/run/user/0 /run/user/0 none rw,bind 0 0
EOF
+# todo: consider if this should use the new sysd-prom-fail
sd /etc/systemd/system/schrootupdate.service <<'EOF'
[Unit]
Description=schrootupdate
case $HOSTNAME in
kd)
- # ive got these + a needed dependency pinned to bullseye, just to get
- # versions more in line with the main docs.
+ /a/bin/buildscripts/prometheus
# Font awesome is needed for the alertmanager ui.
pi prometheus-alertmanager prometheus prometheus-node-exporter fonts-font-awesome
web-conf -p 9091 -f 9090 - apache2 i.b8.nz <<'EOF'
Require valid-user
</Location>
EOF
+
+ web-conf -p 9094 -f 9093 - apache2 i.b8.nz <<'EOF'
+<Location "/">
+AuthType Basic
+AuthName "basic_auth"
+# created with
+# htpasswd -c prometheus-htpasswd USERNAME
+AuthUserFile "/etc/prometheus-htpasswd"
+Require valid-user
+</Location>
+EOF
+
# by default, the alertmanager web ui is not enabled other than a page
# that suggests to use the amtool cli. that tool is good, but you cant
# silence things nearly as fast.
sysd-prom-fail-install $ser
done
- ## get upstream because it has the react ui, which has localtime, and general better usability.
- ## begin get latest upstream prometheus ###
- cd /a/opt/promdl
- url=$(curl -s https://api.github.com/repos/prometheus/prometheus/releases/latest | jq -r '.assets[].browser_download_url | match(".*linux-amd64.tar.gz$").string')
- f=${url##*/}
- if [[ -e $f ]]; then
- timestamp=$(stat -c %Y $f)
- else
- timestamp=0
- fi
- m wget -nv -N $url
- new_timestamp=$(stat -c %Y $f)
- if [[ $timestamp != $new_timestamp || ! -e /usr/local/bin/prometheus ]]; then
- ngset
- to_rm=( !($f) )
- ngreset
- if (( ${#to_rm[@]} )); then
- rm -rf ${to_rm[@]}
- fi
- m ex $f
- dir=${f%.tar.gz}
- s install $dir/prometheus $dir/promtool /usr/local/bin
- fi
- ## end get latest upstream prometheus ###
-
;;
*)
pi prometheus-node-exporter
</Location>
EOF
# For work, i think we will just use the firewall for hosts in the main data center, and
- # apache/nginx + tls + basic auth outside of it. or consider stunnel.
-
+ # vpn for hosts outside it.
# TODO: figure out how to detect the ping failure and try again.