mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-05-06 04:14:43 +00:00
Rasmus "Pez" Wejlgaard
f2cebcdf38
node_exporter was listening on 0.0.0.0:9100 on helsinki-a and london-a, exposing metrics to the public internet. Changes: - Add node_exporter_bind_tailscale flag (default false) to opt in - Set flag on helsinki-a and london-a host_vars - Debian: configure ARGS in /etc/default/prometheus-node-exporter - FreeBSD: use native node_exporter_listen_address rc.conf variable - Add handlers to restart on config change Prometheus already scrapes via Tailscale IPs, no scrape config changes needed. Fixes PESO-98
46 lines
1.8 KiB
YAML
46 lines
1.8 KiB
YAML
---
|
|
node_exporter_bind_tailscale: true
|
|
host_role: monitoring
|
|
host_description: "Monitoring stack (Prometheus, Grafana)"
|
|
host_location: "London"
|
|
ansible_python_interpreter: /usr/local/bin/python3
|
|
grafana_provisioning_dir: /usr/local/share/grafana/conf/provisioning
|
|
|
|
zfs_pools:
|
|
- zroot
|
|
|
|
# ZFS scrub schedule (currently manual cron, not yet managed by ansible)
|
|
# 0 12 * * sun zpool scrub zroot
|
|
zfs_scrub_schedule: "0 12 * * 0"
|
|
|
|
# --- Services enabled in rc.conf ---
|
|
|
|
# Core services (documented)
|
|
# sshd, ntpd, powerd, zfs, tailscaled, grafana, prometheus, node_exporter
|
|
|
|
# Cloudflare Tunnel — proxies Grafana/Prometheus via pez.sh
|
|
cloudflared_tunnel_id: "168eccae-2497-48e2-a1e2-c12cd3448d9a"
|
|
|
|
# --- Undocumented / likely unused services (audit 2026-03-30) ---
|
|
# These were found running but appear unused. Candidates for removal.
|
|
|
|
# InfluxDB — listening on *:8086, only _internal database exists.
|
|
# No user databases. Probably installed for testing and never used.
|
|
# RECOMMENDATION: disable (influxd_enable="NO" in rc.conf)
|
|
undocumented_influxdb: "unused — no databases, disable"
|
|
|
|
# Redis — listening on localhost:6379, empty keyspace.
|
|
# No clients connected. No data.
|
|
# RECOMMENDATION: disable (redis_enable="NO" in rc.conf)
|
|
undocumented_redis: "unused — empty keyspace, disable"
|
|
|
|
# PostgreSQL — listening on localhost:5432, has a pez_vps database
|
|
# with tables: vms, snapshots, ip_addresses, users, audit_logs, isos.
|
|
# Appears to be from a defunct VPS management project (Rust/sqlx).
|
|
# RECOMMENDATION: confirm with Pez before removing data, then disable
|
|
undocumented_postgresql: "defunct pez_vps project — confirm before disabling"
|
|
|
|
# libvirtd — running, zero VMs defined.
|
|
# Likely installed for the same pez_vps project.
|
|
# RECOMMENDATION: disable (libvirtd_enable="NO" in rc.conf)
|
|
undocumented_libvirtd: "unused — no VMs, disable"
|