feat: define global monitoring for each service and automatically configure telegraf based on it

2025-10-11 07:10:39 +02:00 · 2024-07-14 14:11:53 +02:00 · 2024-07-14 14:11:53 +02:00 · e35daee76d
commit e35daee76d
parent 79e1e782c4
23 changed files with 403 additions and 83 deletions
--- a/hosts/ward/guests/adguardhome.nix
+++ b/hosts/ward/guests/adguardhome.nix
@ -13,6 +13,18 @@ in {
  };

  globals.services.adguardhome.domain = adguardhomeDomain;
+  globals.monitoring.dns.adguardhome = {
+    server = globals.net.home-lan.hosts.ward-adguardhome.ipv4;
+    domain = ".";
+    location = "home";
+    network = "home-lan";
+  };
+  globals.monitoring.http.adguardhome = {
+    url = "https://${adguardhomeDomain}";
+    location = "home";
+    network = "internet";
+  };
+
  nodes.sentinel = {
    services.nginx = {
      upstreams.adguardhome = {
--- a/hosts/ward/guests/forgejo.nix
+++ b/hosts/ward/guests/forgejo.nix
@ -23,6 +23,12 @@ in {
  };

  globals.services.forgejo.domain = forgejoDomain;
+  globals.monitoring.http.forgejo = {
+    url = "https://${forgejoDomain}";
+    location = "home";
+    network = "internet";
+  };
+
  nodes.sentinel = {
    # Rewrite destination addr with dnat on incoming connections
    # and masquerade responses to make them look like they originate from this host.
--- a/hosts/ward/guests/kanidm.nix
+++ b/hosts/ward/guests/kanidm.nix
@ -40,6 +40,12 @@ in {
  age.secrets.kanidm-oauth2-web-sentinel = mkRandomSecret;

  globals.services.kanidm.domain = kanidmDomain;
+  globals.monitoring.http.kanidm = {
+    url = "https://${kanidmDomain}";
+    location = "home";
+    network = "internet";
+  };
+
  nodes.sentinel = {
    services.nginx = {
      upstreams.kanidm = {
--- a/hosts/ward/guests/netbird.nix
+++ b/hosts/ward/guests/netbird.nix
@ -78,6 +78,12 @@ in {
  };

  globals.services.netbird.domain = netbirdDomain;
+  globals.monitoring.http.netbird = {
+    url = "https://${netbirdDomain}";
+    location = "home";
+    network = "internet";
+  };
+
  nodes.sentinel = {
    services.nginx = {
      upstreams.netbird-mgmt = {
--- a/hosts/ward/guests/radicale.nix
+++ b/hosts/ward/guests/radicale.nix
@ -7,6 +7,12 @@ in {
  };

  globals.services.radicale.domain = radicaleDomain;
+  globals.monitoring.http.radicale = {
+    url = "https://${radicaleDomain}";
+    location = "home";
+    network = "internet";
+  };
+
  nodes.sentinel = {
    services.nginx = {
      upstreams.radicale = {
--- a/hosts/ward/guests/vaultwarden.nix
+++ b/hosts/ward/guests/vaultwarden.nix
@ -26,6 +26,13 @@ in {
  ];

  globals.services.vaultwarden.domain = vaultwardenDomain;
+  globals.monitoring.http.vaultwarden = {
+    url = "https://${vaultwardenDomain}";
+    expectedBodyRegex = "Vaultwarden";
+    location = "home";
+    network = "internet";
+  };
+
  nodes.sentinel = {
    services.nginx = {
      upstreams.vaultwarden = {
--- a/hosts/ward/net.nix
+++ b/hosts/ward/net.nix
@ -1,31 +1,16 @@
 {
  config,
  globals,
+  lib,
  ...
 }: {
  networking.hostId = config.repo.secrets.local.networking.hostId;

-  globals.net = {
-    home-wan = {
-      cidrv4 = "192.168.178.0/24";
-      hosts.fritzbox.id = 1;
-      hosts.ward.id = 2;
-    };
-
-    home-lan = {
-      cidrv4 = "192.168.1.0/24";
-      cidrv6 = "fd10::/64";
-      hosts.ward.id = 1;
-      hosts.sire.id = 2;
-      hosts.ward-adguardhome.id = 3;
-      hosts.ward-web-proxy.id = 4;
-      hosts.sire-samba.id = 10;
-    };
-
-    proxy-home = {
-      cidrv4 = "10.44.0.0/24";
-      cidrv6 = "fd00:44::/120";
-    };
+  globals.monitoring.ping.ward = {
+    hostv4 = lib.net.cidr.ip globals.net.home-lan.hosts.ward.cidrv4;
+    hostv6 = lib.net.cidr.ip globals.net.home-lan.hosts.ward.cidrv6;
+    location = "home";
+    network = "home-lan";
  };

  boot.initrd.systemd.network = {