From 9bf266edb65f1d0601e7c336e4382fa29abd0874 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 5 Jun 2024 14:13:53 +0000 Subject: [PATCH 1/2] prometheus and services --- .../systemd/system/certbot.service.d/override.conf | 2 ++ .../systemd/system/email-failures@.service | 1 + .../systemd/system/logrotate.service.d/override.conf | 2 ++ .../systemd/system/nginx.service.d/override.conf | 7 +++++++ .../prometheus-nginx-exporter.service.d/override.conf | 3 +++ .../systemd/system/stunnel@.service.d/override.conf | 10 ++++++++++ 6 files changed, 25 insertions(+) create mode 100644 confs/off1-reverse-proxy/systemd/system/certbot.service.d/override.conf create mode 120000 confs/off1-reverse-proxy/systemd/system/email-failures@.service create mode 100644 confs/off1-reverse-proxy/systemd/system/logrotate.service.d/override.conf create mode 100644 confs/off1-reverse-proxy/systemd/system/nginx.service.d/override.conf create mode 100644 confs/off1-reverse-proxy/systemd/system/prometheus-nginx-exporter.service.d/override.conf create mode 100644 confs/off1-reverse-proxy/systemd/system/stunnel@.service.d/override.conf diff --git a/confs/off1-reverse-proxy/systemd/system/certbot.service.d/override.conf b/confs/off1-reverse-proxy/systemd/system/certbot.service.d/override.conf new file mode 100644 index 00000000..04d93770 --- /dev/null +++ b/confs/off1-reverse-proxy/systemd/system/certbot.service.d/override.conf @@ -0,0 +1,2 @@ +[Unit] +OnFailure=email-failures@certbot.service diff --git a/confs/off1-reverse-proxy/systemd/system/email-failures@.service b/confs/off1-reverse-proxy/systemd/system/email-failures@.service new file mode 120000 index 00000000..085076b7 --- /dev/null +++ b/confs/off1-reverse-proxy/systemd/system/email-failures@.service @@ -0,0 +1 @@ +../../../common/systemd/system/email-failures@.service \ No newline at end of file diff --git a/confs/off1-reverse-proxy/systemd/system/logrotate.service.d/override.conf b/confs/off1-reverse-proxy/systemd/system/logrotate.service.d/override.conf new file mode 100644 index 00000000..564cbd79 --- /dev/null +++ b/confs/off1-reverse-proxy/systemd/system/logrotate.service.d/override.conf @@ -0,0 +1,2 @@ +[Unit] +OnFailure=email-failures@logrotate.service diff --git a/confs/off1-reverse-proxy/systemd/system/nginx.service.d/override.conf b/confs/off1-reverse-proxy/systemd/system/nginx.service.d/override.conf new file mode 100644 index 00000000..ea2025dc --- /dev/null +++ b/confs/off1-reverse-proxy/systemd/system/nginx.service.d/override.conf @@ -0,0 +1,7 @@ +[Service] +# let nginx refine this +LimitNOFILE=65535 + +[Unit] +OnFailure=email-failures@nginx.service +Restart=always diff --git a/confs/off1-reverse-proxy/systemd/system/prometheus-nginx-exporter.service.d/override.conf b/confs/off1-reverse-proxy/systemd/system/prometheus-nginx-exporter.service.d/override.conf new file mode 100644 index 00000000..1fb522da --- /dev/null +++ b/confs/off1-reverse-proxy/systemd/system/prometheus-nginx-exporter.service.d/override.conf @@ -0,0 +1,3 @@ +[Service] +# ONLY listen on 127.0.0.1 for security reasons +Environment="LISTEN_ADDRESS=10.1.0.100:9113" diff --git a/confs/off1-reverse-proxy/systemd/system/stunnel@.service.d/override.conf b/confs/off1-reverse-proxy/systemd/system/stunnel@.service.d/override.conf new file mode 100644 index 00000000..adc2bf56 --- /dev/null +++ b/confs/off1-reverse-proxy/systemd/system/stunnel@.service.d/override.conf @@ -0,0 +1,10 @@ +[Unit] +# email on failures +OnFailure=email-failures@stunnel__%i.service + +[Service] +# we need to enable putting pit file in runtime directory, with right permissions +# while still starting as root (needed by stunnel) +Group=stunnel4 +RuntimeDirectory=stunnel-%i +RuntimeDirectoryMode=0775 From cf1afe6add87bcc9b6a922ed5dfa3ade1c289bcf Mon Sep 17 00:00:00 2001 From: root Date: Wed, 5 Jun 2024 14:15:03 +0000 Subject: [PATCH 2/2] fix link --- confs/off2-reverse-proxy/systemd/system/email-failures@.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/confs/off2-reverse-proxy/systemd/system/email-failures@.service b/confs/off2-reverse-proxy/systemd/system/email-failures@.service index 5afc0c34..085076b7 120000 --- a/confs/off2-reverse-proxy/systemd/system/email-failures@.service +++ b/confs/off2-reverse-proxy/systemd/system/email-failures@.service @@ -1 +1 @@ -confs/common/systemd/system/email-failures@.service \ No newline at end of file +../../../common/systemd/system/email-failures@.service \ No newline at end of file