From 2d058d7be6cebdbc14cb74981000930cdcb3af74 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 22 Jul 2020 16:25:00 +0200
Subject: puyak: enable blackbox prometheus exporter, use it to ping internal
 and external hosts

---
 krebs/2configs/shack/prometheus/blackbox.nix | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 krebs/2configs/shack/prometheus/blackbox.nix

(limited to 'krebs/2configs/shack/prometheus/blackbox.nix')

diff --git a/krebs/2configs/shack/prometheus/blackbox.nix b/krebs/2configs/shack/prometheus/blackbox.nix
new file mode 100644
index 000000000..82ce003e8
--- /dev/null
+++ b/krebs/2configs/shack/prometheus/blackbox.nix
@@ -0,0 +1,19 @@
+{pkgs, ... }:
+{
+  systemd.services.prometheus-blackbox-exporter.serviceConfig = {
+    CapabilityBoundingSet = ["CAP_NET_RAW"]; # icmp allow
+    AmbientCapabilities = ["CAP_NET_RAW"];
+  };
+  services.prometheus.exporters.blackbox = {
+    enable = true;
+    # openFirewall = true; # not requred if running on the same host as prometheus
+    port = 9115;
+    configFile = pkgs.writeText "icmp" ''
+      modules:
+        icmp:
+          prober: icmp
+          icmp:
+            preferred_ip_protocol: ip4
+    '';
+  };
+}
-- 
cgit v1.2.3