Compare commits

...

2 commits

Author SHA1 Message Date
Rouven Seifert 5089f62112 parsedmarc: init 2024-05-31 23:01:59 +02:00
Rouven Seifert d9a60f39a6 falkenstein: remove postfix exporter 2024-05-31 22:33:39 +02:00
7 changed files with 46 additions and 47 deletions

View file

@ -3,6 +3,9 @@
age.secrets."maxmind" = { age.secrets."maxmind" = {
file = ../../../../secrets/shared/maxmind.age; file = ../../../../secrets/shared/maxmind.age;
}; };
imports = [
./dmarc.nix
];
users.users."promtail".extraGroups = [ "caddy" "systemd-journal" ]; users.users."promtail".extraGroups = [ "caddy" "systemd-journal" ];
services.prometheus = { services.prometheus = {
exporters = { exporters = {
@ -10,9 +13,6 @@
enable = true; enable = true;
enabledCollectors = [ "systemd" ]; enabledCollectors = [ "systemd" ];
}; };
postfix = {
enable = true;
};
}; };
}; };
services.geoipupdate = { services.geoipupdate = {
@ -115,6 +115,5 @@
}; };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
config.services.prometheus.exporters.node.port config.services.prometheus.exporters.node.port
config.services.prometheus.exporters.postfix.port
]; ];
} }

View file

@ -0,0 +1,35 @@
{ config, ... }:
{
age.secrets.dmarc = {
file = ../../../../secrets/falkenstein/dmarc.age;
};
users.users.dmarc = {
description = "DMARC Report recipient";
isNormalUser = true;
};
networking.firewall.allowedTCPPorts = [ config.services.elasticsearch.tcp_port ];
services.parsedmarc = {
enable = true;
provision = {
grafana = {
dashboard = false;
datasource = false;
};
localMail.enable = false;
elasticsearch = false;
geoIp = false;
};
settings = {
imap = {
user = "dmarc@rfive.de";
port = 993;
host = "mail.rfive.de";
password = {
_secret = config.age.secrets.dmarc.path;
};
};
opensearch.hosts = "localhost:9200";
};
};
services.opensearch.enable = true;
}

View file

@ -104,12 +104,6 @@ in
}]; }];
scrape_interval = "15s"; scrape_interval = "15s";
} }
{
job_name = "postfix";
static_configs = [{
targets = [ "falkenstein.vpn.rfive.de:${toString config.services.prometheus.exporters.postfix.port}" ];
}];
}
{ {
job_name = "synapse"; job_name = "synapse";
static_configs = [{ static_configs = [{

View file

@ -112,16 +112,4 @@ in
pythonPath = python.pkgs.makePythonPath propagatedBuildInputs; pythonPath = python.pkgs.makePythonPath propagatedBuildInputs;
}; };
}); });
# (hopefully) fix systemd journal reading
prometheus-postfix-exporter = prev.prometheus-postfix-exporter.overrideAttrs (_old: {
patches = [
./prometheus-postfix-exporter/0001-cleanup-also-catch-milter-reject.patch
];
src = fetchFromGitHub {
owner = "adangel";
repo = "postfix_exporter";
rev = "414ac12ee63415eede46cb3084d755a6da6fba23";
hash = "sha256-m1kVaO3N7XC1vtnxXX9kMiEFPmZuoopRUYgA7gQzP8w=";
};
});
} }

View file

@ -1,25 +0,0 @@
From f4c5dd5628c873981b2d6d6b8f3bbf036b9fd724 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven.seifert@ifsr.de>
Date: Thu, 2 May 2024 11:20:27 +0200
Subject: [PATCH] cleanup: also catch milter-reject
---
postfix_exporter.go | 2 ++
1 file changed, 2 insertions(+)
diff --git a/postfix_exporter.go b/postfix_exporter.go
index f20d99c..676d767 100644
--- a/postfix_exporter.go
+++ b/postfix_exporter.go
@@ -335,6 +335,8 @@ func (e *PostfixExporter) CollectFromLogLine(line string) {
e.cleanupProcesses.Inc()
} else if strings.Contains(remainder, ": reject: ") {
e.cleanupRejects.Inc()
+ } else if strings.Contains(remainder, ": milter-reject: ") {
+ e.cleanupRejects.Inc()
} else {
e.addToUnsupportedLine(line, subprocess, level)
}
--
2.44.0

View file

@ -36,6 +36,7 @@ in
"secrets/falkenstein/wireguard/dorm/preshared.age".publicKeys = [ rouven falkenstein ]; "secrets/falkenstein/wireguard/dorm/preshared.age".publicKeys = [ rouven falkenstein ];
"secrets/falkenstein/borg/passphrase.age".publicKeys = [ rouven falkenstein ]; "secrets/falkenstein/borg/passphrase.age".publicKeys = [ rouven falkenstein ];
"secrets/falkenstein/borg/key.age".publicKeys = [ rouven falkenstein ]; "secrets/falkenstein/borg/key.age".publicKeys = [ rouven falkenstein ];
"secrets/falkenstein/dmarc.age".publicKeys = [ rouven falkenstein ];
#shared #shared
"secrets/shared/maxmind.age".publicKeys = [ rouven nuc falkenstein ]; "secrets/shared/maxmind.age".publicKeys = [ rouven nuc falkenstein ];

View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 uWbAHQ OVBZwLNH5ryKgNruVU0XRV2F5dDu7W9R3qMWz08Krzs
vrXngscbxNRGfITXKM1uRNFRjUZRaWNpZ9ijSy+pERw
-> ssh-ed25519 slrRig AIO7ny4bykCYWzLgCfd75dt00myFSd+waEv2/MEOpUY
65u83G9Ew+idajuExoTb5URAnM1paEGFYsfQ3HqKvGg
--- YoSI0kDXGCKQQCebjG8vzsTJMomjJ3RZWY0j+eG5U6U
n „NÀSò]6e<36>¸åp!±ÍY°  D&uöü2¾ÇŠÒy˜¾¯`<60>j