3b6f4545b4
node_exporter on all three hosts (port 9100, ZT-only). Prometheus server scrapes via the clan ZT IPv6s. Alertmanager routes alerts to @HarakatBot (chat 66070351); critical repeats every 1h, others 4h. Starter rule: HostDown when up==0 for 5m. Grafana on :3000 over ZT, provisioned with the local Prometheus as default datasource. Manual secrets on sunken-ship: /etc/alertmanager/telegram-token and /etc/grafana/secret-key. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
12 lines
379 B
Nix
12 lines
379 B
Nix
# Prometheus node_exporter — exposes host metrics on :9100, scoped to the
|
|
# ZeroTier mesh so only sunken-ship (the Prometheus server) can scrape it.
|
|
{ ... }: {
|
|
services.prometheus.exporters.node = {
|
|
enable = true;
|
|
port = 9100;
|
|
listenAddress = "::";
|
|
enabledCollectors = [ "systemd" ];
|
|
};
|
|
|
|
networking.firewall.interfaces."zt+".allowedTCPPorts = [ 9100 ];
|
|
}
|