X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fsystem%2Fmonitoring-1.nix;h=e335080b88d66fda0163e86583215114b5f3aa5c;hb=282c67a117b7d349b30a96972b050d630f906dec;hp=2241b2b71d579be9e952aea089651cb2df9f9878;hpb=34abd6afa44c620a56416bd423a2438a09bd1ce4;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/system/monitoring-1.nix b/modules/private/system/monitoring-1.nix
index 2241b2b..e335080 100644
--- a/modules/private/system/monitoring-1.nix
+++ b/modules/private/system/monitoring-1.nix
@@ -1,4 +1,3 @@
-{ privateFiles }:
 { config, pkgs, resources, ... }:
 {
   deployment = {
@@ -6,8 +5,10 @@
     targetHost = config.hostEnv.ips.main.ip4;
     substituteOnDestination = true;
   };
+  # ssh-keyscan monitoring-1 | nix-shell -p ssh-to-age --run ssh-to-age
+  secrets.ageKeys = [ "age1dn4lzhgxusqrpjjnzm7w8ml39ptf326htuzmpqdqs2gg3wq7cqzqxuvx8k" ];
   boot.kernelPackages = pkgs.linuxPackages_latest;
-  myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; };
+  myEnv = import ../../../nixops/secrets/environment.nix;
 
   imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ] ++ builtins.attrValues (import ../..);
 
@@ -35,6 +36,31 @@
     })
   ];
 
+  services.netdata.enable = true;
+  services.netdata.config.web."allow dashboard from" = "localhost";
+  services.netdata.config.web."allow badges from" = "*";
+  services.netdata.config.web."allow streaming from" = "*";
+  services.netdata.config.web."allow netdata.conf from" = "fd*";
+  services.netdata.config.web."allow management from" = "fd*";
+  networking.firewall.allowedTCPPorts = [ 19999 ];
+  environment.etc."netdata/stream.conf".source = "/var/secrets/netdata-stream.conf";
+
+  secrets.keys = [
+    {
+      dest = "netdata-stream.conf";
+      user = config.services.netdata.user;
+      group = config.services.netdata.group;
+      permissions = "0400";
+      text = builtins.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (_: key: ''
+        [${key}]
+            enabled = yes
+            default history = 3600
+            default memory = ram
+            health enabled by default = auto
+      '') config.myEnv.monitoring.netdata_keys);
+    }
+  ];
+  users.users."${config.services.netdata.user}".extraGroups = [ "keys" ];
   # This value determines the NixOS release with which your system is
   # to be compatible, in order to avoid breaking some software such as
   # database servers. You should change this only after NixOS release