mostly start using prometheus

[distro-setup] / distro-end

diff --git a/distro-end b/distro-end
index ee6693c360dab7b690037dbfa763ca37a1f24326..ae628c5d31c1b409d045dbe996a3e66818bdd686 100755 (executable)
--- a/distro-end
+++ b/distro-end
@@ -573,6 +573,20 @@ sudo rm -f /etc/cron.d/unattended-upgrade-reboot /usr/local/bin/zelous-unattende
 # EOF
 
 if [[ -e /etc/wireguard/wghole.conf ]]; then
+  reload=false
+  if [[ ! -e /etc/systemd/system/wg-quick@wghole.service.d/override.conf ]]; then
+    reload=true
+  fi
+  sudo mkdir -p /etc/systemd/system/wg-quick@wghole.service.d
+  sd /etc/systemd/system/wg-quick@wghole.service.d/override.conf <<'EOF'
+[Unit]
+StartLimitIntervalSec=0
+
+[Service]
+Restart=on-failure
+RestartSec=20
+EOF
+  if $reload; then ser daemon-reload; fi
   sgo wg-quick@wghole
 fi
 
@@ -1830,6 +1844,68 @@ case $HOSTNAME in
     ;;
 esac
 
+### begin prometheus ###
+
+case $HOSTNAME in
+  kd)
+    # ive got these + a needed dependency pinned to bullseye, just to get
+    # versions more in line with the main docs.
+    pi prometheus-alertmanager prometheus prometheus-node-exporter
+    web-conf -p 9091 -f 9090 - apache2 i.b8.nz <<'EOF'
+<Location "/">
+AuthType Basic
+AuthName "basic_auth"
+# created with
+# htpasswd -c prometheus-htpasswd USERNAME
+AuthUserFile "/etc/prometheus-htpasswd"
+Require valid-user
+</Location>
+EOF
+    ;;
+  *)
+    pi prometheus-node-exporter
+    ;;
+esac
+
+case $HOSTNAME in
+  # frodo needs upgrade first.
+  frodo) : ;;
+  # todo, for limiting node exporter http,
+  # either use iptables or, in
+  # /etc/default/prometheus-node-exporter
+  # listen on the wireguard interface
+  ;;
+  li|je|bk)
+    # ex for exporter
+    web-conf -p 9101 -f 9100 - apache2 ${HOSTNAME}ex.b8.nz <<'EOF'
+<Location "/">
+AuthType Basic
+AuthName "basic_auth"
+# created with
+# htpasswd -c prometheus-export-htpasswd USERNAME
+AuthUserFile "/etc/prometheus-export-htpasswd"
+Require valid-user
+</Location>
+EOF
+    ;;
+  *)
+    wgip=$(sudo sed -rn 's,^ *Address *= *([^/]+).*,\1,p' /etc/wireguard/wghole.conf)
+    web-conf -i -a $wgip -p 9101 -f 9100 - apache2 ${HOSTNAME}wg.b8.nz <<'EOF'
+<Location "/">
+AuthType Basic
+AuthName "basic_auth"
+# created with
+# htpasswd -c prometheus-export-htpasswd USERNAME
+AuthUserFile "/etc/prometheus-export-htpasswd"
+Require valid-user
+</Location>
+EOF
+  ;;
+esac
+
+### end prometheus ###
+
+
 end_msg <<'EOF'
 In mate settings settings, change scrolling to two-finger,
 because the default edge scroll doesn\'t work. Originally found this in debian.