Add netdata configuration

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-10-24 11:42:28 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-10-24 11:42:28 +0200
commit: e43fdf341072e4a0150324196fc7af8f383860ec (patch)
tree: e90a9b225c3b8f770911f3ec4b41328ff1f66d8b /modules/private
parent: 70712d466fd52ebd48c5ddda2556ac36f04677a0 (diff)
download: Nix-e43fdf341072e4a0150324196fc7af8f383860ec.tar.gz
Nix-e43fdf341072e4a0150324196fc7af8f383860ec.tar.zst
Nix-e43fdf341072e4a0150324196fc7af8f383860ec.zip
4 files changed, 49 insertions, 0 deletions
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 0f6f3e2..a8799d2 100644
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -561,6 +561,8 @@ in
          nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
          slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
          slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
+          netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; };
+          netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; };
          contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
          email_check = mkOption {
            description = "Emails services to check";
diff --git a/modules/private/monitoring/status.nix b/modules/private/monitoring/status.nix
index 4f5f4bb..4ca0327 100644
--- a/modules/private/monitoring/status.nix
+++ b/modules/private/monitoring/status.nix
@@ -28,11 +28,34 @@
      recommendedOptimisation = true;
      recommendedGzipSettings = true;
      recommendedProxySettings = true;
+      upstreams."netdata".servers = { "127.0.0.1:19999" = {}; };
+      upstreams."netdata".extraConfig = ''
+        keepalive 64;
+        '';
      virtualHosts."status.immae.eu" = {
        acmeRoot = config.myServices.certificates.webroot;
        useACMEHost = name;
        forceSSL = true;
        locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
+        locations."= /netdata".return = "301 /netdata/";
+        locations."~ /netdata/(?<ndpath>.*)".extraConfig = ''
+          proxy_redirect off;
+          proxy_set_header Host $host;
+          proxy_set_header X-Forwarded-Host $host;
+          proxy_set_header X-Forwarded-Server $host;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_http_version 1.1;
+          proxy_pass_request_headers on;
+          proxy_set_header Connection "keep-alive";
+          proxy_store off;
+          proxy_pass http://netdata/$ndpath$is_args$args;
+          gzip on;
+          gzip_proxied any;
+          gzip_types *;
+          '';
      };
    };
    security.acme.certs."${name}" = {
diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix
index 15ddd40..f11afb6 100644
--- a/modules/private/system/eldiron.nix
+++ b/modules/private/system/eldiron.nix
@@ -96,6 +96,16 @@
  services.duplyBackup.enable = false;
  services.duplyBackup.profiles.oldies.rootDir = "/var/lib/oldies";
+  services.netdata.enable = true;
+  services.netdata.config.global."memory mode" = "none";
+  services.netdata.config.health."enabled" = "no";
+  services.netdata.config.web.mode = "none";
+  environment.etc."netdata/stream.conf".text = ''
+    [stream]
+        enabled = yes
+        destination = ${config.myEnv.monitoring.netdata_aggregator}
+        api key = ${config.myEnv.monitoring.netdata_keys.eldiron}
+  '';
  secrets.keys = [
    {
      dest = "zrepl_backup/identity";
diff --git a/modules/private/system/monitoring-1.nix b/modules/private/system/monitoring-1.nix
index 2241b2b..188162a 100644
--- a/modules/private/system/monitoring-1.nix
+++ b/modules/private/system/monitoring-1.nix
@@ -35,6 +35,20 @@
    })
  ];
+  services.netdata.enable = true;
+  services.netdata.config.web."allow dashboard from" = "localhost";
+  services.netdata.config.web."allow badges from" = "*";
+  services.netdata.config.web."allow streaming from" = "*";
+  services.netdata.config.web."allow netdata.conf from" = "fd*";
+  services.netdata.config.web."allow management from" = "fd*";
+  networking.firewall.allowedTCPPorts = [ 19999 ];
+  environment.etc."netdata/stream.conf".text = builtins.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (_: key: ''
+    [${key}]
+        enabled = yes
+        default history = 3600
+        default memory = ram
+        health enabled by default = auto
+  '') config.myEnv.monitoring.netdata_keys);
  # This value determines the NixOS release with which your system is
  # to be compatible, in order to avoid breaking some software such as
  # database servers. You should change this only after NixOS release
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-10-24 11:42:28 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-10-24 11:42:28 +0200
commit	e43fdf341072e4a0150324196fc7af8f383860ec (patch)
tree	e90a9b225c3b8f770911f3ec4b41328ff1f66d8b /modules/private
parent	70712d466fd52ebd48c5ddda2556ac36f04677a0 (diff)
download	Nix-e43fdf341072e4a0150324196fc7af8f383860ec.tar.gz Nix-e43fdf341072e4a0150324196fc7af8f383860ec.tar.zst Nix-e43fdf341072e4a0150324196fc7af8f383860ec.zip

diff --git a/modules/private/environment.nix b/modules/private/environment.nix index 0f6f3e2..a8799d2 100644 --- a/modules/private/environment.nix +++ b/modules/private/environment.nix
@@ -561,6 +561,8 @@ in
561	nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };	561	nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
562	slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };	562	slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
563	slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };	563	slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
		564	netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; };
		565	netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; };
564	contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };	566	contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
565	email_check = mkOption {	567	email_check = mkOption {
566	description = "Emails services to check";	568	description = "Emails services to check";


diff --git a/modules/private/monitoring/status.nix b/modules/private/monitoring/status.nix index 4f5f4bb..4ca0327 100644 --- a/modules/private/monitoring/status.nix +++ b/modules/private/monitoring/status.nix
@@ -28,11 +28,34 @@
28	recommendedOptimisation = true;	28	recommendedOptimisation = true;
29	recommendedGzipSettings = true;	29	recommendedGzipSettings = true;
30	recommendedProxySettings = true;	30	recommendedProxySettings = true;
		31	upstreams."netdata".servers = { "127.0.0.1:19999" = {}; };
		32	upstreams."netdata".extraConfig = ''
		33	keepalive 64;
		34	'';
31	virtualHosts."status.immae.eu" = {	35	virtualHosts."status.immae.eu" = {
32	acmeRoot = config.myServices.certificates.webroot;	36	acmeRoot = config.myServices.certificates.webroot;
33	useACMEHost = name;	37	useACMEHost = name;
34	forceSSL = true;	38	forceSSL = true;
35	locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";	39	locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
		40
		41	locations."= /netdata".return = "301 /netdata/";
		42	locations."~ /netdata/(?<ndpath>.*)".extraConfig = ''
		43	proxy_redirect off;
		44	proxy_set_header Host $host;
		45
		46	proxy_set_header X-Forwarded-Host $host;
		47	proxy_set_header X-Forwarded-Server $host;
		48	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		49	proxy_http_version 1.1;
		50	proxy_pass_request_headers on;
		51	proxy_set_header Connection "keep-alive";
		52	proxy_store off;
		53	proxy_pass http://netdata/$ndpath$is_args$args;
		54
		55	gzip on;
		56	gzip_proxied any;
		57	gzip_types *;
		58	'';
36	};	59	};
37	};	60	};
38	security.acme.certs."${name}" = {	61	security.acme.certs."${name}" = {


diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix index 15ddd40..f11afb6 100644 --- a/modules/private/system/eldiron.nix +++ b/modules/private/system/eldiron.nix
@@ -96,6 +96,16 @@
96	services.duplyBackup.enable = false;	96	services.duplyBackup.enable = false;
97	services.duplyBackup.profiles.oldies.rootDir = "/var/lib/oldies";	97	services.duplyBackup.profiles.oldies.rootDir = "/var/lib/oldies";
98		98
		99	services.netdata.enable = true;
		100	services.netdata.config.global."memory mode" = "none";
		101	services.netdata.config.health."enabled" = "no";
		102	services.netdata.config.web.mode = "none";
		103	environment.etc."netdata/stream.conf".text = ''
		104	[stream]
		105	enabled = yes
		106	destination = ${config.myEnv.monitoring.netdata_aggregator}
		107	api key = ${config.myEnv.monitoring.netdata_keys.eldiron}
		108	'';
99	secrets.keys = [	109	secrets.keys = [
100	{	110	{
101	dest = "zrepl_backup/identity";	111	dest = "zrepl_backup/identity";


diff --git a/modules/private/system/monitoring-1.nix b/modules/private/system/monitoring-1.nix index 2241b2b..188162a 100644 --- a/modules/private/system/monitoring-1.nix +++ b/modules/private/system/monitoring-1.nix
@@ -35,6 +35,20 @@
35	})	35	})
36	];	36	];
37		37
		38	services.netdata.enable = true;
		39	services.netdata.config.web."allow dashboard from" = "localhost";
		40	services.netdata.config.web."allow badges from" = "*";
		41	services.netdata.config.web."allow streaming from" = "*";
		42	services.netdata.config.web."allow netdata.conf from" = "fd*";
		43	services.netdata.config.web."allow management from" = "fd*";
		44	networking.firewall.allowedTCPPorts = [ 19999 ];
		45	environment.etc."netdata/stream.conf".text = builtins.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (_: key: ''
		46	[${key}]
		47	enabled = yes
		48	default history = 3600
		49	default memory = ram
		50	health enabled by default = auto
		51	'') config.myEnv.monitoring.netdata_keys);
38	# This value determines the NixOS release with which your system is	52	# This value determines the NixOS release with which your system is
39	# to be compatible, in order to avoid breaking some software such as	53	# to be compatible, in order to avoid breaking some software such as
40	# database servers. You should change this only after NixOS release	54	# database servers. You should change this only after NixOS release