mob next [ci-skip] [ci skip] [skip ci]

lastFile:vars/per-machine/vega/yggdrasil/privateKey/secret
2026-06-16 15:11:51 +07:00
parent 77b487a709
commit 57aa5b774a
36 changed files with 492 additions and 0 deletions
@@ -0,0 +1,123 @@
+{ clanLib, ... }:
+{
+  _class = "clan.service";
+  manifest.name = "prometheus";
+  manifest.description = "The Prometheus monitoring system and time series database.";
+  manifest.readme = builtins.readFile ./README.md;
+  manifest.categories = [ "System" ];
+
+  roles.server = {
+    description = "Prometheus server that scraps all data from nodes";
+
+    interface =
+      { lib, ... }:
+      {
+        options = {
+          scrape_interval = lib.mkOption {
+            type = with lib.types; nullOr str;
+            default = "5m";
+            description = "How often to scrape targets. Default is 5 minutes";
+          };
+        };
+      };
+
+    perInstance =
+      {
+        settings,
+        roles,
+        ...
+      }:
+      {
+        nixosModule =
+          {
+            config,
+            lib,
+            ...
+          }:
+          let
+            getYggdrasilIP =
+              machineName:
+              if config.clan.core.vars.generators.yggdrasil.files.address ? value then
+                clanLib.getPublicValue {
+                  flake = config.clan.core.settings.directory;
+                  machine = machineName;
+                  generator = "yggdrasil";
+                  file = "address";
+                  default = null;
+                }
+              else
+                throw "clanService/yggdrasil is required";
+          in
+          {
+            networking.firewall.allowedTCPPorts = [
+              9090
+            ];
+            services.prometheus = {
+              enable = true;
+
+              globalConfig = {
+                scrape_interval = settings.scrape_interval;
+              };
+
+              scrapeConfigs = lib.mapAttrsToList (machineName: machineVal: {
+                tls_config.insecure_skip_verify = true;
+                job_name = "${machineName}";
+                static_configs = lib.mapAttrsToList (
+                  exporterName: exporterVal:
+                  let
+                    targetPort =
+                      if exporterVal ? port then
+                        exporterVal.port
+                      else
+                        config.services.prometheus.exporters."${exporterName}".port;
+                    targetHost = getYggdrasilIP machineName;
+                  in
+                  {
+                    targets = [ "[${targetHost}]:${lib.toString targetPort}" ];
+                  }
+                ) machineVal.settings.exporters;
+              }) roles.nodes.machines;
+
+            };
+
+          };
+      };
+  };
+
+  roles.nodes = {
+    description = "A node will expose metrics for server to harvest";
+
+    interface =
+      { lib, ... }:
+      {
+        options = {
+          exporters = lib.mkOption {
+            type = lib.types.attrsOf (lib.types.submodule { });
+            default = { };
+            description = "Mirror of services.prometheus.exporters";
+          };
+        };
+      };
+
+    perInstance =
+      { settings, ... }:
+      let
+        enabledExporters = builtins.mapAttrs (
+          name: value:
+          value
+          // {
+            enable = true;
+            openFirewall = true;
+          }
+        ) settings.exporters;
+      in
+      {
+        nixosModule =
+          { ... }:
+          {
+            services.prometheus.exporters = enabledExporters;
+          };
+      };
+  };
+
+}
@@ -0,0 +1,19 @@
+{ self, inputs, ... }:
+let
+  module = ./default.nix;
+in
+{
+  clan.modules = {
+    prometheus = module;
+  };
+  perSystem =
+    { ... }:
+    {
+      clan.nixosTests.service-prometheus = {
+        imports = [ ./tests/vm/default.nix ];
+        _module.args = { inherit self inputs; };
+
+        clan.modules."@clan/prometheus" = module;
+      };
+    };
+}
@@ -0,0 +1,74 @@
+{
+  self,
+  hostPkgs,
+  config,
+  lib,
+  ...
+}:
+{
+  name = "service-prometheus";
+  result.update-vars =
+    let
+      relativeDir = lib.removePrefix "${self}/" (toString config.clan.directory);
+    in
+    hostPkgs.writeShellScriptBin "update-vars" ''
+      set -x
+      export PRJ_ROOT=$(git rev-parse --show-toplevel)
+      ${
+        self.inputs.clan-core.packages.${hostPkgs.system}.clan-cli
+      }/bin/clan-generate-test-vars $PRJ_ROOT/${relativeDir} ${config.name}
+    '';
+
+  clan = {
+    test.useContainers = false;
+    directory = ./.;
+    inventory = {
+      machines.server = { };
+      machines.nodeA = { };
+
+      instances = {
+        yggdrasil = {
+          module.name = "yggdrasil";
+          roles.default.machines.server = { };
+          roles.default.machines.nodeA = { };
+        };
+
+        prometheus = {
+          module.name = "@clan/prometheus";
+          module.input = "self";
+          roles.nodes.machines."nodeA".settings = {
+            exporters.smartctl = { };
+          };
+          roles.server.machines."server".settings = { };
+        };
+      };
+    };
+  };
+
+  nodes = {
+    server = { };
+    nodeA = { };
+  };
+
+  testScript =
+    { nodes, ... }:
+    ''
+      start_all()
+
+      server.wait_for_unit("prometheus.service")
+
+      nodeA.wait_for_unit("prometheus-smartctl-exporter.service")
+      nodeA.wait_for_open_port(9633)
+
+      nodeA.succeed("systemctl status prometheus-smartctl-exporter.service")
+      nodeA.succeed("curl http://localhost:9633/metrics")
+
+
+      server_ip = server.succeed("ip -4 addr show eth1 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'").strip()
+      nodeA_ip = nodeA.succeed("ip -4 addr show eth1 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'").strip()
+
+      server.succeed(f"ping -c 3 {nodeA_ip}")
+      server.succeed(f"curl -v http://{nodeA_ip}:9633/metrics")
+
+    '';
+}
@@ -0,0 +1,6 @@
+[
+  {
+    "publickey": "age1kxsp8pa8am6k333nxs4akjqkhht8gspznmlqz4pxn35h5dj4uv5qj6q6fl",
+    "type": "age"
+  }
+]
@@ -0,0 +1,6 @@
+[
+  {
+    "publickey": "age1dkrf438z3337d2qnc7ugkggua99xkh55wuf9zgun35fjrxdpnf5qkg4z6j",
+    "type": "age"
+  }
+]
@@ -0,0 +1,14 @@
+{
+	"data": "ENC[AES256_GCM,data:Z8I3ecNV2N2jed1sPBU+tI5r5qB2nVTO7aNyMxvp0ztujn8kXjw+thSvLGtRygL2V9rSmPJalHQf1IYUriXgCmYtfg5InPDCAqk=,iv:O4rSyg2G6PJWHURZ/BTBKmn1AVekbNBdg5137sOPL/U=,tag:4/CLfO50laZ8ljWkr6o4qA==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTSWxnekYvREdZMTBMVlRq\nRmtCemFYZDhLYU93azc5czdoTVUydFFUL1JzCmo4ZHlrNi8yeW15N2JxTytWeCtk\nbjRwWUVlazUwTlMwc1RZVU8xYlVlckEKLS0tIFVPeU5KMVFwdExFT0wzeXZka2Jo\nSmxEM2RPTWdoZXJxK0dpemUzVkNzdGcKfXdiSeAcNwEZi7kh9c89ss5K+dYG0lhq\nFsf2I0A1csxqqnYJqXPmwlVGMzuWDrWRU0uc+hQLndP3TbadVux64w==\n-----END AGE ENCRYPTED FILE-----\n",
+				"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg"
+			}
+		],
+		"lastmodified": "2026-06-11T07:43:55Z",
+		"mac": "ENC[AES256_GCM,data:OCPR2tkbN72MdaczO47UNCJBb1KjABHQH9q7dtVEwoAhKg4QWFtsDaMwBTVE9qe48nlaWQbxT1mM7uztm6RXLkc5y2c3danPUYFj/FK/ffqpaxv3oReyxWqMoGayT23kFbB0TWEx1K8Jp3gOkwCPg+ZRClvhV1dXrfnwIwZHrBY=,iv:3puPIWFIxRF1KtrmyG54LqCc7Zg4/AOMD65QjYdN970=,tag:RoIVltMKw7WUvgW6sNk6mA==,type:str]",
+		"version": "3.13.0"
+	}
+}
@@ -0,0 +1 @@
+../../../users/admin
@@ -0,0 +1,14 @@
+{
+	"data": "ENC[AES256_GCM,data:Nuq6ege3HJOxpRgA6fnxdD2Wj+KCw+3PaJCxmZirJl3mkRVLnZgUUhr+gOVEup9Ifjl1ZnP+PqV7b9pPR/WQg0LARYtxIC1QGJ8=,iv:v9p9lsefP5V9McAJCzS7v9sl8XHr9/hAL41XwFbwMOA=,tag:ETK+CFFJAAzGTpowQNAZMQ==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArN0NEWFZoZWlyeUtZc3hi\ndnVNcHl4eVVHckRLeFhPYUt4a3BwMElFMVZZCklkU1NEWVVmSGw1NmJmWWkrVHFH\nVTN5U0x3NXdiQUJCc095TElzMWZCMXMKLS0tIHRXQkJNREFYUFFvMXM1Sk53VW5z\naTRjMXozZXZiNU8zSkF5d2hhdklBY1EKWwsPi6YiHKFfAyqWH2u75hw47gzcQOz/\n95Im0FgadhqGDCeZhTDfEAc4b1VWQULInsjeRapzf5OJOwekbz6guA==\n-----END AGE ENCRYPTED FILE-----\n",
+				"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg"
+			}
+		],
+		"lastmodified": "2026-06-11T07:45:26Z",
+		"mac": "ENC[AES256_GCM,data:mTKFSBFnUzu3rldQCHPZHoyzDdwPzBWPIAhemC1XyG5PiQ/OczStjYaLzZQGCpPvOjBb5Ntqrc+dnaOedZgKlOdaPjZs1U2ZDWadoeWQ2TAKWYA6+kN7PXomsxtHhntiaujMy3502eh06VyiutpVuCdzK2cfEwuno8nyIcHgtXk=,iv:/5DRvFVDQA+yd8m/+Cyxb+aIsfwoaFcV6KRQ/7ISHnU=,tag:z31P6CL0NNRlQThqwapVNA==,type:str]",
+		"version": "3.13.0"
+	}
+}
@@ -0,0 +1 @@
+../../../users/admin
@@ -0,0 +1,4 @@
+{
+  "publickey": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
+  "type": "age"
+}
@@ -0,0 +1 @@
+26.05
@@ -0,0 +1 @@
+204:b10b:6057:4bbe:2b44:fc58:c6fd:90ad
@@ -0,0 +1 @@
+../../../../../../sops/machines/nodeA
@@ -0,0 +1,18 @@
+{
+	"data": "ENC[AES256_GCM,data:JkuciSmL5nmSjcYn22W7iHKzuRxWMJ5dixYllm0aSM7DsyAp9mQzIYJJmalepp7sEhSJ5As3vQW6ZpOQ3G8ZheG06++1GlM8lvVV2FKmYvKHQpI+V7WyUJl7dpfu+5A6BzWES0GbC1g8l/a8sb/+jjEoqUTAj/4=,iv:tehdHsdm2uSRAAzImHhwBSnSBF6lzjLzF9HIPnoi9s0=,tag:dWnQhAiJeCkcssjko+dUpw==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVmRSR2xDNmdPYW5MNUVH\nYWVpaTc0TjdOZFBTSEJDL1Z3VG9vVHkrZUFjCklUMUU1bnVmZFJYbzVPd09oZm1U\nNHY0R1hNQnBBc2V4Y2RWQ1ZZRjdOK0kKLS0tIEJkSWFaTDJzMDNJR3QwQzRVdld4\ndDA5ZmZSeTYyVUE5Y1Z1T1l5QmpHRTQKSaN+MIazA8RXhRSyFSkDTyXEp43COpbf\nXOzAhTXja+ut/akUuKadDS4xycZ+ZXAreVmdsF4SWvwZkmPeew+hKQ==\n-----END AGE ENCRYPTED FILE-----\n",
+				"recipient": "age1kxsp8pa8am6k333nxs4akjqkhht8gspznmlqz4pxn35h5dj4uv5qj6q6fl"
+			},
+			{
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMNmZkTHlaRWl1V3UvcGxk\nR0hhL1lNekNzb0REaEc4bitBZkcwYmRDb2hjCnloQTZUL3ZneWZQZk9NTEc1bGNB\nY3ljdFRMMUhLeDdyblhVY3lSOFBXc1UKLS0tIEJUc1ZpQmtuNlRUUEVmajY5TGdP\ncSs2RkZXcnJYRlEvcEtYSWxIWmkrVEkKgQnfxuZuxl1OpZDUPVuqseSN89WnBGFw\nx2PI3cqN67R2tV/FEjOZo+GFgxW93SYdMvxzg2aG2q/7xOQxfj9sjg==\n-----END AGE ENCRYPTED FILE-----\n",
+				"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg"
+			}
+		],
+		"lastmodified": "2026-06-11T07:44:25Z",
+		"mac": "ENC[AES256_GCM,data:gRk1t7xFxXSTUcZQw0DCH3QtRnQJF4Mc4kZeeckhuQdc/VATj+cq+ugicrcGJWbbXzAscQLG6g72+Qiane5nFfzmjNoO6JMe181wm7pY/5St+2MjXZEzwAaYjn6ZAm+U7aiUVcp8RBjFIL9HCvBF8qFl7rqqTvYHnTOU0V6TIIo=,iv:eUvZFDKl8PX5QaQPmwJXaokawQMNP0TGOklTAMgB/sg=,tag:3cHICox8bKWkPKMUgvLuXA==,type:str]",
+		"version": "3.13.0"
+	}
+}
@@ -0,0 +1 @@
+../../../../../../sops/users/admin
@@ -0,0 +1 @@
+0a77a4fd45a20ea5d81d39c8137a97dd4988c692ce4263959559b8c3f966c1de
@@ -0,0 +1 @@
+26.05
@@ -0,0 +1 @@
+202:8a70:e215:f822:c67a:f191:b04a:a8f
@@ -0,0 +1 @@
+../../../../../../sops/machines/server
@@ -0,0 +1,18 @@
+{
+	"data": "ENC[AES256_GCM,data:JcxiDqZDX3J3ooSeN0pQ28uvI86mtHUf2BEcOQdFIDhJZODGCc+BhZvBQmu2mabV8Jf4skrTWqD+60c1fkRcsM+MMXfoyNsrRyQ2K39mG4kl8jJKVKDs+BqXa+CvZ96kesOMgi9vdc3YUKo5cCLY4bQ9VwymqH8=,iv:W3z8Pbyo2IMzkxI4k14FlirLa28qgZ3rnTAWuusiw/0=,tag:EQc8mo/UvACbt8hQv3zPEw==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkRDNOSU81alN2THNQQ3ZW\nbHVjMmxaYWpzak1NZHplNTVzZzQvMHg4azAwCkExb0VLYlZUd2JjVGNlcXUyR0p1\nWHk5cXpOeGZ0VFRFTGllQWpxRlBTRk0KLS0tIDhKeUc4RHQvb0o0ZXFXZUNCanVY\nYm04TVBoWjlLT0tFOHRnLzd3RHV2ZzAKVpLtENDySGC6UDgAwhDb+7KJiHXOZF6n\nIaeIQWQqiB+45h72NE3yh02boPK8pl6IoJFcK3e4zSO7/G8jGUp0MQ==\n-----END AGE ENCRYPTED FILE-----\n",
+				"recipient": "age1dkrf438z3337d2qnc7ugkggua99xkh55wuf9zgun35fjrxdpnf5qkg4z6j"
+			},
+			{
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGSUZXVzJwVHdwZGtxOVRu\nN1hMZkltdVM0cnNRL2tSNENkSGV2VzFIU1VBCmRZWlJTODNPMVRjVWY1V1VZcFln\nTDE3N0xsMXdMWityRUNUYWlQOXBMMTgKLS0tIGViTzBrQk5wQXBYQitIb1ZPUitC\nLysyUER0UjFlZm95c3ZGK3hEMEtrNUEKABpoKBUnvzQKSrgsdnU+uyDyED0Tlr7D\nnSsf12c84cvdt0OeCWwf2WvBANZL26XTcFq1fBYOFTJqNLs1ZfO2kg==\n-----END AGE ENCRYPTED FILE-----\n",
+				"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg"
+			}
+		],
+		"lastmodified": "2026-06-11T07:45:55Z",
+		"mac": "ENC[AES256_GCM,data:jjhkZB9NdpvV2R0k9yS/AcUqeMr1RLv1UZwGCemlKSwhBfs8E5NxTXLhtmJeQ+hltOTYpz51BIporVtlaH6ElVnh7khOrG3Lb5cLBrL41QM59y3Tbfu6TjNOE3NyMiWuxZnwuqUGWQjsjrIIhE0ftKnpSpkGHMie+BC3iNSB1tY=,iv:onOVK9eJxWOaIjChQD54tz8lY+r/jpp6AArsBIuoRUM=,tag:2Oas1C5D2kZOe4iiD5huyw==,type:str]",
+		"version": "3.13.0"
+	}
+}
@@ -0,0 +1 @@
+../../../../../../sops/users/admin
@@ -0,0 +1 @@
+2eb1e3bd40fba730a1cdc9f6beae1848e4b965e37f18a61593327964108fe6a8
				`@@ -0,0 +1 @@`
				`0a77a4fd45a20ea5d81d39c8137a97dd4988c692ce4263959559b8c3f966c1de`
				`@@ -0,0 +1 @@`
				`2eb1e3bd40fba730a1cdc9f6beae1848e4b965e37f18a61593327964108fe6a8`