aboutsummaryrefslogtreecommitdiff
path: root/cluster/staging
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-12-01 17:25:53 +0100
committerAlex Auvolat <alex@adnab.me>2022-12-01 17:25:53 +0100
commit18ab08a86cde01d5b715a9ce036787190b90dc1c (patch)
tree856f200590c373e8506dd79ef0197e931a833874 /cluster/staging
parent195e340f567b768fd3731f6abb5ae8960f1fe8ff (diff)
downloadnixcfg-18ab08a86cde01d5b715a9ce036787190b90dc1c.tar.gz
nixcfg-18ab08a86cde01d5b715a9ce036787190b90dc1c.zip
staging: run node_exporter from nixos; run synapse as non-root
Diffstat (limited to 'cluster/staging')
-rw-r--r--cluster/staging/app/im/deploy/im-nix.hcl4
-rw-r--r--cluster/staging/app/telemetry/deploy/telemetry-system.hcl47
2 files changed, 22 insertions, 29 deletions
diff --git a/cluster/staging/app/im/deploy/im-nix.hcl b/cluster/staging/app/im/deploy/im-nix.hcl
index 4cc3b0e..0d7b79d 100644
--- a/cluster/staging/app/im/deploy/im-nix.hcl
+++ b/cluster/staging/app/im/deploy/im-nix.hcl
@@ -46,7 +46,6 @@ job "im" {
"secrets/litestream.yml" = "/etc/litestream.yml"
}
}
- user = "root"
template {
data = file("../config/litestream.yml")
@@ -82,7 +81,6 @@ job "im" {
env = {
SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"
}
- user = "root"
template {
data = file("flake.nix")
@@ -148,7 +146,6 @@ job "im" {
"../alloc/data" = "/ephemeral",
}
}
- user = "root"
template {
data = file("flake.nix")
@@ -195,7 +192,6 @@ EOH
"secrets/litestream.yml" = "/etc/litestream.yml"
}
}
- user = "root"
template {
data = file("../config/litestream.yml")
diff --git a/cluster/staging/app/telemetry/deploy/telemetry-system.hcl b/cluster/staging/app/telemetry/deploy/telemetry-system.hcl
index e2bad61..7cbb01a 100644
--- a/cluster/staging/app/telemetry/deploy/telemetry-system.hcl
+++ b/cluster/staging/app/telemetry/deploy/telemetry-system.hcl
@@ -1,40 +1,37 @@
job "telemetry-system" {
- datacenters = ["neptune"]
- type = "system"
- priority = "100"
+ datacenters = ["neptune"]
+ type = "system"
+ priority = "100"
- group "collector" {
+ group "collector" {
network {
port "node_exporter" { static = 9100 }
}
- task "node_exporter" {
- driver = "docker"
+ task "node_exporter" {
+ driver = "nix2"
- config {
- image = "quay.io/prometheus/node-exporter:v1.1.2"
- network_mode = "host"
- volumes = [
- "/:/host:ro,rslave"
- ]
- args = [ "--path.rootfs=/host" ]
- }
+ config {
+ packages = [ "#prometheus-node-exporter" ]
+ command = "node_exporter"
+ args = [ "--path.rootfs=/host" ]
+ bind_read_only = {
+ "/" = "/host"
+ }
+ }
- resources {
- cpu = 50
- memory = 40
- }
+ resources {
+ cpu = 50
+ memory = 40
+ }
service {
- tags = [ "telemetry" ]
- port = 9100
- address_mode = "driver"
name = "node-exporter"
+ tags = [ "telemetry" ]
+ port = "node_exporter"
check {
type = "http"
path = "/"
- port = 9100
- address_mode = "driver"
interval = "60s"
timeout = "5s"
check_restart {
@@ -44,6 +41,6 @@ job "telemetry-system" {
}
}
}
- }
- }
+ }
+ }
}