aboutsummaryrefslogtreecommitdiff
path: root/systems
diff options
context:
space:
mode:
Diffstat (limited to 'systems')
-rw-r--r--systems/eldiron/base.nix17
-rw-r--r--systems/monitoring-1/base.nix24
-rw-r--r--systems/monitoring-1/status.nix23
3 files changed, 0 insertions, 64 deletions
diff --git a/systems/eldiron/base.nix b/systems/eldiron/base.nix
index cda518e..1f894a5 100644
--- a/systems/eldiron/base.nix
+++ b/systems/eldiron/base.nix
@@ -165,12 +165,6 @@
165 }; 165 };
166 }; 166 };
167 167
168 services.netdata.enable = true;
169 services.netdata.config.global."memory mode" = "none";
170 services.netdata.config.health."enabled" = "no";
171 services.netdata.config.web.mode = "none";
172 users.users."${config.services.netdata.user}".extraGroups = [ "keys" ];
173 services.netdata.configDir."stream.conf" = config.secrets.fullPaths."netdata-stream.conf";
174 secrets.keys = { 168 secrets.keys = {
175 "ldap/pam_pgsql" = { 169 "ldap/pam_pgsql" = {
176 user = "root"; 170 user = "root";
@@ -188,17 +182,6 @@
188 ''; 182 '';
189 }; 183 };
190 184
191 "netdata-stream.conf" = {
192 user = config.services.netdata.user;
193 group = config.services.netdata.group;
194 permissions = "0400";
195 text = ''
196 [stream]
197 enabled = yes
198 destination = ${config.myEnv.monitoring.netdata_aggregator}
199 api key = ${config.myEnv.monitoring.netdata_keys.eldiron}
200 '';
201 };
202 "zrepl_backup/identity" = { 185 "zrepl_backup/identity" = {
203 user = "root"; 186 user = "root";
204 group = "root"; 187 group = "root";
diff --git a/systems/monitoring-1/base.nix b/systems/monitoring-1/base.nix
index 8bfacc1..2d8139e 100644
--- a/systems/monitoring-1/base.nix
+++ b/systems/monitoring-1/base.nix
@@ -42,30 +42,6 @@
42 }) 42 })
43 ]; 43 ];
44 44
45 services.netdata.enable = true;
46 services.netdata.configDir."stream.conf" = config.secrets.fullPaths."netdata-stream.conf";
47 services.netdata.config.web."allow dashboard from" = "localhost";
48 services.netdata.config.web."allow badges from" = "*";
49 services.netdata.config.web."allow streaming from" = "*";
50 services.netdata.config.web."allow netdata.conf from" = "fd*";
51 services.netdata.config.web."allow management from" = "fd*";
52 networking.firewall.allowedTCPPorts = [ 19999 ];
53
54 secrets.keys = {
55 "netdata-stream.conf" = {
56 user = config.services.netdata.user;
57 group = config.services.netdata.group;
58 permissions = "0400";
59 text = builtins.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (_: key: ''
60 [${key}]
61 enabled = yes
62 default history = 3600
63 default memory = ram
64 health enabled by default = auto
65 '') config.myEnv.monitoring.netdata_keys);
66 };
67 };
68 users.users."${config.services.netdata.user}".extraGroups = [ "keys" ];
69 # This value determines the NixOS release with which your system is 45 # This value determines the NixOS release with which your system is
70 # to be compatible, in order to avoid breaking some software such as 46 # to be compatible, in order to avoid breaking some software such as
71 # database servers. You should change this only after NixOS release 47 # database servers. You should change this only after NixOS release
diff --git a/systems/monitoring-1/status.nix b/systems/monitoring-1/status.nix
index 8b6615f..e3b4962 100644
--- a/systems/monitoring-1/status.nix
+++ b/systems/monitoring-1/status.nix
@@ -25,34 +25,11 @@
25 recommendedOptimisation = true; 25 recommendedOptimisation = true;
26 recommendedGzipSettings = true; 26 recommendedGzipSettings = true;
27 recommendedProxySettings = true; 27 recommendedProxySettings = true;
28 upstreams."netdata".servers = { "127.0.0.1:19999" = {}; };
29 upstreams."netdata".extraConfig = ''
30 keepalive 64;
31 '';
32 virtualHosts."status.immae.eu" = { 28 virtualHosts."status.immae.eu" = {
33 acmeRoot = config.security.acme.defaults.webroot; 29 acmeRoot = config.security.acme.defaults.webroot;
34 useACMEHost = name; 30 useACMEHost = name;
35 forceSSL = true; 31 forceSSL = true;
36 locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/"; 32 locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
37
38 locations."= /netdata".return = "301 /netdata/";
39 locations."~ /netdata/(?<ndpath>.*)".extraConfig = ''
40 proxy_redirect off;
41 proxy_set_header Host $host;
42
43 proxy_set_header X-Forwarded-Host $host;
44 proxy_set_header X-Forwarded-Server $host;
45 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
46 proxy_http_version 1.1;
47 proxy_pass_request_headers on;
48 proxy_set_header Connection "keep-alive";
49 proxy_store off;
50 proxy_pass http://netdata/$ndpath$is_args$args;
51
52 gzip on;
53 gzip_proxied any;
54 gzip_types *;
55 '';
56 }; 33 };
57 }; 34 };
58 security.acme.certs."${name}" = { 35 security.acme.certs."${name}" = {