-{ config, pkgs, lib, nixpkgs, php, secrets, ... }:
+{ config, pkgs, lib, nixpkgs, ports, secrets, ... }:
{
# ssh-keyscan monitoring-1 | nix-shell -p ssh-to-age --run ssh-to-age
secrets.ageKeys = [ "age1dn4lzhgxusqrpjjnzm7w8ml39ptf326htuzmpqdqs2gg3wq7cqzqxuvx8k" ];
./status_engine.nix
];
- nixpkgs.overlays = builtins.attrValues php.overlays;
+ nixpkgs.overlays = builtins.attrValues ports.overlays;
nixpkgs.config.permittedInsecurePackages = [
"python-2.7.18.6" # for nagios-cli
];
})
];
- services.netdata.enable = true;
- services.netdata.configDir."stream.conf" = config.secrets.fullPaths."netdata-stream.conf";
- services.netdata.config.web."allow dashboard from" = "localhost";
- services.netdata.config.web."allow badges from" = "*";
- services.netdata.config.web."allow streaming from" = "*";
- services.netdata.config.web."allow netdata.conf from" = "fd*";
- services.netdata.config.web."allow management from" = "fd*";
- networking.firewall.allowedTCPPorts = [ 19999 ];
-
- secrets.keys = {
- "netdata-stream.conf" = {
- user = config.services.netdata.user;
- group = config.services.netdata.group;
- permissions = "0400";
- text = builtins.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (_: key: ''
- [${key}]
- enabled = yes
- default history = 3600
- default memory = ram
- health enabled by default = auto
- '') config.myEnv.monitoring.netdata_keys);
- };
- };
- users.users."${config.services.netdata.user}".extraGroups = [ "keys" ];
# This value determines the NixOS release with which your system is
# to be compatible, in order to avoid breaking some software such as
# database servers. You should change this only after NixOS release