diff --git a/README.md b/README.md index d251ef3..ed54cda 100644 --- a/README.md +++ b/README.md @@ -28,22 +28,64 @@ OPN_TARGETS="opn01.lan,opn02.lan" OPN_APIKEY="..." OPN_APISECRET="..." go run paepcke.de/opnborg/cmd/opnborg@main ``` -# HOW TO INSTALL +# ⚡️HOW TO INSTALL ``` go install paepcke.de/opnborg/cmd/opnborg@main ``` -# PRE-BUILD BINARIES (DOWNLOAD) +# ⚡️PRE-BUILD BINARIES (DOWNLOAD) [https://github.com/paepckehh/opnborg/releases](https://github.com/paepckehh/opnborg/releases) -# EXAMPLE ENV CONFIG +# ⚡️EXAMPLE CONFIGURATION VIA ENV ``` please see: - example.sh - example-env-config.sh ``` +# ⚡️DOCKER +``` +docker pull ghcr.io/paepckehh/opnborg:latest +``` + +# ⚡️NIXOS SYSTEM SERVICE VIA DOCKER +see opnborg-docker.nix +see opnborg-docker-complex.nix +see opnborg-prometheus-grafana.nix + +``` +{config, ...}: { + #################### + #-=# NETWORKING #=-# + #################### + networking = { + firewall = { + allowedTCPPorts = [6464]; # open tcp port 6464 + }; + }; + ######################## + #-=# VIRTUALISATION #=-# + ######################## + virtualisation = { + oci-containers = { + backend = "podman"; + containers = { + opnborg = { + image = "ghcr.io/paepckehh/opnborg"; + extraOptions = ["--network=host"]; + environment = { + "OPN_TARGETS" = "opn01.lan,opn02.lan"; + "OPN_APIKEY" = "+RIb6YWNdcDWMMM7W5ZYDkUvP4qx6e1r7e/Lg/Uh3aBH+veuWfKc7UvEELH/lajWtNxkOaOPjWR8uMcD"; + "OPN_APISECRET" = "8VbjM3HKKqQW2ozOe5PTicMXOBVi9jZTSPCGfGrHp8rW6m+TeTxHyZyAI1GjERbuzjmz6jK/usMCWR/p"; + }; + }; + }; + }; + }; +} +``` + # FEATURES - Central Monitoring (version, status, online, offline, last seen, configuration compliance) diff --git a/opnborg-docker-complex.nix b/opnborg-docker-complex.nix new file mode 100644 index 0000000..294f277 --- /dev/null +++ b/opnborg-docker-complex.nix @@ -0,0 +1,48 @@ +{config, ...}: { + #################### + #-=# NETWORKING #=-# + #################### + networking = { + firewall = { + allowedTCPPorts = [6464]; # open tcp port 6464 + }; + }; + ######################## + #-=# VIRTUALISATION #=-# + ######################## + virtualisation = { + oci-containers = { + backend = "podman"; + containers = { + opnborg = { + image = "ghcr.io/paepckehh/opnborg"; + extraOptions = ["--network=host"]; + environment = { + "OPN_APIKEY" = "+RIb6YWNdcDWMMM7W5ZYDkUvP4qx6e1r7e/Lg/Uh3aBH+veuWfKc7UvEELH/lajWtNxkOaOPjWR8uMcD"; + "OPN_APISECRET" = "8VbjM3HKKqQW2ozOe5PTicMXOBVi9jZTSPCGfGrHp8rW6m+TeTxHyZyAI1GjERbuzjmz6jK/usMCWR/p"; + "OPN_TLSKEYPIN" = "8VbjM3HKKqQW2ozOe5PTicMXOBVi9jZTSPCGfGrHp8rW6m+TeTxHyZyAI1GjERbuzjmz6jK/usMCWR/p"; + "OPN_MASTER" = "opn00.lan:8443"; + "OPN_TARGETS_HOTSTANDBY" = "opn00.lan:8443"; + "OPN_TARGETS_PRODUCTION" = "opn01.lan:8443,opn02.lan:8443"; + "OPN_TARGETS_IMGURL_HOTSTANDBY" = "https://icon-library.com/images/freebsd-icon/freebsd-icon-16.jpg"; + "OPN_TARGETS_IMGURL_PRODUCTION" = "https://icon-library.com/images/freebsd-icon/freebsd-icon-16.jpg"; + "OPN_SLEEP" = "60"; + "OPN_DEBUG" = "true"; + "OPN_SYNC_PKG" = "true"; + "OPN_HTTPD_ENABLE" = "true"; + "OPN_HTTPD_SERVER" = "127.0.0.1:6464"; + "OPN_HTTPD_COLOR_FG" = "white"; + "OPN_HTTPD_COLOR_BG" = "grey"; + "OPN_RSYSLOG_ENABLE" = "true"; + "OPN_RSYSLOG_SERVER" = "192.168.122.1:5140"; + "OPN_GRAFANA_WEBUI" = "http://localhost:9090"; + "OPN_GRAFANA_DASHBOARD_FREEBSD" = "Kczn-jPZz/node-exporter-freebsd"; + "OPN_GRAFANA_DASHBOARD_HAPROXY" = "rEqu1u5ue/haproxy-2-full"; + "OPN_WAZUH_WEBUI" = "http://localhost:9292"; + "OPN_PROMETHEUS_WEBUI" = "http://localhost:9191"; + }; + }; + }; + }; + }; +} diff --git a/opnborg-docker.nix b/opnborg-docker.nix new file mode 100644 index 0000000..b97fbc3 --- /dev/null +++ b/opnborg-docker.nix @@ -0,0 +1,29 @@ +{config, ...}: { + #################### + #-=# NETWORKING #=-# + #################### + networking = { + firewall = { + allowedTCPPorts = [6464]; # open tcp port 6464 + }; + }; + ######################## + #-=# VIRTUALISATION #=-# + ######################## + virtualisation = { + oci-containers = { + backend = "podman"; + containers = { + opnborg = { + image = "ghcr.io/paepckehh/opnborg"; + extraOptions = ["--network=host"]; + environment = { + "OPN_TARGETS" = "opn01.lan,opn02.lan"; + "OPN_APIKEY" = "+RIb6YWNdcDWMMM7W5ZYDkUvP4qx6e1r7e/Lg/Uh3aBH+veuWfKc7UvEELH/lajWtNxkOaOPjWR8uMcD"; + "OPN_APISECRET" = "8VbjM3HKKqQW2ozOe5PTicMXOBVi9jZTSPCGfGrHp8rW6m+TeTxHyZyAI1GjERbuzjmz6jK/usMCWR/p"; + }; + }; + }; + }; + }; +} diff --git a/opnborg-prometheus-grafana-wazuh.nix b/opnborg-prometheus-grafana-wazuh.nix deleted file mode 100644 index 3094309..0000000 --- a/opnborg-prometheus-grafana-wazuh.nix +++ /dev/null @@ -1,58 +0,0 @@ -{config, ...}: { - ################## - #-=# SERVICES #=-# - ################## - services = { - prometheus = { - enable = true; - alertmanager.port = 9292; - port = 9191; - retentionTime = "365d"; - scrapeConfigs = [ - { - job_name = "node"; - static_configs = [ - { - targets = [ - "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" # self - "192.168.122.2:9100" # example opnsense node IP - "192.168.122.3:9100" # example opnsense node IP - ]; - } - ]; - } - { - job_name = "haproxy"; - static_configs = [ - { - targets = [ - "192.168.122.2:8404" # example opnsense node IP - "192.168.122.3:8404" # example opnsense node IP - ]; - } - ]; - } - ]; - exporters.node = { - enable = true; - port = 9100; - enabledCollectors = [ - "logind" - "systemd" - ]; - disabledCollectors = []; - openFirewall = true; - }; - }; - grafana = { - enable = true; - settings = { - server = { - http_addr = "127.0.0.1"; - http_port = 9090; - domain = "localhost"; - }; - }; - }; - }; -} diff --git a/opnborg-prometheus-grafana.nix b/opnborg-prometheus-grafana.nix new file mode 100644 index 0000000..c49d8c9 --- /dev/null +++ b/opnborg-prometheus-grafana.nix @@ -0,0 +1,87 @@ +{config, ...}: { + # example nixos config for opn01.lan & opn02.lan including prometheus & grafana + # WebUI http://localhost:6464 + #################### + #-=# NETWORKING #=-# + #################### + networking = { + firewall = { + allowedTCPPorts = [6464]; # open tcp port 6464 + }; + }; + ######################## + #-=# VIRTUALISATION #=-# + ######################## + virtualisation = { + oci-containers = { + backend = "podman"; + containers = { + opnborg = { + image = "ghcr.io/paepckehh/opnborg"; + extraOptions = ["--network=host"]; + environment = { + "OPN_TARGETS" = "opn01.lan,opn02.lan"; + "OPN_APIKEY" = "+RIb6YWNdcDWMMM7W5ZYDkUvP4qx6e1r7e/Lg/Uh3aBH+veuWfKc7UvEELH/lajWtNxkOaOPjWR8uMcD"; + "OPN_APISECRET" = "8VbjM3HKKqQW2ozOe5PTicMXOBVi9jZTSPCGfGrHp8rW6m+TeTxHyZyAI1GjERbuzjmz6jK/usMCWR/p"; + }; + }; + }; + }; + }; + ################## + #-=# SERVICES #=-# + ################## + services = { + prometheus = { + enable = true; + alertmanager.port = 9292; + port = 9191; + retentionTime = "365d"; + scrapeConfigs = [ + { + job_name = "node"; + static_configs = [ + { + targets = [ + "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" # self + "opn01.lan:9100" # example opnsense node IP + "opn02.lan:9100" # example opnsense node IP + ]; + } + ]; + } + { + job_name = "haproxy"; + static_configs = [ + { + targets = [ + "opn01.lan:8404" # example opnsense node IP + "opn02.lan:8404" # example opnsense node IP + ]; + } + ]; + } + ]; + exporters.node = { + enable = true; + port = 9100; + enabledCollectors = [ + "logind" + "systemd" + ]; + disabledCollectors = []; + openFirewall = true; + }; + }; + grafana = { + enable = true; + settings = { + server = { + http_addr = "127.0.0.1"; + http_port = 9090; + domain = "localhost"; + }; + }; + }; + }; +}