weird-row-server: add tailscale prometheus exporter

Author: mrnossiom

hosts/weird-row-server/grafana.nix

@@ -10,6 +10,7 @@
 
     local.ports.prometheus = 9001;
     local.ports.prometheus-node-exporter = 9002;
+    local.ports.tailscale-exporter = 9005;
     local.ports.caddy-metrics = 2019;
     local.ports.authelia-metrics = 9004;
     local.ports.headscale-metrics = 9003;
@@ -22,6 +23,7 @@
       file = secrets/grafana-smtp-password.age;
       owner = "grafana";
     };
+    age.secrets.tailscale-exporter-env.file = secrets/tailscale-exporter-env.age;
     services.grafana = {
       enable = true;
 
@@ -86,6 +88,11 @@
         enable = true;
         port = config.local.ports.prometheus-node-exporter.number;
       };
+      exporters.tailscale = {
+        enable = true;
+        port = config.local.ports.tailscale-exporter.number;
+        environmentFile = config.age.secrets.tailscale-exporter-env.path;
+      };
 
       # TODO: move them to their respective modules
       scrapeConfigs = [
@@ -97,6 +104,7 @@
           job_name = "node-exporter";
           static_configs = [
             { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }
+    
           ];
         }
         {
@@ -107,6 +115,12 @@
           job_name = "authelia";
           static_configs = [ { targets = [ "localhost:${config.local.ports.authelia-metrics.string}" ]; } ];
         }
+        {
+          job_name = "tailscale";
+          static_configs = [
+            { targets = [ "localhost:${toString config.services.prometheus.exporters.tailscale.port}" ]; }
+          ];
+        }
       ];
     };
 

hosts/weird-row-server/secrets/default.nix

@@ -4,25 +4,28 @@ let
   deploy = servers ++ users;
 in
 {
-  # Defines `PDS_JWT_SECRET`, `PDS_ADMIN_PASSWORD`, `PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX`, `PDS_EMAIL_SMTP_URL`, `PDS_EMAIL_FROM_ADDRESS`.
-  "pds-env.age".publicKeys = deploy;
-  # Defines `LLDAP_JWT_SECRET`, `LLDAP_KEY_SEED`.
-  "lldap-env.age".publicKeys = deploy;
-  "lldap-user-pass.age".publicKeys = deploy;
-  "headscale-oidc-secret.age".publicKeys = deploy;
-  "grafana-oidc-secret.age".publicKeys = deploy;
-  "grafana-smtp-password.age".publicKeys = deploy;
-  "authelia-jwt-secret.age".publicKeys = deploy;
+  # Defines `TS_AUTHKEY`, `HETZNER_API_TOKEN`
+  "caddy-env.age".publicKeys = deploy;
   "authelia-issuer-private-key.age".publicKeys = deploy;
-  "authelia-storage-key.age".publicKeys = deploy;
+  "authelia-jwt-secret.age".publicKeys = deploy;
   "authelia-ldap-password.age".publicKeys = deploy;
   "authelia-smtp-password.age".publicKeys = deploy;
-  "tuwunel-registration-tokens.age".publicKeys = deploy;
-  # Defines `SMTP_PASSWORD`
-  "vaultwarden-env.age".publicKeys = deploy;
-  "miniflux-oidc-secret.age".publicKeys = deploy;
+  "authelia-storage-key.age".publicKeys = deploy;
+  "grafana-oidc-secret.age".publicKeys = deploy;
+  "grafana-smtp-password.age".publicKeys = deploy;
+  "headscale-oidc-secret.age".publicKeys = deploy;
   # Defines `HYPIXEL_API_KEY`, `PROFILE_UUID`
   "hypixel-bank-tracker-main.age".publicKeys = deploy;
   "hypixel-bank-tracker-banana.age".publicKeys = deploy;
-  "caddy-env.age".publicKeys = deploy;
+  # Defines `LLDAP_JWT_SECRET`, `LLDAP_KEY_SEED`.
+  "lldap-env.age".publicKeys = deploy;
+  "lldap-user-pass.age".publicKeys = deploy;
+  "miniflux-oidc-secret.age".publicKeys = deploy;
+  # Defines `PDS_JWT_SECRET`, `PDS_ADMIN_PASSWORD`, `PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX`, `PDS_EMAIL_SMTP_URL`, `PDS_EMAIL_FROM_ADDRESS`.
+  "pds-env.age".publicKeys = deploy;
+  # Defines `TAILSCALE_TAILNET`, `TAILSCALE_OAUTH_CLIENT_ID`, `TAILSCALE_OAUTH_CLIENT_SECRET`.
+  "tailscale-exporter-env.age".publicKeys = deploy;
+  "tuwunel-registration-tokens.age".publicKeys = deploy;
+  # Defines `SMTP_PASSWORD`
+  "vaultwarden-env.age".publicKeys = deploy;
 }