SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 16:21:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

alloy: Configure crowdsec metrics collecting

Browse source
This commit is contained in:
SebastianStork 2025-09-25 00:25:09 +02:00
parent 517310cf86
commit cd84465d7f
2 changed files with 25 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

21
modules/system/services/alloy.nix
View file

@ -32,6 +32,9 @@ in
caddy = lib.mkEnableOption "" // { caddy = lib.mkEnableOption "" // {
default = config.services.caddy.enable; default = config.services.caddy.enable;
}; };
crowdsec = lib.mkEnableOption "" // {
default = config.services.crowdsec.enable;
};
}; };
logs.sshd = lib.mkEnableOption "" // { logs.sshd = lib.mkEnableOption "" // {
default = config.services.openssh.enable; default = config.services.openssh.enable;
@ -49,6 +52,10 @@ in
assertion = cfg.collect.metrics.caddy -> config.services.caddy.enable; assertion = cfg.collect.metrics.caddy -> config.services.caddy.enable;
message = "Collecting Caddy metrics requires the Caddy service to be enabled."; message = "Collecting Caddy metrics requires the Caddy service to be enabled.";
} }
{
assertion = cfg.collect.metrics.crowdsec -> config.services.crowdsec.enable;
message = "Collecting CrowdSec metrics requires the CrowdSec service to be enabled.";
}
{ {
assertion = cfg.collect.logs.sshd -> config.services.openssh.enable; assertion = cfg.collect.logs.sshd -> config.services.openssh.enable;
message = "Collecting OpenSSH logs requires the OpenSSH service to be enabled."; message = "Collecting OpenSSH logs requires the OpenSSH service to be enabled.";
@ -136,6 +143,20 @@ in
} }
''; '';
}; };
"alloy/crowdsec-metrics.alloy" = {
enable = cfg.collect.metrics.crowdsec;
text = ''
prometheus.scrape "crowdsec" {
targets = [{
__address__ = "localhost:${builtins.toString config.custom.services.crowdsec.prometheusPort}",
job = "crowdsec",
instance = constants.hostname,
}]
forward_to = [prometheus.remote_write.default.receiver]
scrape_interval = "15s"
}
'';
};
"alloy/sshd-logs.alloy" = { "alloy/sshd-logs.alloy" = {
enable = cfg.collect.logs.sshd; enable = cfg.collect.logs.sshd;
text = '' text = ''

4
modules/system/services/crowdsec/default.nix
View file

@ -50,6 +50,10 @@ in
settings = { settings = {
api.server.listen_uri = "localhost:${builtins.toString cfg.apiPort}"; api.server.listen_uri = "localhost:${builtins.toString cfg.apiPort}";
cscli.prometheus_uri = "http://localhost:${builtins.toString cfg.prometheusPort}"; cscli.prometheus_uri = "http://localhost:${builtins.toString cfg.prometheusPort}";
prometheus = {
listen_addr = "localhost";
listen_port = cfg.prometheusPort;
};
}; };
allowLocalJournalAccess = true; allowLocalJournalAccess = true;