Monitor headscale with prometheus

2024-01-27 17:40:02 +00:00 · 2024-01-27 17:40:02 +00:00 · 53c758a781
parent b51677b795
commit 53c758a781
3 changed files with 14 additions and 1 deletions
--- a/ansible/roles/forrest/files/prometheus/prometheus.yml
+++ b/ansible/roles/forrest/files/prometheus/prometheus.yml
@ -155,3 +155,13 @@ scrape_configs:
    static_configs:
      - targets:
          - speedtest_exporter:9516
+
+  - job_name: headscale
+    metrics_path: /metrics
+    static_configs:
+      - targets:
+          - "{{ nebula.clients.casey.ip }}:9090"
+    metric_relabel_configs:
+      - source_labels: [__name__]
+        regex: go_.+
+        action: drop
--- a/ansible/roles/headscale/files/headscale.yml
+++ b/ansible/roles/headscale/files/headscale.yml
@ -21,7 +21,7 @@ listen_addr: 127.0.0.1:8416
 # to keep this endpoint private to your internal
 # network
 #
-metrics_listen_addr: 127.0.0.1:9090
+metrics_listen_addr: "{{ private_ip }}:9090"

 # Address to listen for gRPC.
 # gRPC is used for controlling a headscale server
--- a/ansible/roles/ingress/files/nftables.conf
+++ b/ansible/roles/ingress/files/nftables.conf
@ -36,5 +36,8 @@ table inet filter {
        # Allow traffic from nebula to proxmox network
        ip saddr {{ nebula.cidr }} ip daddr {{ pve_hosts.internal_cidr }} accept
        ip saddr {{ pve_hosts.internal_cidr }} ip daddr {{ nebula.cidr }} ct state related,established accept
+
+        # Allow monitoring of nebula network
+        ip saddr {{ pve_hosts.forrest.ip }}/32 ip daddr {{ nebula.cidr }} accept
    }
 }