torjus/nixos-servers
1
0
Fork 0
Code Issues 1 Pull Requests Actions 1 Packages Projects 1 Releases Wiki Activity
Files
c515a6b4e1892d97a5266e6f4bbabaf7bb9b1b1f
nixos-servers/services/ns/resolver.nix
Torjus Håkestad 3cccfc0487
Some checks failed
Run nix flake check / flake-check (push) Failing after 7m36s
Details
monitoring: implement monitoring gaps coverage 
Add exporters and scrape targets for services lacking monitoring:
- PostgreSQL: postgres-exporter on pgdb1
- Authelia: native telemetry metrics on auth01
- Unbound: unbound-exporter with remote-control on ns1/ns2
- NATS: HTTP monitoring endpoint on nats1
- OpenBao: telemetry config and Prometheus scrape with token auth
- Systemd: systemd-exporter on all hosts for per-service metrics

Add alert rules for postgres, auth (authelia + lldap), jellyfin,
vault (openbao), plus extend existing nats and unbound rules.

Add Terraform config for Prometheus metrics policy and token. The
token is created via vault_token resource and stored in KV, so no
manual token creation is needed.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 21:44:13 +01:00

64 lines
1.5 KiB
Nix
Raw Blame History

{ pkgs, ... }: {
homelab.monitoring.scrapeTargets = [{
job_name = "unbound";
port = 9167;
}];
networking.firewall.allowedTCPPorts = [
53
];
networking.firewall.allowedUDPPorts = [
53
];
services.prometheus.exporters.unbound = {
enable = true;
unbound.host = "unix:///run/unbound/unbound.ctl";
};
# Grant exporter access to unbound socket
systemd.services.prometheus-unbound-exporter.serviceConfig.SupplementaryGroups = [ "unbound" ];
services.unbound = {
enable = true;
settings = {
server = {
access-control = [
"127.0.0.0/8 allow"
"0.0.0.0/0 allow"
];
local-zone = "home.2rjus.net nodefault";
domain-insecure = "home.2rjus.net";
interface = "0.0.0.0";
do-not-query-localhost = "no";
port = "53";
do-ip4 = "yes";
do-ip6 = "no";
do-udp = "yes";
do-tcp = "yes";
extended-statistics = true;
};
remote-control = {
control-enable = true;
control-interface = "/run/unbound/unbound.ctl";
};
stub-zone = {
name = "home.2rjus.net";
stub-addr = "127.0.0.1@8053";
};
forward-zone = {
name = ".";
forward-tls-upstream = "yes";
# forward-addr = "1.1.1.1@853#cloudflare-dns.com";
forward-addr = [
"1.1.1.1@853#cloudflare-dns.com"
"1.0.0.1@853#cloudflare-dns.com"
"8.8.8.8@853#dns.google"
"8.8.4.4@853#dns.google"
];
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink