add: docker & nixos examples

paepckehh · Oct 31, 2024 · f7cc7d0 · f7cc7d0
1 parent 61a0020
commit f7cc7d0
Show file tree

Hide file tree

Showing 5 changed files with 209 additions and 61 deletions.
diff --git a/README.md b/README.md
@@ -28,22 +28,64 @@
 OPN_TARGETS="opn01.lan,opn02.lan" OPN_APIKEY="..." OPN_APISECRET="..." go run paepcke.de/opnborg/cmd/opnborg@main
 ```
 
-# HOW TO INSTALL
+# ⚡️HOW TO INSTALL
 
 ```
 go install paepcke.de/opnborg/cmd/opnborg@main
 ```
 
-# PRE-BUILD BINARIES (DOWNLOAD)
+# ⚡️PRE-BUILD BINARIES (DOWNLOAD)
 [https://github.com/paepckehh/opnborg/releases](https://github.com/paepckehh/opnborg/releases)
 
-# EXAMPLE ENV CONFIG
+# ⚡️EXAMPLE CONFIGURATION VIA ENV 
 ```
 please see:
 - example.sh 
 - example-env-config.sh
 ```
 
+# ⚡️DOCKER
+```
+docker pull ghcr.io/paepckehh/opnborg:latest
+```
+
+# ⚡️NIXOS SYSTEM SERVICE VIA DOCKER
+see opnborg-docker.nix
+see opnborg-docker-complex.nix
+see opnborg-prometheus-grafana.nix
+
+```
+{config, ...}: {
+  ####################
+  #-=# NETWORKING #=-#
+  ####################
+  networking = {
+    firewall = {
+      allowedTCPPorts = [6464]; # open tcp port 6464
+    };
+  };
+  ########################
+  #-=# VIRTUALISATION #=-#
+  ########################
+  virtualisation = {
+    oci-containers = {
+      backend = "podman";
+      containers = {
+        opnborg = {
+          image = "ghcr.io/paepckehh/opnborg";
+          extraOptions = ["--network=host"];
+          environment = {
+            "OPN_TARGETS" = "opn01.lan,opn02.lan";
+            "OPN_APIKEY" = "+RIb6YWNdcDWMMM7W5ZYDkUvP4qx6e1r7e/Lg/Uh3aBH+veuWfKc7UvEELH/lajWtNxkOaOPjWR8uMcD";
+            "OPN_APISECRET" = "8VbjM3HKKqQW2ozOe5PTicMXOBVi9jZTSPCGfGrHp8rW6m+TeTxHyZyAI1GjERbuzjmz6jK/usMCWR/p";
+          };
+        };
+      };
+    };
+  };
+}
+```
+
 # FEATURES
 
 - Central Monitoring (version, status, online, offline, last seen, configuration compliance)

diff --git a/opnborg-docker-complex.nix b/opnborg-docker-complex.nix
@@ -0,0 +1,48 @@
+{config, ...}: {
+  ####################
+  #-=# NETWORKING #=-#
+  ####################
+  networking = {
+    firewall = {
+      allowedTCPPorts = [6464]; # open tcp port 6464
+    };
+  };
+  ########################
+  #-=# VIRTUALISATION #=-#
+  ########################
+  virtualisation = {
+    oci-containers = {
+      backend = "podman";
+      containers = {
+        opnborg = {
+          image = "ghcr.io/paepckehh/opnborg";
+          extraOptions = ["--network=host"];
+          environment = {
+            "OPN_APIKEY" = "+RIb6YWNdcDWMMM7W5ZYDkUvP4qx6e1r7e/Lg/Uh3aBH+veuWfKc7UvEELH/lajWtNxkOaOPjWR8uMcD";
+            "OPN_APISECRET" = "8VbjM3HKKqQW2ozOe5PTicMXOBVi9jZTSPCGfGrHp8rW6m+TeTxHyZyAI1GjERbuzjmz6jK/usMCWR/p";
+            "OPN_TLSKEYPIN" = "8VbjM3HKKqQW2ozOe5PTicMXOBVi9jZTSPCGfGrHp8rW6m+TeTxHyZyAI1GjERbuzjmz6jK/usMCWR/p";
+            "OPN_MASTER" = "opn00.lan:8443";
+            "OPN_TARGETS_HOTSTANDBY" = "opn00.lan:8443";
+            "OPN_TARGETS_PRODUCTION" = "opn01.lan:8443,opn02.lan:8443";
+            "OPN_TARGETS_IMGURL_HOTSTANDBY" = "https://icon-library.com/images/freebsd-icon/freebsd-icon-16.jpg";
+            "OPN_TARGETS_IMGURL_PRODUCTION" = "https://icon-library.com/images/freebsd-icon/freebsd-icon-16.jpg";
+            "OPN_SLEEP" = "60";
+            "OPN_DEBUG" = "true";
+            "OPN_SYNC_PKG" = "true";
+            "OPN_HTTPD_ENABLE" = "true";
+            "OPN_HTTPD_SERVER" = "127.0.0.1:6464";
+            "OPN_HTTPD_COLOR_FG" = "white";
+            "OPN_HTTPD_COLOR_BG" = "grey";
+            "OPN_RSYSLOG_ENABLE" = "true";
+            "OPN_RSYSLOG_SERVER" = "192.168.122.1:5140";
+            "OPN_GRAFANA_WEBUI" = "http://localhost:9090";
+            "OPN_GRAFANA_DASHBOARD_FREEBSD" = "Kczn-jPZz/node-exporter-freebsd";
+            "OPN_GRAFANA_DASHBOARD_HAPROXY" = "rEqu1u5ue/haproxy-2-full";
+            "OPN_WAZUH_WEBUI" = "http://localhost:9292";
+            "OPN_PROMETHEUS_WEBUI" = "http://localhost:9191";
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/opnborg-docker.nix b/opnborg-docker.nix
@@ -0,0 +1,29 @@
+{config, ...}: {
+  ####################
+  #-=# NETWORKING #=-#
+  ####################
+  networking = {
+    firewall = {
+      allowedTCPPorts = [6464]; # open tcp port 6464
+    };
+  };
+  ########################
+  #-=# VIRTUALISATION #=-#
+  ########################
+  virtualisation = {
+    oci-containers = {
+      backend = "podman";
+      containers = {
+        opnborg = {
+          image = "ghcr.io/paepckehh/opnborg";
+          extraOptions = ["--network=host"];
+          environment = {
+            "OPN_TARGETS" = "opn01.lan,opn02.lan";
+            "OPN_APIKEY" = "+RIb6YWNdcDWMMM7W5ZYDkUvP4qx6e1r7e/Lg/Uh3aBH+veuWfKc7UvEELH/lajWtNxkOaOPjWR8uMcD";
+            "OPN_APISECRET" = "8VbjM3HKKqQW2ozOe5PTicMXOBVi9jZTSPCGfGrHp8rW6m+TeTxHyZyAI1GjERbuzjmz6jK/usMCWR/p";
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/opnborg-prometheus-grafana-wazuh.nix b/opnborg-prometheus-grafana-wazuh.nix
diff --git a/opnborg-prometheus-grafana.nix b/opnborg-prometheus-grafana.nix
@@ -0,0 +1,87 @@
+{config, ...}: {
+  # example nixos config for opn01.lan & opn02.lan including prometheus & grafana
+  # WebUI http://localhost:6464
+  ####################
+  #-=# NETWORKING #=-#
+  ####################
+  networking = {
+    firewall = {
+      allowedTCPPorts = [6464]; # open tcp port 6464
+    };
+  };
+  ########################
+  #-=# VIRTUALISATION #=-#
+  ########################
+  virtualisation = {
+    oci-containers = {
+      backend = "podman";
+      containers = {
+        opnborg = {
+          image = "ghcr.io/paepckehh/opnborg";
+          extraOptions = ["--network=host"];
+          environment = {
+            "OPN_TARGETS" = "opn01.lan,opn02.lan";
+            "OPN_APIKEY" = "+RIb6YWNdcDWMMM7W5ZYDkUvP4qx6e1r7e/Lg/Uh3aBH+veuWfKc7UvEELH/lajWtNxkOaOPjWR8uMcD";
+            "OPN_APISECRET" = "8VbjM3HKKqQW2ozOe5PTicMXOBVi9jZTSPCGfGrHp8rW6m+TeTxHyZyAI1GjERbuzjmz6jK/usMCWR/p";
+          };
+        };
+      };
+    };
+  };
+  ##################
+  #-=# SERVICES #=-#
+  ##################
+  services = {
+    prometheus = {
+      enable = true;
+      alertmanager.port = 9292;
+      port = 9191;
+      retentionTime = "365d";
+      scrapeConfigs = [
+        {
+          job_name = "node";
+          static_configs = [
+            {
+              targets = [
+                "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" # self
+                "opn01.lan:9100" # example opnsense node IP
+                "opn02.lan:9100" # example opnsense node IP
+              ];
+            }
+          ];
+        }
+        {
+          job_name = "haproxy";
+          static_configs = [
+            {
+              targets = [
+                "opn01.lan:8404" # example opnsense node IP
+                "opn02.lan:8404" # example opnsense node IP
+              ];
+            }
+          ];
+        }
+      ];
+      exporters.node = {
+        enable = true;
+        port = 9100;
+        enabledCollectors = [
+          "logind"
+          "systemd"
+        ];
+        disabledCollectors = [];
+        openFirewall = true;
+      };
+    };
+    grafana = {
+      enable = true;
+      settings = {
+        server = {
+          http_addr = "127.0.0.1";
+          http_port = 9090;
+          domain = "localhost";
+        };
+      };
+    };
+  };
+}