feat: monitor dnsmasq + v2ray

2026-03-30 22:32:03 +02:00 · 2024-02-17 14:31:33 +08:00
parent 34ca7615b4
commit 9c07aa1113
3 changed files with 68 additions and 3 deletions
--- a/2
+++ b/2
@@ -107,7 +107,7 @@ ruby:
 kana:
  colmena apply --on '@kana'

-tailscale_gw:
+tsgw:
  colmena apply --on '@tailscale_gw'

 pve-image:
--- a/hosts/homelab_tailscale_gw/proxy.nix
+++ b/hosts/homelab_tailscale_gw/proxy.nix
@@ -1,10 +1,34 @@
 {
-  # dae(running on aquamarine) do not provides http/socks5 proxy server, so we use v2ray here.
-  # https://github.com/v2fly
+  # dae(running on aquamarine) do not provides http/socks5 proxy server; so we use v2ray here.
+  # https=//github.com/v2fly
  services.v2ray = {
    enable = true;
    config = {
+      # for monitoring
+      "stats" = {};
+      "api" = {
+        "tag" = "api";
+        "services" = [
+          "StatsService"
+        ];
+      };
+      "policy" = {
+        "levels" = {
+          "0" = {
+            "statsUserUplink" = true;
+            "statsUserDownlink" = true;
+          };
+        };
+        "system" = {
+          "statsInboundUplink" = true;
+          "statsInboundDownlink" = true;
+          "statsOutboundUplink" = true;
+          "statsOutboundDownlink" = true;
+        };
+      };
+
      inbounds = [
+        # core inbound
        {
          listen = "0.0.0.0";
          port = 7890;
@@ -19,6 +43,17 @@
            udp = true;
          };
        }
+
+        # for monitoring
+        {
+          "tag" = "api";
+          "listen" = "127.0.0.1";
+          "port" = 54321;
+          "protocol" = "dokodemo-door";
+          "settings" = {
+            "address" = "127.0.0.1";
+          };
+        }
      ];
      outbounds = [
        # forward traffic directly via system's default network(to dae proxy running on aquamarine)
@@ -27,6 +62,28 @@
          tag = "freedom";
        }
      ];
+
+      # for monitoring
+      "routing" = {
+        "rules" = [
+          {
+            "inboundTag" = [
+              "api"
+            ];
+            "outboundTag" = "api";
+            "type" = "field";
+          }
+        ];
+      };
    };
  };
+
+  # https://github.com/wi1dcard/v2ray-exporter
+  services.prometheus.exporters.v2ray = {
+    enable = true;
+    listenAddress = "0.0.0.0";
+    port = 9153;
+    openFirewall = false;
+    v2rayEndpoint = "127.0.0.1:54321";
+  };
 }
--- a/hosts/idols_aquamarine/router.nix
+++ b/hosts/idols_aquamarine/router.nix
@@ -165,6 +165,14 @@ in {
    };
  };

+  # monitoring with prometheus
+  services.prometheus.exporters.dnsmasq = {
+    enable = true;
+    listenAddress = "0.0.0.0";
+    port = 9153;
+    openFirewall = false;
+  };
+
  # The service irqbalance is useful as it assigns certain IRQ calls to specific CPUs instead of
  # letting the first CPU core to handle everything.
  # This is supposed to increase performance by hitting CPU cache more often.