From: Ismaël Bouya <ismael.bouya@normalesup.org>
Date: Sat, 24 Oct 2020 09:42:28 +0000 (+0200)
Subject: Add netdata configuration
X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=commitdiff_plain;h=e43fdf341072e4a0150324196fc7af8f383860ec

Add netdata configuration
---

diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 0f6f3e2..a8799d2 100644
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -561,6 +561,8 @@ in
           nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
           slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
           slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
+          netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; };
+          netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; };
           contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
           email_check = mkOption {
             description = "Emails services to check";
diff --git a/modules/private/monitoring/status.nix b/modules/private/monitoring/status.nix
index 4f5f4bb..4ca0327 100644
--- a/modules/private/monitoring/status.nix
+++ b/modules/private/monitoring/status.nix
@@ -28,11 +28,34 @@
       recommendedOptimisation = true;
       recommendedGzipSettings = true;
       recommendedProxySettings = true;
+      upstreams."netdata".servers = { "127.0.0.1:19999" = {}; };
+      upstreams."netdata".extraConfig = ''
+        keepalive 64;
+        '';
       virtualHosts."status.immae.eu" = {
         acmeRoot = config.myServices.certificates.webroot;
         useACMEHost = name;
         forceSSL = true;
         locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
+
+        locations."= /netdata".return = "301 /netdata/";
+        locations."~ /netdata/(?<ndpath>.*)".extraConfig = ''
+          proxy_redirect off;
+          proxy_set_header Host $host;
+
+          proxy_set_header X-Forwarded-Host $host;
+          proxy_set_header X-Forwarded-Server $host;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_http_version 1.1;
+          proxy_pass_request_headers on;
+          proxy_set_header Connection "keep-alive";
+          proxy_store off;
+          proxy_pass http://netdata/$ndpath$is_args$args;
+
+          gzip on;
+          gzip_proxied any;
+          gzip_types *;
+          '';
       };
     };
     security.acme.certs."${name}" = {
diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix
index 15ddd40..f11afb6 100644
--- a/modules/private/system/eldiron.nix
+++ b/modules/private/system/eldiron.nix
@@ -96,6 +96,16 @@
   services.duplyBackup.enable = false;
   services.duplyBackup.profiles.oldies.rootDir = "/var/lib/oldies";
 
+  services.netdata.enable = true;
+  services.netdata.config.global."memory mode" = "none";
+  services.netdata.config.health."enabled" = "no";
+  services.netdata.config.web.mode = "none";
+  environment.etc."netdata/stream.conf".text = ''
+    [stream]
+        enabled = yes
+        destination = ${config.myEnv.monitoring.netdata_aggregator}
+        api key = ${config.myEnv.monitoring.netdata_keys.eldiron}
+  '';
   secrets.keys = [
     {
       dest = "zrepl_backup/identity";
diff --git a/modules/private/system/monitoring-1.nix b/modules/private/system/monitoring-1.nix
index 2241b2b..188162a 100644
--- a/modules/private/system/monitoring-1.nix
+++ b/modules/private/system/monitoring-1.nix
@@ -35,6 +35,20 @@
     })
   ];
 
+  services.netdata.enable = true;
+  services.netdata.config.web."allow dashboard from" = "localhost";
+  services.netdata.config.web."allow badges from" = "*";
+  services.netdata.config.web."allow streaming from" = "*";
+  services.netdata.config.web."allow netdata.conf from" = "fd*";
+  services.netdata.config.web."allow management from" = "fd*";
+  networking.firewall.allowedTCPPorts = [ 19999 ];
+  environment.etc."netdata/stream.conf".text = builtins.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (_: key: ''
+    [${key}]
+        enabled = yes
+        default history = 3600
+        default memory = ram
+        health enabled by default = auto
+  '') config.myEnv.monitoring.netdata_keys);
   # This value determines the NixOS release with which your system is
   # to be compatible, in order to avoid breaking some software such as
   # database servers. You should change this only after NixOS release
diff --git a/nixops/secrets b/nixops/secrets
index 4ce3c27..c91ba44 160000
--- a/nixops/secrets
+++ b/nixops/secrets
@@ -1 +1 @@
-Subproject commit 4ce3c27d2e3db66640a5478aae93b813b7005061
+Subproject commit c91ba443bf2849b8fb81fc72818b77be77b3aabf