torjus/nixos-servers
1
0
Fork 0
Code Issues 1 Pull Requests Actions 1 Packages Projects 1 Releases Wiki Activity
Files
3cccfc048759232d29ba45dccda455a6a5d6c4d5
nixos-servers/terraform/vault/variables.tf
Torjus Håkestad 3cccfc0487
Some checks failed
Run nix flake check / flake-check (push) Failing after 7m36s
Details
monitoring: implement monitoring gaps coverage 
Add exporters and scrape targets for services lacking monitoring:
- PostgreSQL: postgres-exporter on pgdb1
- Authelia: native telemetry metrics on auth01
- Unbound: unbound-exporter with remote-control on ns1/ns2
- NATS: HTTP monitoring endpoint on nats1
- OpenBao: telemetry config and Prometheus scrape with token auth
- Systemd: systemd-exporter on all hosts for per-service metrics

Add alert rules for postgres, auth (authelia + lldap), jellyfin,
vault (openbao), plus extend existing nats and unbound rules.

Add Terraform config for Prometheus metrics policy and token. The
token is created via vault_token resource and stored in KV, so no
manual token creation is needed.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 21:44:13 +01:00

55 lines
1.1 KiB
HCL
Raw Blame History

variable "vault_address" {
description = "OpenBao server address"
type = string
default = "https://vault01.home.2rjus.net:8200"
}
variable "vault_token" {
description = "OpenBao root or admin token"
type = string
sensitive = true
}
variable "vault_skip_tls_verify" {
description = "Skip TLS verification (for self-signed certs)"
type = bool
default = true
}
variable "nats_nkey" {
description = "NATS NKey for alerttonotify"
type = string
sensitive = true
}
variable "pve_exporter_config" {
description = "PVE exporter YAML configuration"
type = string
sensitive = true
}
variable "ns_xfer_key" {
description = "DNS zone transfer TSIG key"
type = string
sensitive = true
}
variable "wireguard_private_key" {
description = "WireGuard private key for http-proxy"
type = string
sensitive = true
}
variable "cache_signing_key" {
description = "Nix binary cache signing key"
type = string
sensitive = true
}
variable "actions_token_1" {
description = "Gitea Actions runner token"
type = string
sensitive = true
}
Reference in New Issue View Git Blame Copy Permalink