Torjus Håkestad
60c04a2052
When one host fetches the latest flake revision, it publishes to NATS and all other hosts receive the update immediately. This reduces redundant nix flake metadata calls across the fleet. - Add nkeys to devshell for key generation - Add nixos-exporter user to NATS HOMELAB account - Add Vault secret for NKey storage - Configure all hosts to use NATS for revision sharing - Update nixos-exporter input to version with NATS support Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
56 lines
1.3 KiB
Nix
56 lines
1.3 KiB
Nix
{ pkgs, ... }:
|
|
{
|
|
services.prometheus.exporters.node = {
|
|
enable = true;
|
|
enabledCollectors = [
|
|
"systemd"
|
|
"logind"
|
|
"cgroups"
|
|
"processes"
|
|
];
|
|
};
|
|
|
|
services.prometheus.exporters.systemd = {
|
|
enable = true;
|
|
# Default port: 9558
|
|
extraFlags = [
|
|
"--systemd.collector.enable-restart-count"
|
|
"--systemd.collector.enable-ip-accounting"
|
|
];
|
|
};
|
|
|
|
# Fetch NKey from Vault for NATS authentication
|
|
vault.secrets.nixos-exporter-nkey = {
|
|
secretPath = "shared/nixos-exporter/nkey";
|
|
extractKey = "nkey";
|
|
};
|
|
|
|
services.prometheus.exporters.nixos = {
|
|
enable = true;
|
|
# Default port: 9971
|
|
flake = {
|
|
enable = true;
|
|
url = "git+https://git.t-juice.club/torjus/nixos-servers.git";
|
|
nats = {
|
|
enable = true;
|
|
url = "nats://nats1.home.2rjus.net:4222";
|
|
credentialsFile = "/run/secrets/nixos-exporter-nkey";
|
|
};
|
|
};
|
|
};
|
|
|
|
# Ensure exporter starts after Vault secret is available
|
|
systemd.services.prometheus-nixos-exporter = {
|
|
after = [ "vault-secret-nixos-exporter-nkey.service" ];
|
|
requires = [ "vault-secret-nixos-exporter-nkey.service" ];
|
|
};
|
|
|
|
# Register nixos-exporter as a Prometheus scrape target
|
|
homelab.monitoring.scrapeTargets = [
|
|
{
|
|
job_name = "nixos-exporter";
|
|
port = 9971;
|
|
}
|
|
];
|
|
}
|