pve-exporter

2025-03-19 19:17:30 +01:00 · 2025-03-19 19:17:30 +01:00 · bb659a077c
commit bb659a077c
parent 49f11bea9d
4 changed files with 112 additions and 1 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -12,4 +12,10 @@ creation_rules:
          - *user_lilly
          - *host_grafana
          - *host_resolvdns
-          - *host_authdns
+          - *host_authdns
+  - path_regex: secrets/pve.yaml
+    key_groups:
+      - age:
+          - *ccchh_pass
+          - *user_lilly
+          - *host_grafana
--- a/secrets/pve.yaml
+++ b/secrets/pve.yaml
@ -0,0 +1,42 @@
+default:
+    verify_ssl: ENC[AES256_GCM,data:bopLoRo=,iv:j1i6WgLqnGNbZs1g0BC9V1Fcc0fbGsb09RgaepO8W4s=,tag:6ytGgsksd/9Ew2VatEEB7w==,type:bool]
+    user: ENC[AES256_GCM,data:2HBOuNI4h27z2sGh3Kw=,iv:T3rdJnf8fOILD3jqtyPUEsgHhGUz6qF38wVEUO/jAWs=,tag:GmvKzMaYUIN6u/xZEug48w==,type:str]
+    password: ENC[AES256_GCM,data:Hy95UQp+aCN+g5tG48UKV58Ru0tnacC4IxS4A0666ttlpUYM,iv:dyaiYcXXBkfff2E24WA8a3x7ixegwXsBhWH0DISlucQ=,tag:rUZFtf09uIOouzNUldVisg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1egd6nutd7y8x5kd3uqxjpu326u9rz2vsqth2ss8nhvjlts3ukgrqsj2a92
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3MWlCM0EvVlEwUDk4OUk5
+            T3ZpU3RBWHQwQkZZYmc5dHNXTk1TMEVGSEI4Cmx2Y3E1YXppbDBaZWhKbHZrMVpu
+            TmJNVlNYWXArQlUyN0lZZ3ZlNDlqSTAKLS0tIDJTN2k4UUdnOE51emtYNnIyakdS
+            VzY3Nm1OcVh6Tzh1Y2ozL3VoR25FcmsKBcL4+HDyYEBHhXlMPL8KRQRITxldKPDm
+            mYuj4QBzS2pkeaiah6lH3GEUrwLP8YAZd7f+gyx8DS9LaDXytWlHZw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwRjlqSWJWdnlDd0x6K0RS
+            M2ZNUktQM0o2bnNMcHZjN1RMRU9MWlpObFNnCjdkUzlpOXptb09HTVM4WWJLTGw3
+            SkNrWmV3ekV1UmxhNXFWMCsxNU5LSVUKLS0tIHoxZnZza0h1UWlxQkk5UkVGVFZ2
+            T2ZyenRHTXhFUEczUytIM2t6VzZGaFUK4m7LdyGqc8ua63p2Z5O6VxfzbeUcntKL
+            VrerFRQuRPQzm2JPEwWDNKziyq8/jXFb6EIYVBZE/B66excMKrLwEw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1kr0vjyd0fmpccshm4kl2uw5jujh48r7vzhecvqgaf58cvdha79csaw7hz5
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJR2VNYkpZOXJFcndubzhB
+            L3lxb3ZPSmNTSFNhNFZMaUtlNllNQXppVzFjCkhyRGdaREFkS3VCVW1mYU1NNzRX
+            NXZEM0M5LzNNWTY5OWpvbVlrOUIvWVkKLS0tIHZPbHZaa1Z3K09jS2FGVThpQW53
+            OUhDbTVaNUozQXBYTlE2VWFDZVowWlEKBCj8jfdydfJ9QQ9e10HZkqadqZnfJeWG
+            xAI94CmXTPQ5SXTaeue/zVGsaHvGpY0SAxGKhfb04crb7zPTHXRzwQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-03-15T22:08:04Z"
+    mac: ENC[AES256_GCM,data:Nti2jI8Uq5OFhxPXTri32ugaMGGmIfXXX0up/91XSqeC0c15ODAhAJBRqjDMZPoCHrnuw7p/AaKJDfsSpX2J5C/pXdgUU8+nmo9FSlNsCQyN1n8PSBhLyx1IeU/eeeWeyxBqqlipa+61fXftPXF4vDB1rB3algZVXeLf2bUMSWs=,iv:iHildwbLFfattWHxfCPVRwCE45KVTWBww34/QWg7YKg=,tag:CrQJCTR5Hi67+xdUcJDJwQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4
--- a/systems/monitoring.noc.eh22.intern/pve-exporter.nix
+++ b/systems/monitoring.noc.eh22.intern/pve-exporter.nix
@ -0,0 +1,62 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+{
+  services.prometheus.exporters.pve = {
+    enable = true;
+    configFile = "/etc/prometheus-pve-exporter/pve.yml";
+  };
+  users.users.pve-exporter = {
+    isSystemUser = true;
+    group = "pve-exporter";
+  };
+  users.groups.pve-exporter = { };
+
+  systemd.services."prometheus-pve-exporter".serviceConfig = {
+    DynamicUser = lib.mkForce false;
+  };
+  
+  sops.secrets."pve.yaml" = {
+    key = "";
+    path = "/etc/prometheus-pve-exporter/pve.yml";
+    owner = "pve-exporter";
+    group = "pve-exporter";
+    mode = "0440";
+    sopsFile = ../../secrets/pve.yaml;
+  };
+
+  environment.etc."alloy/pve.alloy" = {
+    text = ''
+      prometheus.scrape "example" {
+        // Collect metrics from the default listen address.
+        targets = [{
+          __address__ = "127.0.0.1:9221",
+          __scheme__ = "http",
+          __metrics_path__ = "pve",
+          __param_target__ = "10.20.25.1"
+        }]
+
+        forward_to = [prometheus.relabel.pve-relabel.receiver]
+      }
+
+      prometheus.relabel "pve-relabel" {
+        forward_to = [prometheus.remote_write.default.receiver]
+
+        rule {
+          source_labels = [ __address__ ]
+          target_label = __param_target
+        }
+        rule {
+          source_labels = [ __param_target ]
+          target_label = instance
+        }
+        rule { 
+          target_label = __address__
+          replacement = pve-exporter:9221
+        }
+    '';
+  };
+}
--- a/systems/monitoring.noc.eh22.intern/system.nix
+++ b/systems/monitoring.noc.eh22.intern/system.nix
@ -8,6 +8,7 @@
    ./grafana.nix
    ./mimir.nix
    ./loki.nix
+    ./pve-exporter.nix
  ];

  sops = {