alloy: Configure crowdsec metrics collecting

2026-01-21 14:01:34 +01:00 · 2025-09-25 00:25:09 +02:00 · 2025-09-25 00:25:09 +02:00 · cd84465d7f
commit cd84465d7f
parent 517310cf86
2 changed files with 25 additions and 0 deletions
--- a/modules/system/services/alloy.nix
+++ b/modules/system/services/alloy.nix
@ -32,6 +32,9 @@ in
        caddy = lib.mkEnableOption "" // {
          default = config.services.caddy.enable;
        };
+        crowdsec = lib.mkEnableOption "" // {
+          default = config.services.crowdsec.enable;
+        };
      };
      logs.sshd = lib.mkEnableOption "" // {
        default = config.services.openssh.enable;
@ -49,6 +52,10 @@ in
        assertion = cfg.collect.metrics.caddy -> config.services.caddy.enable;
        message = "Collecting Caddy metrics requires the Caddy service to be enabled.";
      }
+      {
+        assertion = cfg.collect.metrics.crowdsec -> config.services.crowdsec.enable;
+        message = "Collecting CrowdSec metrics requires the CrowdSec service to be enabled.";
+      }
      {
        assertion = cfg.collect.logs.sshd -> config.services.openssh.enable;
        message = "Collecting OpenSSH logs requires the OpenSSH service to be enabled.";
@ -136,6 +143,20 @@ in
            }
          '';
        };
+        "alloy/crowdsec-metrics.alloy" = {
+          enable = cfg.collect.metrics.crowdsec;
+          text = ''
+            prometheus.scrape "crowdsec" {
+              targets = [{
+                __address__ = "localhost:${builtins.toString config.custom.services.crowdsec.prometheusPort}",
+                job         = "crowdsec",
+                instance    = constants.hostname,
+              }]
+              forward_to      = [prometheus.remote_write.default.receiver]
+              scrape_interval = "15s"
+            }
+          '';
+        };
        "alloy/sshd-logs.alloy" = {
          enable = cfg.collect.logs.sshd;
          text = ''
--- a/modules/system/services/crowdsec/default.nix
+++ b/modules/system/services/crowdsec/default.nix
@ -50,6 +50,10 @@ in
      settings = {
        api.server.listen_uri = "localhost:${builtins.toString cfg.apiPort}";
        cscli.prometheus_uri = "http://localhost:${builtins.toString cfg.prometheusPort}";
+        prometheus = {
+          listen_addr = "localhost";
+          listen_port = cfg.prometheusPort;
+        };
      };

      allowLocalJournalAccess = true;