Add prometheus metrics to alloy

2025-05-06 15:14:49 +02:00 · 2025-05-06 15:14:49 +02:00 · 5ad3e9bfe2
commit 5ad3e9bfe2
parent 616788c5ea
8 changed files with 174 additions and 19 deletions
--- a/modules/services/output.tf
+++ b/modules/services/output.tf
@ -1,9 +1,9 @@
 output "authentik_data" {
  value = {
    for key in keys(authentik_application.service_applications) : key => {
-      "base_url"      = "${var.authentik_url}/application/o/${authentik_application.service_applications[key].slug}"
-      "client_id"     = authentik_provider_oauth2.service_providers[key].client_id
-      "client_secret" = authentik_provider_oauth2.service_providers[key].client_secret
+      base_url      = "${var.authentik_url}/application/o/${authentik_application.service_applications[key].slug}"
+      client_id     = authentik_provider_oauth2.service_providers[key].client_id
+      client_secret = authentik_provider_oauth2.service_providers[key].client_secret
    }
  }
  sensitive = true
@ -12,19 +12,28 @@ output "authentik_data" {
 output "postgresql_data" {
  value = {
    for key in keys(postgresql_database.service_databases) : key => {
-      "user"      = postgresql_role.service_roles[key].name
-      "pass"      = postgresql_role.service_roles[key].password
-      "database"  = postgresql_database.service_databases[key].name
+      user      = postgresql_role.service_roles[key].name
+      pass      = postgresql_role.service_roles[key].password
+      database  = postgresql_database.service_databases[key].name
    }
  }
  sensitive = true
 }

+output "postgresql_metrics_collector" {
+  value = {
+    user      = postgresql_role.metrics_collector_role.name
+    pass      = postgresql_role.metrics_collector_role.password
+    database  = postgresql_database.metrics_collector_database.name
+  }
+  sensitive = true
+}
+
 output "mailcow_data" {
  value = {
    for key in keys(mailcow_mailbox.services) : key => {
-      "address"  = mailcow_mailbox.services[key].address
-      "password" = mailcow_mailbox.services[key].password
+      address  = mailcow_mailbox.services[key].address
+      password = mailcow_mailbox.services[key].password
    }
  }
  sensitive = true
--- a/modules/services/postgresql.tf
+++ b/modules/services/postgresql.tf
@ -16,3 +16,21 @@ resource "postgresql_database" "service_databases" {
  name     = each.key
  owner    = postgresql_role.service_roles[each.key].name
 }
+
+resource "random_password" "postgresql_metrics_collector_password" {
+  length  = 32
+  special = false
+}
+
+resource "postgresql_role" "metrics_collector_role" {
+  name     = "metrics_collector"
+  login    = true
+  password = random_password.postgresql_metrics_collector_password.result
+  search_path = ["postgres_exporter", "pg_catalog"]
+  roles = ["pg_monitor", "pg_read_all_stats"]
+}
+
+resource "postgresql_database" "metrics_collector_database" {
+  name     = "metrics_collector"
+  owner    = postgresql_role.metrics_collector_role.name
+}