diff --git a/modules/clan/prometheus/README.md b/modules/clan/prometheus/README.md new file mode 100644 index 0000000..e69de29 diff --git a/modules/clan/prometheus/default.nix b/modules/clan/prometheus/default.nix new file mode 100644 index 0000000..23d93b3 --- /dev/null +++ b/modules/clan/prometheus/default.nix @@ -0,0 +1,308 @@ +{ clanLib, ... }: +{ + _class = "clan.service"; + manifest.name = "prometheus"; + manifest.description = "The Prometheus monitoring system and time series database."; + manifest.readme = builtins.readFile ./README.md; + manifest.categories = [ "System" ]; + + roles.server = { + description = "Prometheus server that scraps all data from nodes"; + + interface = + { lib, ... }: + { + options = { + scrape_interval = lib.mkOption { + type = with lib.types; nullOr str; + default = "1m"; + description = "How often to scrape targets. Default is 1 minutes"; + }; + extra_rules = lib.mkOption { + type = with lib.types; listOf attrs; + default = [ ]; + description = "Additional rules for Prometheus"; + }; + default_receiver = lib.mkOption { + type = with lib.types; attrs; + default = { + name = "default"; + }; + description = "Definition of a default receiver, default is doing nothing"; + }; + matrix-alertmanager = { + enable = lib.mkOption { + type = with lib.types; bool; + default = false; + description = "Whether to enable `services.matrix-alertmanager`"; + }; + homeserverUrl = lib.mkOption { + type = with lib.types; str; + default = "https://matrix-client.matrix.org"; + description = "URL of the Matrix homeserver to use"; + }; + matrixUser = lib.mkOption { + type = with lib.types; str; + description = "Matrix user for the bot"; + }; + matrixRooms = lib.mkOption { + type = lib.types.listOf ( + lib.types.submodule { + options = { + receivers = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "List of receivers for this room"; + }; + roomId = lib.mkOption { + type = lib.types.str; + description = "Matrix room ID"; + apply = + x: + assert lib.assertMsg (lib.hasPrefix "!" x) "Matrix room ID must start with a '!'. Got: ${x}"; + x; + }; + }; + } + ); + description = '' + Combination of Alertmanager receiver(s) and rooms for the bot to join. + Each Alertmanager receiver can be mapped to post to a matrix room. + + Note, you must use a room ID and not a room alias/name. Room IDs start + with a "!". + ''; + example = [ + { + receivers = [ + "receiver1" + "receiver2" + ]; + roomId = "!roomid@example.com"; + } + { + receivers = [ "receiver3" ]; + roomId = "!differentroomid@example.com"; + } + ]; + }; + + }; + }; + }; + + perInstance = + { + settings, + roles, + ... + }: + { + nixosModule = + { + config, + lib, + pkgs, + ... + }: + let + getYggdrasilIP = + machineName: + if config.clan.core.vars.generators.yggdrasil.files.address ? value then + clanLib.getPublicValue { + flake = config.clan.core.settings.directory; + machine = machineName; + generator = "yggdrasil"; + file = "address"; + default = null; + } + else + throw "clanService/yggdrasil is required"; + + matrixRoomReceivers = lib.unique ( + lib.concatMap (entry: entry.receivers) settings.matrix-alertmanager.matrixRooms + ); + in + lib.mkMerge [ + { + networking.firewall.allowedTCPPorts = [ + 9090 + ]; + services.prometheus = { + enable = true; + + globalConfig = { + scrape_interval = settings.scrape_interval; + }; + + alertmanagers = [ + { + scheme = "http"; + path_prefix = "/"; + static_configs = [ { targets = [ "localhost:9093" ]; } ]; + } + ]; + + alertmanager = { + enable = true; + configuration = { + global = { + resolve_timeout = "5m"; + }; + route = { + receiver = "default"; + routes = map (mReceiver: { receiver = mReceiver; }) matrixRoomReceivers; + }; + receivers = [ + { name = "default"; } + ] + ++ map (mReceiver: { + name = mReceiver; + webhook_configs = [ + { + url_file = config.clan.core.vars.generators.prometheus.files.matrix-alertmanager-urlfile.path; + send_resolved = true; + } + ]; + }) matrixRoomReceivers; + }; + }; + + scrapeConfigs = lib.mapAttrsToList (machineName: machineVal: { + tls_config.insecure_skip_verify = true; + job_name = "${machineName}"; + static_configs = lib.mapAttrsToList ( + exporterName: exporterVal: + let + targetPort = + if exporterVal ? port then + exporterVal.port + else + config.services.prometheus.exporters."${exporterName}".port; + targetHost = getYggdrasilIP machineName; + in + { + targets = [ "[${targetHost}]:${lib.toString targetPort}" ]; + } + ) machineVal.settings.exporters; + }) roles.nodes.machines; + + rules = [ + (builtins.toJSON { + groups = [ + { + name = "default"; + rules = [ + { + alert = "NodesDown"; + expr = "count by (job) (up == 0) > 0"; + for = "1m"; + labels = { + severity = "critical"; + }; + annotations.summary = "Node **{{ $labels.job }}** has been down for more than 1 minutes."; + } + { + alert = "SmartCtlErrors"; + expr = "smartctl_device_error_log_count > 0"; + for = "5m"; + labels = { + severity = "critical"; + }; + annotations.summary = '' + Errors occur on **{{ $labels.job }}** + Disk {{ $labels.device }} {{ $value }} + ''; + } + { + alert = "ZFSPoolsHealth"; + expr = "zfs_pool_health > 0"; + for = "5m"; + labels = { + severity = "critical"; + }; + annotations.summary = '' + Unhealthy Pool at **{{ $labels.job }}** + Pool {{ $labels.pool }} value {{ $value }} + ''; + } + ] + ++ settings.extra_rules; + } + ]; + }) + ]; + + }; + + } + (lib.optionalAttrs settings.matrix-alertmanager.enable { + + clan.core.vars.generators.prometheus = { + files.matrix-alertmanager-token.secret = true; + files.matrix-alertmanager-secret.secret = true; + files.matrix-alertmanager-urlfile = { + secret = true; + owner = "alertmanager"; + group = "alertmanager"; + }; + script = '' + echo "" > $out/matrix-alertmanager-token + openssl rand -hex 32 > "$out"/matrix-alertmanager-secret + + echo "http://localhost:3000/alerts?secret=$(cat $out/matrix-alertmanager-secret)" > $out/matrix-alertmanager-urlfile + ''; + runtimeInputs = [ + pkgs.openssl + ]; + }; + + services.matrix-alertmanager = lib.mkIf settings.matrix-alertmanager.enable { + enable = true; + tokenFile = config.clan.core.vars.generators.prometheus.files.matrix-alertmanager-token.path; + secretFile = config.clan.core.vars.generators.prometheus.files.matrix-alertmanager-secret.path; + homeserverUrl = settings.matrix-alertmanager.homeserverUrl; + matrixUser = settings.matrix-alertmanager.matrixUser; + matrixRooms = settings.matrix-alertmanager.matrixRooms; + }; + }) + ]; + }; + }; + + roles.nodes = { + description = "A node will expose metrics for server to harvest"; + + interface = + { lib, ... }: + { + options = { + exporters = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { }); + default = { }; + description = "Mirror of services.prometheus.exporters"; + }; + }; + }; + + perInstance = + { settings, ... }: + let + enabledExporters = builtins.mapAttrs ( + name: value: + value + // { + enable = true; + openFirewall = true; + } + ) settings.exporters; + in + { + nixosModule = + { ... }: + { + services.prometheus.exporters = enabledExporters; + }; + }; + }; + +} diff --git a/modules/clan/prometheus/flake-module.nix b/modules/clan/prometheus/flake-module.nix new file mode 100644 index 0000000..464121a --- /dev/null +++ b/modules/clan/prometheus/flake-module.nix @@ -0,0 +1,19 @@ +{ self, inputs, ... }: +let + module = ./default.nix; +in +{ + clan.modules = { + prometheus = module; + }; + perSystem = + { ... }: + { + clan.nixosTests.service-prometheus = { + imports = [ ./tests/vm/default.nix ]; + _module.args = { inherit self inputs; }; + + clan.modules."@clan/prometheus" = module; + }; + }; +} diff --git a/modules/clan/prometheus/tests/vm/default.nix b/modules/clan/prometheus/tests/vm/default.nix new file mode 100644 index 0000000..90b97d1 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/default.nix @@ -0,0 +1,101 @@ +{ + self, + hostPkgs, + config, + lib, + ... +}: +{ + name = "service-prometheus"; + result.update-vars = + let + relativeDir = lib.removePrefix "${self}/" (toString config.clan.directory); + in + hostPkgs.writeShellScriptBin "update-vars" '' + set -x + export PRJ_ROOT=$(git rev-parse --show-toplevel) + ${ + self.inputs.clan-core.packages.${hostPkgs.system}.clan-cli + }/bin/clan-generate-test-vars $PRJ_ROOT/${relativeDir} ${config.name} + ''; + + clan = { + test.useContainers = false; + directory = ./.; + inventory = { + machines.server = { }; + machines.nodeA = { }; + + instances = { + yggdrasil = { + module.name = "yggdrasil"; + roles.default.machines.server = { }; + roles.default.machines.nodeA = { }; + }; + + prometheus = { + module.name = "@clan/prometheus"; + module.input = "self"; + roles.nodes.machines."nodeA".settings = { + exporters.smartctl = { }; + }; + roles.server.machines."server".settings = { + extra_rules = [ + { + alert = "test"; + expr = "zfs_pool_health > 0"; + for = "5m"; + labels = { + severity = "critical"; + }; + annotations.summary = '' + Unhealthy Pool at {{ $labels.job }} + Pool {{ $labels.pool }} value {{ $value }} + ''; + } + ]; + + matrix-alertmanager = { + enable = true; + matrixUser = "test@matrixtest.org"; + matrixRooms = [ + { + roomId = "!testroom"; + receivers = [ "matrix" ]; + } + ]; + }; + + }; + }; + }; + }; + }; + + nodes = { + server = { }; + nodeA = { }; + }; + + testScript = + { nodes, ... }: + '' + start_all() + + server.wait_for_unit("prometheus.service") + + nodeA.wait_for_unit("prometheus-smartctl-exporter.service") + nodeA.wait_for_open_port(9633) + + nodeA.succeed("systemctl status prometheus-smartctl-exporter.service") + nodeA.succeed("curl http://localhost:9633/metrics") + + + server_ip = server.succeed("ip -4 addr show eth1 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'").strip() + nodeA_ip = nodeA.succeed("ip -4 addr show eth1 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'").strip() + + server.succeed(f"ping -c 3 {nodeA_ip}") + server.succeed(f"curl -v http://{nodeA_ip}:9633/metrics") + + ''; +} diff --git a/modules/clan/prometheus/tests/vm/sops/machines/nodeA/key.json b/modules/clan/prometheus/tests/vm/sops/machines/nodeA/key.json new file mode 100755 index 0000000..de7c015 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/sops/machines/nodeA/key.json @@ -0,0 +1,6 @@ +[ + { + "publickey": "age1kxsp8pa8am6k333nxs4akjqkhht8gspznmlqz4pxn35h5dj4uv5qj6q6fl", + "type": "age" + } +] \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/sops/machines/server/key.json b/modules/clan/prometheus/tests/vm/sops/machines/server/key.json new file mode 100755 index 0000000..48a7173 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/sops/machines/server/key.json @@ -0,0 +1,6 @@ +[ + { + "publickey": "age1dkrf438z3337d2qnc7ugkggua99xkh55wuf9zgun35fjrxdpnf5qkg4z6j", + "type": "age" + } +] \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/sops/secrets/nodeA-age.key/secret b/modules/clan/prometheus/tests/vm/sops/secrets/nodeA-age.key/secret new file mode 100644 index 0000000..830e53f --- /dev/null +++ b/modules/clan/prometheus/tests/vm/sops/secrets/nodeA-age.key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:Z8I3ecNV2N2jed1sPBU+tI5r5qB2nVTO7aNyMxvp0ztujn8kXjw+thSvLGtRygL2V9rSmPJalHQf1IYUriXgCmYtfg5InPDCAqk=,iv:O4rSyg2G6PJWHURZ/BTBKmn1AVekbNBdg5137sOPL/U=,tag:4/CLfO50laZ8ljWkr6o4qA==,type:str]", + "sops": { + "age": [ + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTSWxnekYvREdZMTBMVlRq\nRmtCemFYZDhLYU93azc5czdoTVUydFFUL1JzCmo4ZHlrNi8yeW15N2JxTytWeCtk\nbjRwWUVlazUwTlMwc1RZVU8xYlVlckEKLS0tIFVPeU5KMVFwdExFT0wzeXZka2Jo\nSmxEM2RPTWdoZXJxK0dpemUzVkNzdGcKfXdiSeAcNwEZi7kh9c89ss5K+dYG0lhq\nFsf2I0A1csxqqnYJqXPmwlVGMzuWDrWRU0uc+hQLndP3TbadVux64w==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg" + } + ], + "lastmodified": "2026-06-11T07:43:55Z", + "mac": "ENC[AES256_GCM,data:OCPR2tkbN72MdaczO47UNCJBb1KjABHQH9q7dtVEwoAhKg4QWFtsDaMwBTVE9qe48nlaWQbxT1mM7uztm6RXLkc5y2c3danPUYFj/FK/ffqpaxv3oReyxWqMoGayT23kFbB0TWEx1K8Jp3gOkwCPg+ZRClvhV1dXrfnwIwZHrBY=,iv:3puPIWFIxRF1KtrmyG54LqCc7Zg4/AOMD65QjYdN970=,tag:RoIVltMKw7WUvgW6sNk6mA==,type:str]", + "version": "3.13.0" + } +} diff --git a/modules/clan/prometheus/tests/vm/sops/secrets/nodeA-age.key/users/admin b/modules/clan/prometheus/tests/vm/sops/secrets/nodeA-age.key/users/admin new file mode 120000 index 0000000..9e21a99 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/sops/secrets/nodeA-age.key/users/admin @@ -0,0 +1 @@ +../../../users/admin \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/sops/secrets/server-age.key/secret b/modules/clan/prometheus/tests/vm/sops/secrets/server-age.key/secret new file mode 100644 index 0000000..533b790 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/sops/secrets/server-age.key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:Nuq6ege3HJOxpRgA6fnxdD2Wj+KCw+3PaJCxmZirJl3mkRVLnZgUUhr+gOVEup9Ifjl1ZnP+PqV7b9pPR/WQg0LARYtxIC1QGJ8=,iv:v9p9lsefP5V9McAJCzS7v9sl8XHr9/hAL41XwFbwMOA=,tag:ETK+CFFJAAzGTpowQNAZMQ==,type:str]", + "sops": { + "age": [ + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArN0NEWFZoZWlyeUtZc3hi\ndnVNcHl4eVVHckRLeFhPYUt4a3BwMElFMVZZCklkU1NEWVVmSGw1NmJmWWkrVHFH\nVTN5U0x3NXdiQUJCc095TElzMWZCMXMKLS0tIHRXQkJNREFYUFFvMXM1Sk53VW5z\naTRjMXozZXZiNU8zSkF5d2hhdklBY1EKWwsPi6YiHKFfAyqWH2u75hw47gzcQOz/\n95Im0FgadhqGDCeZhTDfEAc4b1VWQULInsjeRapzf5OJOwekbz6guA==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg" + } + ], + "lastmodified": "2026-06-11T07:45:26Z", + "mac": "ENC[AES256_GCM,data:mTKFSBFnUzu3rldQCHPZHoyzDdwPzBWPIAhemC1XyG5PiQ/OczStjYaLzZQGCpPvOjBb5Ntqrc+dnaOedZgKlOdaPjZs1U2ZDWadoeWQ2TAKWYA6+kN7PXomsxtHhntiaujMy3502eh06VyiutpVuCdzK2cfEwuno8nyIcHgtXk=,iv:/5DRvFVDQA+yd8m/+Cyxb+aIsfwoaFcV6KRQ/7ISHnU=,tag:z31P6CL0NNRlQThqwapVNA==,type:str]", + "version": "3.13.0" + } +} diff --git a/modules/clan/prometheus/tests/vm/sops/secrets/server-age.key/users/admin b/modules/clan/prometheus/tests/vm/sops/secrets/server-age.key/users/admin new file mode 120000 index 0000000..9e21a99 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/sops/secrets/server-age.key/users/admin @@ -0,0 +1 @@ +../../../users/admin \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/sops/users/admin/key.json b/modules/clan/prometheus/tests/vm/sops/users/admin/key.json new file mode 100644 index 0000000..e408aa9 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/sops/users/admin/key.json @@ -0,0 +1,4 @@ +{ + "publickey": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg", + "type": "age" +} diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/state-version/version/value b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/state-version/version/value new file mode 100644 index 0000000..5d86a5f --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/state-version/version/value @@ -0,0 +1 @@ +26.05 \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/address/value b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/address/value new file mode 100644 index 0000000..c3b7175 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/address/value @@ -0,0 +1 @@ +204:b10b:6057:4bbe:2b44:fc58:c6fd:90ad \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/machines/nodeA b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/machines/nodeA new file mode 120000 index 0000000..7982851 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/machines/nodeA @@ -0,0 +1 @@ +../../../../../../sops/machines/nodeA \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/secret b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/secret new file mode 100644 index 0000000..422a39d --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:JkuciSmL5nmSjcYn22W7iHKzuRxWMJ5dixYllm0aSM7DsyAp9mQzIYJJmalepp7sEhSJ5As3vQW6ZpOQ3G8ZheG06++1GlM8lvVV2FKmYvKHQpI+V7WyUJl7dpfu+5A6BzWES0GbC1g8l/a8sb/+jjEoqUTAj/4=,iv:tehdHsdm2uSRAAzImHhwBSnSBF6lzjLzF9HIPnoi9s0=,tag:dWnQhAiJeCkcssjko+dUpw==,type:str]", + "sops": { + "age": [ + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVmRSR2xDNmdPYW5MNUVH\nYWVpaTc0TjdOZFBTSEJDL1Z3VG9vVHkrZUFjCklUMUU1bnVmZFJYbzVPd09oZm1U\nNHY0R1hNQnBBc2V4Y2RWQ1ZZRjdOK0kKLS0tIEJkSWFaTDJzMDNJR3QwQzRVdld4\ndDA5ZmZSeTYyVUE5Y1Z1T1l5QmpHRTQKSaN+MIazA8RXhRSyFSkDTyXEp43COpbf\nXOzAhTXja+ut/akUuKadDS4xycZ+ZXAreVmdsF4SWvwZkmPeew+hKQ==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1kxsp8pa8am6k333nxs4akjqkhht8gspznmlqz4pxn35h5dj4uv5qj6q6fl" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMNmZkTHlaRWl1V3UvcGxk\nR0hhL1lNekNzb0REaEc4bitBZkcwYmRDb2hjCnloQTZUL3ZneWZQZk9NTEc1bGNB\nY3ljdFRMMUhLeDdyblhVY3lSOFBXc1UKLS0tIEJUc1ZpQmtuNlRUUEVmajY5TGdP\ncSs2RkZXcnJYRlEvcEtYSWxIWmkrVEkKgQnfxuZuxl1OpZDUPVuqseSN89WnBGFw\nx2PI3cqN67R2tV/FEjOZo+GFgxW93SYdMvxzg2aG2q/7xOQxfj9sjg==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg" + } + ], + "lastmodified": "2026-06-11T07:44:25Z", + "mac": "ENC[AES256_GCM,data:gRk1t7xFxXSTUcZQw0DCH3QtRnQJF4Mc4kZeeckhuQdc/VATj+cq+ugicrcGJWbbXzAscQLG6g72+Qiane5nFfzmjNoO6JMe181wm7pY/5St+2MjXZEzwAaYjn6ZAm+U7aiUVcp8RBjFIL9HCvBF8qFl7rqqTvYHnTOU0V6TIIo=,iv:eUvZFDKl8PX5QaQPmwJXaokawQMNP0TGOklTAMgB/sg=,tag:3cHICox8bKWkPKMUgvLuXA==,type:str]", + "version": "3.13.0" + } +} diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/users/admin b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/users/admin new file mode 120000 index 0000000..ca714e1 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/users/admin @@ -0,0 +1 @@ +../../../../../../sops/users/admin \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/publicKey/value b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/publicKey/value new file mode 100644 index 0000000..11e51c0 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/publicKey/value @@ -0,0 +1 @@ +0a77a4fd45a20ea5d81d39c8137a97dd4988c692ce4263959559b8c3f966c1de \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-secret/machines/server b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-secret/machines/server new file mode 120000 index 0000000..2bd819e --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-secret/machines/server @@ -0,0 +1 @@ +../../../../../../sops/machines/server \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-secret/secret b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-secret/secret new file mode 100644 index 0000000..04ff108 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-secret/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:VszBHfdaNOOYYa6tNUPq9CsJHp+KMBTnZOdHnJz6v3pZQl1zCeYdW3ExvDfNY85tUAZ3YAHthD9JhuR1D+VVVn8=,iv:zbMmaTDZ5mL9IzRTEzuTSPkfwrwOlOIFJtLQyTzGkPw=,tag:Ez68y6gMIj0e/RYQ/Z+s8Q==,type:str]", + "sops": { + "age": [ + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlenlYOCt2RkJOK1hDdUti\ncUpxS1F1RTBnZGo1Njg0Y0EwbzM1dWM5b1hJClFKQ1NDRVVpRXRpOGx3SU52MDZZ\nVVh2NDg5TDgzckFKZ0lNaG1tTEk0MmsKLS0tIHRvR0IzWFZUVkJEM0dwRFZ2SFRz\nNHpCYkI4dUx6YXJSd0xreUN1aUtKNEUK/SJqs5pbFipbp9P7ASUMby7H5ProXknF\nGMvHcIxa6OLLOCRA39YZBVEUlRd03j3rVFILZqVq47CwfaeHj0WBdw==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1dkrf438z3337d2qnc7ugkggua99xkh55wuf9zgun35fjrxdpnf5qkg4z6j" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4cWMzaElhYmZaRGhmMXJQ\nbWk2WVl0UmtidjdzYXM0enB3MGdTMWRMVDBjCmdiNEx2RURGL0ZtWCtkcHlabUs0\nVis2d3JieC8yOXV5OW9sN1l5ZWs5Sk0KLS0tIFNmaVpDQklaUDFQK1JnZWZzMDF6\nY0g1M2NHNTEvSkRsTVJSODcxcVVrV0EK8FLzflXqPcooAPh38L7oVliUY8WbB97W\naQYvGf/yo9Izmm8Pa0/ZUGSRnCVRAXtQ1IeR1uPNyuy47mHXO7n7Bw==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg" + } + ], + "lastmodified": "2026-06-22T07:46:31Z", + "mac": "ENC[AES256_GCM,data:ewR8kGgrAj7i6b5UUwh4Fn4CbtRcsDSHhHzrBwGBi9S0XWaatVTQAAmsAVm7DEiJ+a3SQLIAyx6Ef7uqCsZagmzs7LBq0YXNxWtxv62EWPwx8Vihzz3gscDJo1DM3ictX7yi6EiipQ0aYoPCh1veqw8AspLdwnkBxdUF2C+0muc=,iv:bo7vq8BfL437ZI63Os96pAg8EKi8NnrqhABz4Jft9YI=,tag:8krOKra/Z3MJdlmZFBZ7YQ==,type:str]", + "version": "3.13.1" + } +} diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-secret/users/admin b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-secret/users/admin new file mode 120000 index 0000000..ca714e1 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-secret/users/admin @@ -0,0 +1 @@ +../../../../../../sops/users/admin \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-token/machines/server b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-token/machines/server new file mode 120000 index 0000000..2bd819e --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-token/machines/server @@ -0,0 +1 @@ +../../../../../../sops/machines/server \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-token/secret b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-token/secret new file mode 100644 index 0000000..038c0e4 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-token/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:Mw==,iv:ylmBzsJVBD2pcQNkLcdthT9FX7YW84yZk0u7SlJUdaY=,tag:O1oT/MVijlrQDQG1ddFKlg==,type:str]", + "sops": { + "age": [ + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRd2ZIMElrK2ZacXFTTHFl\nWDkwbGROS1d3WlhzcHhQK21Fc1pmWFZ1VkJRCjlrY1E0cndsZUR1dVQ2L0dud3RQ\nbDlNa3NQZjBPQTAxdUVkUk9lYkgyTGcKLS0tIEUyMVE5Y25BOFJyUWdkdWI1L3VQ\nSE5ubkMvWU9YbE94VTN2VXFUc2F0ajQKKz5VJEtEQcKggoO89ZSfpB3KLBHCnMf+\no8llbCm5bZ39S3qA2Q8spOK4AlkW/NiaCQE4G1LSkvvT6tYEMkwbyQ==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1dkrf438z3337d2qnc7ugkggua99xkh55wuf9zgun35fjrxdpnf5qkg4z6j" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnNHhVMWNhZGR6LzgrcG05\nMmVUYU1zcC93YklZUkVETFhZL1BISU13MEFNCjFSZ25EQUQrZTNIcmliTG5UV2xp\nKzQ3MzhkdzcxeGgyV3oxbXo5Y0ZMcmMKLS0tIDVMZjdYWjRkUE50dmE5dm42alpn\nbk1JN1poZWp2bEZNQ3VIdm9PS3Z1ZlEKYOTa7L9tVKq3gZbAeKmCifIxs/sqaPoj\nqdUlsPkwBPjSvlv1QLdRbjBICPdyfH+GiHCmj78DitzZ+KUnRKYqSQ==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg" + } + ], + "lastmodified": "2026-06-22T07:46:31Z", + "mac": "ENC[AES256_GCM,data:NqKlCAKKPF0OTesGozt0GSSd/HT8+h4meiO57EBzD7vwLc9mobG0rLn5C2i3e7tBM13VYzR66qPzQtaWI/jVA7BpJ0PNa2u9MHA2JV6nshRdhMtYgxVCBy8Had7IixAZEs1lLE2zHcWRvLMJPOvUp7tpghb34RddmF/Po/Mkm2s=,iv:9XCsu+rO/DbtaLt13O0/PUo/yV2eUjNP+GGmkYjOIfY=,tag:7tzJE5XBR5PfOqdIh7IKAQ==,type:str]", + "version": "3.13.1" + } +} diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-token/users/admin b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-token/users/admin new file mode 120000 index 0000000..ca714e1 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-token/users/admin @@ -0,0 +1 @@ +../../../../../../sops/users/admin \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-urlfile/machines/server b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-urlfile/machines/server new file mode 120000 index 0000000..2bd819e --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-urlfile/machines/server @@ -0,0 +1 @@ +../../../../../../sops/machines/server \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-urlfile/secret b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-urlfile/secret new file mode 100644 index 0000000..28188b3 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-urlfile/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:LetAgJg1TgcJL+W7dX8k8MlvpS3PPwVGdco3Z6a8fGhGeQARcuHWV57K4lLQzPpJ7Cruxc6XGQn1U/t3cubdp2NPtwQsP9jaIqPnlZblrq6foHaUmBLaRzc4ed7HOo94ErfV5ZY=,iv:jdt3jMNlK3QvJP8i3OlGydkRPRd2rVybnmUxCDCxfz4=,tag:imNVcalMwnpuaLCdaoaegg==,type:str]", + "sops": { + "age": [ + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4WU9IT3g4TVpiSWdYMUFo\nZGpSUG5xekZLaGMzNTZlcHFaSm1kbTBxUHhjClRIMzlhWW9ub2JFZHhVY3I3TkF3\nU0t5eHJVeFVHRStoNTFkT0lpYnNoMFkKLS0tIEM3aWdIL2RrSGx0ZkdheVRtYUhm\nUHZxeGZvUlBybWJFTHIrZDNxZVloemMKvpt+hkFaRUEXNp1dcfnIWD1i6fyVkaZm\neTn6RBxl1idVN1XlXAwrHHTekuZIobST5kGTV0uR3nLk5Cmhe2x93g==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1dkrf438z3337d2qnc7ugkggua99xkh55wuf9zgun35fjrxdpnf5qkg4z6j" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjTDlTM0JBaEowaXJOV1hE\nZWZ2UmUzQmlyek5NRWlqWDZiY0FXVHpKL1d3CitreGc3OUFzS0tYYm5UZ0tUb2pX\nb0pZZ3VacVBma09pSDEyalc0VU1HTVUKLS0tIE5YcnY2RnFCVk13dDZJQ3NMZDQ4\nTGgrY3FwMW5ybjM0a0FmNllrRWZYNWMK2BklSFSm1jT1SsdaMtFWZX4uu4JT2kGi\njyD9E/G0yGl5JH8xfKO/x7vIPuow96WW8bx9aqGRnshXqbe6WzvbIQ==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg" + } + ], + "lastmodified": "2026-06-22T07:46:31Z", + "mac": "ENC[AES256_GCM,data:bO9VvnIcjXDSyTdEHm1l5Dqm4umLC7FCEaJIbuC+M776q+GR3crq1FWm7J6tinlHDNFX/WmcS417b5WY5VJlP3jqvCalQdttg0EzlhwT65vATvJHoYEp8uqahyLzA9tj9ncQ9LL2XGFeIsvWnU9OcZ5s/42v2DtVdS1/32PT+7U=,iv:W29qp/zHP367rkwiMmpPQcKS/5g6HR5CZGkGCIacwD4=,tag:3DHc5kdj1Ar+7TcaSOnj+Q==,type:str]", + "version": "3.13.1" + } +} diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-urlfile/users/admin b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-urlfile/users/admin new file mode 120000 index 0000000..ca714e1 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/prometheus/matrix-alertmanager-urlfile/users/admin @@ -0,0 +1 @@ +../../../../../../sops/users/admin \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/state-version/version/value b/modules/clan/prometheus/tests/vm/vars/per-machine/server/state-version/version/value new file mode 100644 index 0000000..5d86a5f --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/state-version/version/value @@ -0,0 +1 @@ +26.05 \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/address/value b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/address/value new file mode 100644 index 0000000..1c021d4 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/address/value @@ -0,0 +1 @@ +202:8a70:e215:f822:c67a:f191:b04a:a8f \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/machines/server b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/machines/server new file mode 120000 index 0000000..2bd819e --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/machines/server @@ -0,0 +1 @@ +../../../../../../sops/machines/server \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/secret b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/secret new file mode 100644 index 0000000..f773556 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:JcxiDqZDX3J3ooSeN0pQ28uvI86mtHUf2BEcOQdFIDhJZODGCc+BhZvBQmu2mabV8Jf4skrTWqD+60c1fkRcsM+MMXfoyNsrRyQ2K39mG4kl8jJKVKDs+BqXa+CvZ96kesOMgi9vdc3YUKo5cCLY4bQ9VwymqH8=,iv:W3z8Pbyo2IMzkxI4k14FlirLa28qgZ3rnTAWuusiw/0=,tag:EQc8mo/UvACbt8hQv3zPEw==,type:str]", + "sops": { + "age": [ + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkRDNOSU81alN2THNQQ3ZW\nbHVjMmxaYWpzak1NZHplNTVzZzQvMHg4azAwCkExb0VLYlZUd2JjVGNlcXUyR0p1\nWHk5cXpOeGZ0VFRFTGllQWpxRlBTRk0KLS0tIDhKeUc4RHQvb0o0ZXFXZUNCanVY\nYm04TVBoWjlLT0tFOHRnLzd3RHV2ZzAKVpLtENDySGC6UDgAwhDb+7KJiHXOZF6n\nIaeIQWQqiB+45h72NE3yh02boPK8pl6IoJFcK3e4zSO7/G8jGUp0MQ==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1dkrf438z3337d2qnc7ugkggua99xkh55wuf9zgun35fjrxdpnf5qkg4z6j" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGSUZXVzJwVHdwZGtxOVRu\nN1hMZkltdVM0cnNRL2tSNENkSGV2VzFIU1VBCmRZWlJTODNPMVRjVWY1V1VZcFln\nTDE3N0xsMXdMWityRUNUYWlQOXBMMTgKLS0tIGViTzBrQk5wQXBYQitIb1ZPUitC\nLysyUER0UjFlZm95c3ZGK3hEMEtrNUEKABpoKBUnvzQKSrgsdnU+uyDyED0Tlr7D\nnSsf12c84cvdt0OeCWwf2WvBANZL26XTcFq1fBYOFTJqNLs1ZfO2kg==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg" + } + ], + "lastmodified": "2026-06-11T07:45:55Z", + "mac": "ENC[AES256_GCM,data:jjhkZB9NdpvV2R0k9yS/AcUqeMr1RLv1UZwGCemlKSwhBfs8E5NxTXLhtmJeQ+hltOTYpz51BIporVtlaH6ElVnh7khOrG3Lb5cLBrL41QM59y3Tbfu6TjNOE3NyMiWuxZnwuqUGWQjsjrIIhE0ftKnpSpkGHMie+BC3iNSB1tY=,iv:onOVK9eJxWOaIjChQD54tz8lY+r/jpp6AArsBIuoRUM=,tag:2Oas1C5D2kZOe4iiD5huyw==,type:str]", + "version": "3.13.0" + } +} diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/users/admin b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/users/admin new file mode 120000 index 0000000..ca714e1 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/users/admin @@ -0,0 +1 @@ +../../../../../../sops/users/admin \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/publicKey/value b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/publicKey/value new file mode 100644 index 0000000..ddb3eaf --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/publicKey/value @@ -0,0 +1 @@ +2eb1e3bd40fba730a1cdc9f6beae1848e4b965e37f18a61593327964108fe6a8 \ No newline at end of file