commit 923af25499dfa02734b708497e2375046995a4ac · krasovs.ky/homelab

+66

butane/fcos.yml.tftpl

···

       163
       163
        
                 # all keys on machine, reaching the limit.

     

       164
       164
        
                 MaxAuthTries 10

     

       165
       165
        
       

     

       166
       166
       +
           # Firewall configuration

     

       167
       167
       +
           - path: /etc/sysconfig/nftables.conf

     

       168
       168
       +
             overwrite: true

     

       169
       169
       +
             mode: 0644

     

       170
       170
       +
             contents:

     

       171
       171
       +
               inline: |

     

       172
       172
       +
                 include "/etc/nftables/main.nft"

     

       173
       173
       +
       

     

       174
       174
       +
           - path: /etc/nftables/main.nft

     

       175
       175
       +
             overwrite: true

     

       176
       176
       +
             mode: 0644

     

       177
       177
       +
             contents:

     

       178
       178
       +
               inline: |

     

       179
       179
       +
                 #!/usr/sbin/nft -f

     

       180
       180
       +
       

     

       181
       181
       +
                 flush ruleset

     

       182
       182
       +
       

     

       183
       183
       +
                 table inet filter {

     

       184
       184
       +
                 	chain input {

     

       185
       185
       +
                 		type filter hook input priority filter; policy drop;

     

       186
       186
       +
       

     

       187
       187
       +
                 		# allow established/related connections

     

       188
       188
       +
                 		ct state {established, related} accept

     

       189
       189
       +
       

     

       190
       190
       +
                 		# early drop of invalid connections

     

       191
       191
       +
                 		ct state invalid drop

     

       192
       192
       +
       

     

       193
       193
       +
                 		# allow from loopback

     

       194
       194
       +
                 		iifname lo accept

     

       195
       195
       +
       

     

       196
       196
       +
                 		# allow icmp

     

       197
       197
       +
                 		ip protocol icmp accept

     

       198
       198
       +
                 		ip6 nexthdr icmpv6 counter accept

     

       199
       199
       +
       

     

       200
       200
       +
                 		# allow ssh

     

       201
       201
       +
                 		tcp dport ssh accept

     

       202
       202
       +
       

     

       203
       203
       +
                 		# allow http and https

     

       204
       204
       +
                 		tcp dport 8080 accept

     

       205
       205
       +
                 		tcp dport 8443 accept

     

       206
       206
       +
       

     

       207
       207
       +
                 		# allow truenas to report metrics using graphite

     

       208
       208
       +
                 		ip saddr 192.168.100.3 tcp dport 2003 accept

     

       209
       209
       +
                 		ip saddr 192.168.100.3 udp dport 2003 accept

     

       210
       210
       +
       

     

       211
       211
       +
                 		# allow plugs to access mqtt broker

     

       212
       212
       +
                 		ip saddr 192.168.100.1 tcp dport 1883 accept

     

       213
       213
       +
                 	}

     

       214
       214
       +
       

     

       215
       215
       +
                 	chain forward {

     

       216
       216
       +
                 		type filter hook forward priority filter; policy drop;

     

       217
       217
       +
       

     

       218
       218
       +
                 		ct state {established, related} accept

     

       219
       219
       +
                 		ct state invalid drop

     

       220
       220
       +
       

     

       221
       221
       +
                 		ct status dnat accept

     

       222
       222
       +
                 	}

     

       223
       223
       +
       

     

       224
       224
       +
                 	chain output {

     

       225
       225
       +
                 		type filter hook output priority 0; policy accept;

     

       226
       226
       +
                 	}

     

       227
       227
       +
                 }

     

       228
       228
       +
       

     

       166
       229
        
       systemd:

     

       167
       230
        
         units:

     

       168
       231
        
           - name: install-additional-software.service

     
···

       286
       349
        
       

     

       287
       350
        
               [Install]

     

       288
       351
        
               WantedBy=remote-fs.target

     

       352
       352
       +
       

     

       353
       353
       +
           - name: nftables.service

     

       354
       354
       +
             enabled: true

     

       289
       355
        
       

     

       290
       356
        
       kernel_arguments:

     

       291
       357
        
         should_exist:

+25 -4

configs/alloy/config.alloy

···

       9
       9
        
       

     

       10
       10
        
       discovery.relabel "docker" {

     

       11
       11
        
         targets = discovery.docker.fcos.targets

     

       12
       12
       -
         

     

       12
       12
       +
       

     

       13
       13
        
         rule {

     

       14
       14
        
           action = "labelmap"

     

       15
       15
        
           regex  = "^__meta_docker_(.*)$"

     
···

       19
       19
        
       loki.source.docker "podman" {

     

       20
       20
        
         host          = "unix:///var/run/docker.sock"

     

       21
       21
        
         targets       = discovery.docker.fcos.targets

     

       22
       22
       -
         labels        = { "source_name" = "podman" } 

     

       22
       22
       +
         labels        = { "source_name" = "podman" }

     

       23
       23
        
         forward_to    = [loki.process.copy_msg.receiver]

     

       24
       24
        
         relabel_rules = discovery.relabel.docker.rules

     

       25
       25
        
       }

     
···

       47
       47
        
         }

     

       48
       48
        
       }

     

       49
       49
        
       

     

       50
       50
       -
       // Just Traefik for now

     

       51
       50
        
       prometheus.scrape "scrape_metrics" {

     

       52
       52
       -
         targets         = [{ __address__ = "traefik:8082" }]

     

       51
       51
       +
         targets         = [{ __address__ = "traefik:8082" }, {__address__ = "rmqtt:6060", __metrics_path__ = "/api/v1/metrics/prometheus" }]

     

       53
       52
        
         forward_to      = [prometheus.remote_write.victoria_metrics.receiver]

     

       54
       53
        
         scrape_interval = "10s"

     

       55
       54
        
       }

     
···

       59
       58
        
           url = "http://victoria:8428/prometheus/api/v1/write"

     

       60
       59
        
         }

     

       61
       60
        
       }

     

       61
       61
       +
       

     

       62
       62
       +
       // Receive metrics from MQTT

     

       63
       63
       +
       otelcol.receiver.otlp "telegraf" {

     

       64
       64
       +
         http {}

     

       65
       65
       +
         grpc {}

     

       66
       66
       +
       

     

       67
       67
       +
         output {

     

       68
       68
       +
           metrics = [otelcol.processor.batch.telegraf.input]

     

       69
       69
       +
         }

     

       70
       70
       +
       }

     

       71
       71
       +
       

     

       72
       72
       +
       otelcol.processor.batch "telegraf" {

     

       73
       73
       +
         output {

     

       74
       74
       +
           metrics = [otelcol.exporter.otlphttp.victoria_metrics.input]

     

       75
       75
       +
         }

     

       76
       76
       +
       }

     

       77
       77
       +
       

     

       78
       78
       +
       otelcol.exporter.otlphttp "victoria_metrics" {

     

       79
       79
       +
         client {

     

       80
       80
       +
           endpoint = "http://victoria:8428/opentelemetry"

     

       81
       81
       +
         }

     

       82
       82
       +
       }

+4 -1

configs/containers/systemd/pods/victoria.pod

···

       4
       4
        
       [Pod]

     

       5
       5
        
       PodName=victoria

     

       6
       6
        
       Network=victoria.network

     

       7
       7
       -
       Network=reverse-proxy.network
     

       7
       7
       +
       Network=reverse-proxy.network

     

       8
       8
       +
       # Publish Graphite collector ports

     

       9
       9
       +
       PublishPort=2003:2003/tcp

     

       10
       10
       +
       PublishPort=2003:2003/udp

+27

configs/containers/systemd/rmqtt.container.tftpl

···

       1
       1
       +
       [Unit]

     

       2
       2
       +
       Description=RMQTT Broker Quadlet

     

       3
       3
       +
       

     

       4
       4
       +
       [Container]

     

       5
       5
       +
       Image=docker.io/rmqtt/rmqtt:latest

     

       6
       6
       +
       AutoUpdate=registry

     

       7
       7
       +
       ContainerName=rmqtt

     

       8
       8
       +
       

     

       9
       9
       +
       User=1000:1000

     

       10
       10
       +
       UserNS=keep-id:uid=1000,gid=1000

     

       11
       11
       +
       

     

       12
       12
       +
       Label="glance.parent=victoria-metrics"

     

       13
       13
       +
       Label="glance.name=MQTT Broker"

     

       14
       14
       +
       Label="glance.hide=false"

     

       15
       15
       +
       

     

       16
       16
       +
       Volume=/var/mnt/docker/app_data/rmqtt/logs:/var/log/rmqtt:Z

     

       17
       17
       +
       

     

       18
       18
       +
       Network=reverse-proxy.network

     

       19
       19
       +
       PublishPort=1883:1883

     

       20
       20
       +
       PublishPort=6060:6060

     

       21
       21
       +
       

     

       22
       22
       +
       [Service]

     

       23
       23
       +
       TimeoutStartSec=900

     

       24
       24
       +
       Restart=always

     

       25
       25
       +
       

     

       26
       26
       +
       [Install]

     

       27
       27
       +
       WantedBy=multi-user.target default.target

+26

configs/containers/systemd/telegraf.container.tftpl

···

       1
       1
       +
       [Unit]

     

       2
       2
       +
       Description=Telegraf Agent Quadlet

     

       3
       3
       +
       

     

       4
       4
       +
       [Container]

     

       5
       5
       +
       Image=docker.io/telegraf:alpine

     

       6
       6
       +
       AutoUpdate=registry

     

       7
       7
       +
       ContainerName=telegraf

     

       8
       8
       +
       HostName=telegraf

     

       9
       9
       +
       

     

       10
       10
       +
       User=1000:1000

     

       11
       11
       +
       UserNS=keep-id:uid=1000,gid=1000

     

       12
       12
       +
       

     

       13
       13
       +
       Label="glance.parent=victoria-metrics"

     

       14
       14
       +
       Label="glance.name=Telegraf Agent"

     

       15
       15
       +
       Label="glance.hide=false"

     

       16
       16
       +
       

     

       17
       17
       +
       Volume=%E/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf:Z

     

       18
       18
       +
       

     

       19
       19
       +
       Network=reverse-proxy.network

     

       20
       20
       +
       

     

       21
       21
       +
       [Service]

     

       22
       22
       +
       TimeoutStartSec=900

     

       23
       23
       +
       Restart=always

     

       24
       24
       +
       

     

       25
       25
       +
       [Install]

     

       26
       26
       +
       WantedBy=multi-user.target default.target

+4 -1

configs/containers/systemd/victoria/victoria-metrics.container.tftpl

···

       9
       9
        
       User=1000:1000

     

       10
       10
        
       UserNS=keep-id:uid=1000,gid=1000

     

       11
       11
        
       

     

       12
       12
       +
       Label="glance.id=victoria-metrics"

     

       12
       13
        
       Label="glance.name=VictoriaMetrics"

     

       13
       14
        
       Label="glance.icon=di:victoriametrics-light"

     

       14
       15
        
       Label="glance.url=https://metrics.${base_domain}"

     

       15
       16
        
       Label="glance.description=Metrics Storage"

     

       16
       17
        
       Label="glance.hide=false"

     

       18
       18
       +
       

     

       19
       19
       +
       Exec="--graphiteListenAddr=:2003"

     

       17
       20
        
       

     

       18
       21
        
       Volume=/var/mnt/observability/metrics:/victoria-metrics-data:Z

     

       19
       22
        
       

     
···

       24
       27
        
       Restart=always

     

       25
       28
        
       

     

       26
       29
        
       [Install]

     

       27
       27
       -
       WantedBy=multi-user.target default.target
     

       30
       30
       +
       WantedBy=multi-user.target default.target

+21

configs/telegraf/telegraf.conf

···

       1
       1
       +
       [[inputs.mqtt_consumer]]

     

       2
       2
       +
         servers = ["tcp://rmqtt:1883"]

     

       3
       3
       +
         topics = [

     

       4
       4
       +
           "shelly/+/status/+"

     

       5
       5
       +
         ]

     

       6
       6
       +
       

     

       7
       7
       +
         data_format = "json_v2"

     

       8
       8
       +
         [[inputs.mqtt_consumer.json_v2]]

     

       9
       9
       +
           [[inputs.mqtt_consumer.json_v2.field]]

     

       10
       10
       +
             path = "apower"

     

       11
       11
       +
           [[inputs.mqtt_consumer.json_v2.field]]

     

       12
       12
       +
             path = "voltage"

     

       13
       13
       +
           [[inputs.mqtt_consumer.json_v2.field]]

     

       14
       14
       +
             path = "freq"

     

       15
       15
       +
           [[inputs.mqtt_consumer.json_v2.field]]

     

       16
       16
       +
             path = "current"

     

       17
       17
       +
           [[inputs.mqtt_consumer.json_v2.field]]

     

       18
       18
       +
             path = "temperature.tC"

     

       19
       19
       +
       

     

       20
       20
       +
       [[outputs.opentelemetry]]

     

       21
       21
       +
         service_address = "grafana-alloy:4317"