homelab.monitoring.scrapeTargets = [ homelab.monitoring.scrapeTargets = [

6
terraform/vault/secrets.tf
View File

@@ -114,6 +114,12 @@ locals {
auto_generate = true auto_generate = true
password_length = 64 password_length = 64
} }
# NKey for nixos-exporter NATS cache sharing
"shared/nixos-exporter/nkey" = {
auto_generate = false
data = { nkey = var.nixos_exporter_nkey }
}
} }
} }

7
terraform/vault/variables.tf
View File

@@ -73,3 +73,10 @@ variable "homelab_deploy_admin_deployer_nkey" {
sensitive = true sensitive = true
} }
variable "nixos_exporter_nkey" {
description = "NKey seed for nixos-exporter NATS authentication"
type = string
default = "PLACEHOLDER"
sensitive = true
}