Move metric collectors to internal network

6 years ago · ba576f94b3
parent 6776baa4da
commit ba576f94b3
2 changed files with 19 additions and 16 deletions
--- a/lib/presets/track-service-metrics.nix
+++ b/lib/presets/track-service-metrics.nix
@ -1,4 +1,4 @@
-{
+listenAddress: {
 	systemd.extraConfig = ''
 		DefaultCPUAccounting=yes
 		DefaultIOAccounting=yes
@ -11,13 +11,13 @@
 	services.cadvisor = {
 		enable = true;
 		port = 9333;
-		listenAddress = "0.0.0.0";
+		listenAddress = listenAddress;
 		storageDriver = "stdout";
 	};
 	virtualisation.docker.enable = false;
 	networking.firewall.allowedTCPPorts = [
-		9333
+		/* 9333 */
 	];
 }
--- a/networks/default.nix
+++ b/networks/default.nix
@ -8,7 +8,7 @@ in {
 	workbot = {config, lib, pkgs, ...}@args:
 		{
 			imports = [
-				(import ../lib/presets/track-service-metrics.nix)
+				(import ../lib/presets/track-service-metrics.nix "127.0.0.1")
 				(vpnConfiguration "workbot")
 			];
@ -121,14 +121,14 @@ in {
 							static_configs = [{
 								targets = [
 									"localhost:9100"
-									"${hosts.osmium.ipv4}:9100"
+									"${hosts.osmium.internalIpv4}:9100"
-									"${hosts.nijaxor.ipv4}:9100"
+									"${hosts.nijaxor.internalIpv4}:9100"
 								];
 							}];
 							relabel_configs = [
 								(nameInstance "localhost:9100" "workbot")
-								(nameInstance "${hosts.osmium.ipv4}:9100" "osmium")
+								(nameInstance "${hosts.osmium.internalIpv4}:9100" "osmium")
-								(nameInstance "${hosts.nijaxor.ipv4}:9100" "nijaxor")
+								(nameInstance "${hosts.nijaxor.internalIpv4}:9100" "nijaxor")
 							];
 						} {
 							job_name = "systemd";
@ -136,14 +136,14 @@ in {
 							static_configs = [{
 								targets = [
 									"localhost:9333"
-									"${hosts.osmium.ipv4}:9333"
+									"${hosts.osmium.internalIpv4}:9333"
-									"${hosts.nijaxor.ipv4}:9333"
+									"${hosts.nijaxor.internalIpv4}:9333"
 								];
 							}];
 							relabel_configs = [
 								(nameInstance "localhost:9333" "workbot")
-								(nameInstance "${hosts.osmium.ipv4}:9333" "osmium")
+								(nameInstance "${hosts.osmium.internalIpv4}:9333" "osmium")
-								(nameInstance "${hosts.nijaxor.ipv4}:9333" "nijaxor")
+								(nameInstance "${hosts.nijaxor.internalIpv4}:9333" "nijaxor")
 							];
 						}
 					];
@ -151,6 +151,7 @@ in {
 					exporters = {
 						node = {
 							enable = true;
 							listenAddress = "127.0.0.1";
 							enabledCollectors = [
 								"systemd"
 							];
@ -183,7 +184,7 @@ in {
 						rev = "d7a09deda0916fa99920156e928d281a5bd3d97a";
 						sha256 = "08xjcwmbzdmkzbz1al3vkryiix1y2zqc8yv4lsrw21dz0c5zl726";
 					})
-					(import ../lib/presets/track-service-metrics.nix)
+					(import ../lib/presets/track-service-metrics.nix hosts.osmium.internalIpv4)
 					(import ../lib/presets/low-ram-nix.nix)
 					(vpnConfiguration "osmium")
 				];
@ -214,7 +215,7 @@ in {
 					networking.firewall.allowedTCPPorts = [
 						80
 						443
-						9100 # Prometheus node exporter
+						/* 9100 # Prometheus node exporter */
 					];
 					environment.systemPackages = with pkgs; [
@ -224,6 +225,7 @@ in {
 					services.prometheus.exporters = {
 						node = {
 							enable = true;
 							listenAddress = hosts.osmium.internalIpv4;
 							enabledCollectors = [
 								"systemd"
 							];
@ -247,18 +249,19 @@ in {
 		{
 			imports = [
 				(import ../lib/presets/low-ram-nix.nix)
-				(import ../lib/presets/track-service-metrics.nix)
+				(import ../lib/presets/track-service-metrics.nix hosts.nijaxor.internalIpv4)
 				(vpnConfiguration "nijaxor")
 			];
 			config = {
 				networking.firewall.allowedTCPPorts = [
-					9100 # Prometheus node exporter
+					/* 9100 # Prometheus node exporter */
 				];
 				services.prometheus.exporters = {
 					node = {
 						enable = true;
 						listenAddress = hosts.nijaxor.internalIpv4;
 						enabledCollectors = [
 							"systemd"
 						];