tvl-depot/ops/modules/prometheus-fail2ban-exporter.nix

{ config, lib, pkgs, depot, ... }:

let
  cfg = config.services.prometheus-fail2ban-exporter;
in

{
  options.services.prometheus-fail2ban-exporter = with lib; {
    enable = mkEnableOption "Prometheus Fail2ban Exporter";

    interval = mkOption {
      description = "Systemd calendar expression for how often to run the interval";
      type = types.string;
      default = "minutely";
      example = "hourly";
    };
  };

  config = lib.mkIf cfg.enable {
    systemd.services."prometheus-fail2ban-exporter" = {
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" "fail2ban.service" ];
      serviceConfig = {
        User = "root";
        Type = "oneshot";
        ExecStart = pkgs.writeShellScript "prometheus-fail2ban-exporter" ''
          set -eo pipefail
          mkdir -p /var/lib/prometheus/node-exporter
          exec prometheus-fail2ban-exporter
        '';
      };

      path = [
        pkgs.fail2ban
        depot.third_party.prometheus-fail2ban-exporter
      ];
    };

    systemd.timers."prometheus-fail2ban-exporter" = {
      wantedBy = [ "multi-user.target" ];
      timerConfig.OnCalendar = cfg.interval;
    };

    services.prometheus.exporters.node = {
      enabledCollectors = [ "textfile" ];

      extraFlags = [
        "--collector.textfile.directory=/var/lib/prometheus/node-exporter"
      ];
    };
  };
}
refactor(ops): Break out prometheus-fail2ban-exporter module Break out the configuration for the prometheus fail2ban exporter, which is a simple python script that exports stats from fail2ban as a prometheus-scrapable textfile, from Mugwump into a reusable nixos module in //ops/nixos/modules. Change-Id: I5451c9c5de6c7bc4431150ae596a9c758bf1b693 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3136 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> 2021-05-23 13:58:24 +02:00			`{ config, lib, pkgs, depot, ... }:`

			`let`
			`cfg = config.services.prometheus-fail2ban-exporter;`
			`in`

			`{`
			`options.services.prometheus-fail2ban-exporter = with lib; {`
			`enable = mkEnableOption "Prometheus Fail2ban Exporter";`

			`interval = mkOption {`
			`description = "Systemd calendar expression for how often to run the interval";`
			`type = types.string;`
			`default = "minutely";`
			`example = "hourly";`
			`};`
			`};`

			`config = lib.mkIf cfg.enable {`
			`systemd.services."prometheus-fail2ban-exporter" = {`
			`wantedBy = [ "multi-user.target" ];`
			`after = [ "network.target" "fail2ban.service" ];`
			`serviceConfig = {`
			`User = "root";`
			`Type = "oneshot";`
			`ExecStart = pkgs.writeShellScript "prometheus-fail2ban-exporter" ''`
			`set -eo pipefail`
			`mkdir -p /var/lib/prometheus/node-exporter`
			`exec prometheus-fail2ban-exporter`
			`'';`
			`};`

			`path = [`
			`pkgs.fail2ban`
			`depot.third_party.prometheus-fail2ban-exporter`
			`];`
			`};`

			`systemd.timers."prometheus-fail2ban-exporter" = {`
			`wantedBy = [ "multi-user.target" ];`
			`timerConfig.OnCalendar = cfg.interval;`
			`};`

			`services.prometheus.exporters.node = {`
			`enabledCollectors = [ "textfile" ];`

			`extraFlags = [`
			`"--collector.textfile.directory=/var/lib/prometheus/node-exporter"`
			`];`
			`};`
			`};`
			`}`