bgpwtf/machines: init edge01.waw
This configures our WAW edge router using NixOS. This replaces our
previous Ubuntu installation.
Change-Id: Ibd72bde66ec413164401da407c5b268ad83fd3af
diff --git a/bgpwtf/machines/modules/prometheus.nix b/bgpwtf/machines/modules/prometheus.nix
new file mode 100644
index 0000000..704c257
--- /dev/null
+++ b/bgpwtf/machines/modules/prometheus.nix
@@ -0,0 +1,57 @@
+# Prometheus configuration for a BIRD-enabled router.
+
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+ nodeExporterPort = 9100;
+ birdExporterPort = 9101;
+
+ birdExporter = pkgs.buildGoModule rec {
+ pname = "bird-exporter";
+ version = "1.2.5";
+ src = pkgs.fetchFromGitHub {
+ owner = "czerwonk";
+ repo = "bird_exporter";
+ rev = version;
+ sha256 = "1qrhncy1f119f5rfgn2d1l6nvapaqkld4zb9bxzdqmmw6kicc7bs";
+ };
+
+ vendorSha256 = null;
+ };
+
+in {
+ systemd.services.bird_exporter = {
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = "${birdExporter}/bin/bird_exporter -format.new=true -bird.v2=true -web.listen-address=127.0.0.1:${toString birdExporterPort}";
+ Restart = "always";
+ RestartSec = "60";
+ };
+ };
+
+ services.prometheus.exporters.node = {
+ enable = true;
+ listenAddress = "127.0.0.1";
+ port = nodeExporterPort;
+ };
+
+ services.nginx.enable = true;
+ services.nginx.virtualHosts."${config.networking.hostName}.${config.networking.domain}" = let
+ allowMonitoring = ''
+ allow 209.250.231.127; # monitoring.hackerspace.pl
+ deny all;
+ '';
+ in {
+ locations."/metrics-node" = {
+ proxyPass = "http://127.0.0.1:${toString nodeExporterPort}/metrics";
+ extraConfig = allowMonitoring;
+ };
+ locations."/metrics-bird" = {
+ proxyPass = "http://127.0.0.1:${toString birdExporterPort}/metrics";
+ extraConfig = allowMonitoring;
+ };
+ };
+}