refactor(ops): Break out prometheus-fail2ban-exporter module

Break out the configuration for the prometheus fail2ban exporter, which is a simple python script that exports stats from fail2ban as a prometheus-scrapable textfile, from Mugwump into a reusable nixos module in //ops/nixos/modules. Change-Id: I5451c9c5de6c7bc4431150ae596a9c758bf1b693 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3136 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-05-23 13:58:24 +02:00 · 2021-05-23 13:58:24 +02:00 · 702594ca64
commit 702594ca64
parent 8587bb5f67
4 changed files with 72 additions and 35 deletions
--- a/users/grfn/system/system/default.nix
+++ b/users/grfn/system/system/default.nix
@ -9,9 +9,7 @@ rec {

  mugwump = import ./machines/mugwump.nix;

-  mugwumpSystem = (depot.third_party.nixos {
-    configuration = mugwump;
-  }).system;
+  mugwumpSystem = (depot.ops.nixos.nixosFor mugwump).system;

  roswell = import ./machines/roswell.nix;

--- a/users/grfn/system/system/machines/mugwump.nix
+++ b/users/grfn/system/system/machines/mugwump.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, pkgs, modulesPath, depot, ... }:

 with lib;

@ -6,6 +6,7 @@ with lib;
  imports = [
    ../modules/common.nix
    (modulesPath + "/installer/scan/not-detected.nix")
+    "${depot.path}/ops/modules/prometheus-fail2ban-exporter.nix"
  ];

  networking.hostName = "mugwump";
@ -158,11 +159,6 @@ with lib;
          "systemd"
          "tcpstat"
          "wifi"
-          "textfile"
-        ];
-
-        extraFlags = [
-          "--collector.textfile.directory=/var/lib/prometheus/node-exporter"
        ];
      };

@ -230,32 +226,6 @@ with lib;
    }];
  };

-  systemd.services."prometheus-fail2ban-exporter" = {
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network.target" "fail2ban.service" ];
-    serviceConfig = {
-      User = "root";
-      Type = "oneshot";
-      ExecStart = pkgs.writeShellScript "prometheus-fail2ban-exporter" ''
-        set -eo pipefail
-        mkdir -p /var/lib/prometheus/node-exporter
-        exec ${pkgs.python3.withPackages (p: [
-          p.prometheus_client
-        ])}/bin/python ${pkgs.fetchurl {
-          url = "https://raw.githubusercontent.com/jangrewe/prometheus-fail2ban-exporter/11066950b47bb2dbef96ea8544f76e46ed829e81/fail2ban-exporter.py";
-          sha256 = "049lsvw1nj65bbvp8ygyz3743ayzdawrbjixaxmpm03qbrcfmwc4";
-        }}
-      '';
-    };
-
-    path = with pkgs; [ fail2ban ];
-  };
-
-  systemd.timers."prometheus-fail2ban-exporter" = {
-    wantedBy = [ "multi-user.target" ];
-    timerConfig.OnCalendar = "minutely";
-  };
-
  virtualisation.docker.enable = true;

  services.buildkite-agents = listToAttrs (map (n: rec {