diff --git a/machines/renge/services/prometheus.nix b/machines/renge/services/prometheus.nix index 9c62570..3c13e49 100644 --- a/machines/renge/services/prometheus.nix +++ b/machines/renge/services/prometheus.nix @@ -123,6 +123,18 @@ in replacement = "vueko.sbruder.de"; }; } + { + job_name = "knot"; + static_configs = mkStaticTargets [ + "okarin.vpn.sbruder.de:9433" + "vueko.vpn.sbruder.de:9433" + ]; + relabel_configs = lib.singleton { + target_label = "instance"; + source_labels = lib.singleton "__address__"; + regex = "(.*)\\.vpn\\.sbruder\\.de:9433"; + }; + } ]; rules = diff --git a/modules/authoritative-dns.nix b/modules/authoritative-dns.nix index 97c0cad..f08fdca 100644 --- a/modules/authoritative-dns.nix +++ b/modules/authoritative-dns.nix @@ -41,6 +41,15 @@ in log: - target: syslog any: info + + mod-stats: + - id: custom + edns-presence: on + flag-presence: on + query-size: on + query-type: on + reply-size: on + remote: ${lib.concatStrings (lib.mapAttrsToList (host: hostAddresses: '' - id: ${host} @@ -70,6 +79,8 @@ in # dnssec dnssec-signing: on dnssec-policy: default + # stats + module: mod-stats/custom - id: nix-generated storage: /var/lib/knot/nix-zones/ semantic-checks: on @@ -77,6 +88,8 @@ in zonefile-sync: -1 zonefile-load: difference-no-serial journal-content: all + # stats + module: mod-stats/custom zone: ${lib.concatMapStrings (domain: '' @@ -93,6 +106,8 @@ in - id: default master: [${primaryHost}] acl: [primary_notify] + # stats + module: mod-stats/custom ''); }; @@ -167,6 +182,11 @@ in allowedUDPPorts = [ 53 ]; }; + services.prometheus.exporters.knot = { + enable = true; + listenAddress = config.sbruder.wireguard.home.address; + }; + assertions = [ { assertion = isPrimaryHost -> (lib.hasAttr "vpn.sbruder.de" cfg.generated-zones);