X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fsystem%2Fmonitoring-1.nix;h=e335080b88d66fda0163e86583215114b5f3aa5c;hb=282c67a117b7d349b30a96972b050d630f906dec;hp=2241b2b71d579be9e952aea089651cb2df9f9878;hpb=34abd6afa44c620a56416bd423a2438a09bd1ce4;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/system/monitoring-1.nix b/modules/private/system/monitoring-1.nix index 2241b2b..e335080 100644 --- a/modules/private/system/monitoring-1.nix +++ b/modules/private/system/monitoring-1.nix @@ -1,4 +1,3 @@ -{ privateFiles }: { config, pkgs, resources, ... }: { deployment = { @@ -6,8 +5,10 @@ targetHost = config.hostEnv.ips.main.ip4; substituteOnDestination = true; }; + # ssh-keyscan monitoring-1 | nix-shell -p ssh-to-age --run ssh-to-age + secrets.ageKeys = [ "age1dn4lzhgxusqrpjjnzm7w8ml39ptf326htuzmpqdqs2gg3wq7cqzqxuvx8k" ]; boot.kernelPackages = pkgs.linuxPackages_latest; - myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; }; + myEnv = import ../../../nixops/secrets/environment.nix; imports = [ ] ++ builtins.attrValues (import ../..); @@ -35,6 +36,31 @@ }) ]; + services.netdata.enable = true; + services.netdata.config.web."allow dashboard from" = "localhost"; + services.netdata.config.web."allow badges from" = "*"; + services.netdata.config.web."allow streaming from" = "*"; + services.netdata.config.web."allow netdata.conf from" = "fd*"; + services.netdata.config.web."allow management from" = "fd*"; + networking.firewall.allowedTCPPorts = [ 19999 ]; + environment.etc."netdata/stream.conf".source = "/var/secrets/netdata-stream.conf"; + + secrets.keys = [ + { + dest = "netdata-stream.conf"; + user = config.services.netdata.user; + group = config.services.netdata.group; + permissions = "0400"; + text = builtins.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (_: key: '' + [${key}] + enabled = yes + default history = 3600 + default memory = ram + health enabled by default = auto + '') config.myEnv.monitoring.netdata_keys); + } + ]; + users.users."${config.services.netdata.user}".extraGroups = [ "keys" ]; # This value determines the NixOS release with which your system is # to be compatible, in order to avoid breaking some software such as # database servers. You should change this only after NixOS release