This commit is contained in:
parent
e0846af5e3
commit
0bf1eb4ed6
|
@ -22,8 +22,17 @@ in {
|
||||||
openFirewall = mkOption {
|
openFirewall = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = lib.mdDoc ''
|
||||||
Whether to open port 53 in the firwall for unbound dns
|
Whether to open port 53 in the firwall for unbound dns
|
||||||
|
And `services.prometheus.exporters.unbound.port` for metrics (if enabled).
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
enableMetrics = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = cfg.mode == "server";
|
||||||
|
description = ''
|
||||||
|
Enable prometheus metrics
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -38,12 +47,19 @@ in {
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
networking.firewall = mkIf cfg.openFirewall {
|
networking.firewall = mkIf cfg.openFirewall {
|
||||||
allowedTCPPorts = [ 53 ];
|
allowedTCPPorts = [ 53 ] ;
|
||||||
allowedUDPPorts = [ 53 ];
|
allowedUDPPorts = [ 53 ];
|
||||||
};
|
};
|
||||||
|
services.prometheus.exporters.unbound = mkIf cfg.enableMetrics {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = cfg.openFirewall;
|
||||||
|
controlInterface = config.services.unbound.localControlSocketPath;
|
||||||
|
group = config.services.unbound.group;
|
||||||
|
};
|
||||||
services.unbound = {
|
services.unbound = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.v.unbound;
|
package = pkgs.v.unbound;
|
||||||
|
localControlSocketPath = mkIf cfg.enableMetrics "/run/unbound/unbound.socket";
|
||||||
settings = {
|
settings = {
|
||||||
server = mkMerge [
|
server = mkMerge [
|
||||||
{
|
{
|
||||||
|
|
|
@ -8,6 +8,7 @@ let
|
||||||
db_user = "dex";
|
db_user = "dex";
|
||||||
db_name = "dex";
|
db_name = "dex";
|
||||||
inherit (config.meta.exposes.dex) port;
|
inherit (config.meta.exposes.dex) port;
|
||||||
|
metricsPort = 5558;
|
||||||
in {
|
in {
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
|
@ -19,7 +20,7 @@ in {
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = "23.05"; # Did you read the comment?
|
system.stateVersion = "23.05"; # Did you read the comment?
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ port ];
|
networking.firewall.allowedTCPPorts = [ port metricsPort ];
|
||||||
|
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -49,6 +50,7 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
web.http = "0.0.0.0:${toString port}";
|
web.http = "0.0.0.0:${toString port}";
|
||||||
|
telemetry.http = "0.0.0.0:${toString metricsPort}";
|
||||||
|
|
||||||
connectors = [{
|
connectors = [{
|
||||||
type = "gitea";
|
type = "gitea";
|
||||||
|
|
|
@ -72,6 +72,20 @@ in {
|
||||||
labels.app = "ntfy";
|
labels.app = "ntfy";
|
||||||
}];
|
}];
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
job_name = "dex";
|
||||||
|
static_configs = [{
|
||||||
|
targets = [ "dex.olympus:5558" ];
|
||||||
|
labels.app = "dex";
|
||||||
|
}];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
job_name = "unbound";
|
||||||
|
static_configs = [{
|
||||||
|
targets = [ "dns-1.olympus:9167" "dns-2.olympus:9167" ];
|
||||||
|
labels.app = "dns";
|
||||||
|
}];
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue