aboutsummaryrefslogtreecommitdiff
path: root/modules/private
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2020-10-24 11:42:28 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2020-10-24 11:42:28 +0200
commite43fdf341072e4a0150324196fc7af8f383860ec (patch)
treee90a9b225c3b8f770911f3ec4b41328ff1f66d8b /modules/private
parent70712d466fd52ebd48c5ddda2556ac36f04677a0 (diff)
downloadNix-e43fdf341072e4a0150324196fc7af8f383860ec.tar.gz
Nix-e43fdf341072e4a0150324196fc7af8f383860ec.tar.zst
Nix-e43fdf341072e4a0150324196fc7af8f383860ec.zip
Add netdata configuration
Diffstat (limited to 'modules/private')
-rw-r--r--modules/private/environment.nix2
-rw-r--r--modules/private/monitoring/status.nix23
-rw-r--r--modules/private/system/eldiron.nix10
-rw-r--r--modules/private/system/monitoring-1.nix14
4 files changed, 49 insertions, 0 deletions
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 0f6f3e2..a8799d2 100644
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -561,6 +561,8 @@ in
561 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; }; 561 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
562 slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; }; 562 slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
563 slack_channel = mkOption { type = str; description = "Slack channel to push status update"; }; 563 slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
564 netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; };
565 netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; };
564 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; }; 566 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
565 email_check = mkOption { 567 email_check = mkOption {
566 description = "Emails services to check"; 568 description = "Emails services to check";
diff --git a/modules/private/monitoring/status.nix b/modules/private/monitoring/status.nix
index 4f5f4bb..4ca0327 100644
--- a/modules/private/monitoring/status.nix
+++ b/modules/private/monitoring/status.nix
@@ -28,11 +28,34 @@
28 recommendedOptimisation = true; 28 recommendedOptimisation = true;
29 recommendedGzipSettings = true; 29 recommendedGzipSettings = true;
30 recommendedProxySettings = true; 30 recommendedProxySettings = true;
31 upstreams."netdata".servers = { "127.0.0.1:19999" = {}; };
32 upstreams."netdata".extraConfig = ''
33 keepalive 64;
34 '';
31 virtualHosts."status.immae.eu" = { 35 virtualHosts."status.immae.eu" = {
32 acmeRoot = config.myServices.certificates.webroot; 36 acmeRoot = config.myServices.certificates.webroot;
33 useACMEHost = name; 37 useACMEHost = name;
34 forceSSL = true; 38 forceSSL = true;
35 locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/"; 39 locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
40
41 locations."= /netdata".return = "301 /netdata/";
42 locations."~ /netdata/(?<ndpath>.*)".extraConfig = ''
43 proxy_redirect off;
44 proxy_set_header Host $host;
45
46 proxy_set_header X-Forwarded-Host $host;
47 proxy_set_header X-Forwarded-Server $host;
48 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
49 proxy_http_version 1.1;
50 proxy_pass_request_headers on;
51 proxy_set_header Connection "keep-alive";
52 proxy_store off;
53 proxy_pass http://netdata/$ndpath$is_args$args;
54
55 gzip on;
56 gzip_proxied any;
57 gzip_types *;
58 '';
36 }; 59 };
37 }; 60 };
38 security.acme.certs."${name}" = { 61 security.acme.certs."${name}" = {
diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix
index 15ddd40..f11afb6 100644
--- a/modules/private/system/eldiron.nix
+++ b/modules/private/system/eldiron.nix
@@ -96,6 +96,16 @@
96 services.duplyBackup.enable = false; 96 services.duplyBackup.enable = false;
97 services.duplyBackup.profiles.oldies.rootDir = "/var/lib/oldies"; 97 services.duplyBackup.profiles.oldies.rootDir = "/var/lib/oldies";
98 98
99 services.netdata.enable = true;
100 services.netdata.config.global."memory mode" = "none";
101 services.netdata.config.health."enabled" = "no";
102 services.netdata.config.web.mode = "none";
103 environment.etc."netdata/stream.conf".text = ''
104 [stream]
105 enabled = yes
106 destination = ${config.myEnv.monitoring.netdata_aggregator}
107 api key = ${config.myEnv.monitoring.netdata_keys.eldiron}
108 '';
99 secrets.keys = [ 109 secrets.keys = [
100 { 110 {
101 dest = "zrepl_backup/identity"; 111 dest = "zrepl_backup/identity";
diff --git a/modules/private/system/monitoring-1.nix b/modules/private/system/monitoring-1.nix
index 2241b2b..188162a 100644
--- a/modules/private/system/monitoring-1.nix
+++ b/modules/private/system/monitoring-1.nix
@@ -35,6 +35,20 @@
35 }) 35 })
36 ]; 36 ];
37 37
38 services.netdata.enable = true;
39 services.netdata.config.web."allow dashboard from" = "localhost";
40 services.netdata.config.web."allow badges from" = "*";
41 services.netdata.config.web."allow streaming from" = "*";
42 services.netdata.config.web."allow netdata.conf from" = "fd*";
43 services.netdata.config.web."allow management from" = "fd*";
44 networking.firewall.allowedTCPPorts = [ 19999 ];
45 environment.etc."netdata/stream.conf".text = builtins.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (_: key: ''
46 [${key}]
47 enabled = yes
48 default history = 3600
49 default memory = ram
50 health enabled by default = auto
51 '') config.myEnv.monitoring.netdata_keys);
38 # This value determines the NixOS release with which your system is 52 # This value determines the NixOS release with which your system is
39 # to be compatible, in order to avoid breaking some software such as 53 # to be compatible, in order to avoid breaking some software such as
40 # database servers. You should change this only after NixOS release 54 # database servers. You should change this only after NixOS release