diff options
Diffstat (limited to 'systems')
-rw-r--r-- | systems/eldiron/base.nix | 17 | ||||
-rw-r--r-- | systems/monitoring-1/base.nix | 24 | ||||
-rw-r--r-- | systems/monitoring-1/status.nix | 23 |
3 files changed, 0 insertions, 64 deletions
diff --git a/systems/eldiron/base.nix b/systems/eldiron/base.nix index cda518e..1f894a5 100644 --- a/systems/eldiron/base.nix +++ b/systems/eldiron/base.nix | |||
@@ -165,12 +165,6 @@ | |||
165 | }; | 165 | }; |
166 | }; | 166 | }; |
167 | 167 | ||
168 | services.netdata.enable = true; | ||
169 | services.netdata.config.global."memory mode" = "none"; | ||
170 | services.netdata.config.health."enabled" = "no"; | ||
171 | services.netdata.config.web.mode = "none"; | ||
172 | users.users."${config.services.netdata.user}".extraGroups = [ "keys" ]; | ||
173 | services.netdata.configDir."stream.conf" = config.secrets.fullPaths."netdata-stream.conf"; | ||
174 | secrets.keys = { | 168 | secrets.keys = { |
175 | "ldap/pam_pgsql" = { | 169 | "ldap/pam_pgsql" = { |
176 | user = "root"; | 170 | user = "root"; |
@@ -188,17 +182,6 @@ | |||
188 | ''; | 182 | ''; |
189 | }; | 183 | }; |
190 | 184 | ||
191 | "netdata-stream.conf" = { | ||
192 | user = config.services.netdata.user; | ||
193 | group = config.services.netdata.group; | ||
194 | permissions = "0400"; | ||
195 | text = '' | ||
196 | [stream] | ||
197 | enabled = yes | ||
198 | destination = ${config.myEnv.monitoring.netdata_aggregator} | ||
199 | api key = ${config.myEnv.monitoring.netdata_keys.eldiron} | ||
200 | ''; | ||
201 | }; | ||
202 | "zrepl_backup/identity" = { | 185 | "zrepl_backup/identity" = { |
203 | user = "root"; | 186 | user = "root"; |
204 | group = "root"; | 187 | group = "root"; |
diff --git a/systems/monitoring-1/base.nix b/systems/monitoring-1/base.nix index 8bfacc1..2d8139e 100644 --- a/systems/monitoring-1/base.nix +++ b/systems/monitoring-1/base.nix | |||
@@ -42,30 +42,6 @@ | |||
42 | }) | 42 | }) |
43 | ]; | 43 | ]; |
44 | 44 | ||
45 | services.netdata.enable = true; | ||
46 | services.netdata.configDir."stream.conf" = config.secrets.fullPaths."netdata-stream.conf"; | ||
47 | services.netdata.config.web."allow dashboard from" = "localhost"; | ||
48 | services.netdata.config.web."allow badges from" = "*"; | ||
49 | services.netdata.config.web."allow streaming from" = "*"; | ||
50 | services.netdata.config.web."allow netdata.conf from" = "fd*"; | ||
51 | services.netdata.config.web."allow management from" = "fd*"; | ||
52 | networking.firewall.allowedTCPPorts = [ 19999 ]; | ||
53 | |||
54 | secrets.keys = { | ||
55 | "netdata-stream.conf" = { | ||
56 | user = config.services.netdata.user; | ||
57 | group = config.services.netdata.group; | ||
58 | permissions = "0400"; | ||
59 | text = builtins.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (_: key: '' | ||
60 | [${key}] | ||
61 | enabled = yes | ||
62 | default history = 3600 | ||
63 | default memory = ram | ||
64 | health enabled by default = auto | ||
65 | '') config.myEnv.monitoring.netdata_keys); | ||
66 | }; | ||
67 | }; | ||
68 | users.users."${config.services.netdata.user}".extraGroups = [ "keys" ]; | ||
69 | # This value determines the NixOS release with which your system is | 45 | # This value determines the NixOS release with which your system is |
70 | # to be compatible, in order to avoid breaking some software such as | 46 | # to be compatible, in order to avoid breaking some software such as |
71 | # database servers. You should change this only after NixOS release | 47 | # database servers. You should change this only after NixOS release |
diff --git a/systems/monitoring-1/status.nix b/systems/monitoring-1/status.nix index 8b6615f..e3b4962 100644 --- a/systems/monitoring-1/status.nix +++ b/systems/monitoring-1/status.nix | |||
@@ -25,34 +25,11 @@ | |||
25 | recommendedOptimisation = true; | 25 | recommendedOptimisation = true; |
26 | recommendedGzipSettings = true; | 26 | recommendedGzipSettings = true; |
27 | recommendedProxySettings = true; | 27 | recommendedProxySettings = true; |
28 | upstreams."netdata".servers = { "127.0.0.1:19999" = {}; }; | ||
29 | upstreams."netdata".extraConfig = '' | ||
30 | keepalive 64; | ||
31 | ''; | ||
32 | virtualHosts."status.immae.eu" = { | 28 | virtualHosts."status.immae.eu" = { |
33 | acmeRoot = config.security.acme.defaults.webroot; | 29 | acmeRoot = config.security.acme.defaults.webroot; |
34 | useACMEHost = name; | 30 | useACMEHost = name; |
35 | forceSSL = true; | 31 | forceSSL = true; |
36 | locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/"; | 32 | locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/"; |
37 | |||
38 | locations."= /netdata".return = "301 /netdata/"; | ||
39 | locations."~ /netdata/(?<ndpath>.*)".extraConfig = '' | ||
40 | proxy_redirect off; | ||
41 | proxy_set_header Host $host; | ||
42 | |||
43 | proxy_set_header X-Forwarded-Host $host; | ||
44 | proxy_set_header X-Forwarded-Server $host; | ||
45 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
46 | proxy_http_version 1.1; | ||
47 | proxy_pass_request_headers on; | ||
48 | proxy_set_header Connection "keep-alive"; | ||
49 | proxy_store off; | ||
50 | proxy_pass http://netdata/$ndpath$is_args$args; | ||
51 | |||
52 | gzip on; | ||
53 | gzip_proxied any; | ||
54 | gzip_types *; | ||
55 | ''; | ||
56 | }; | 33 | }; |
57 | }; | 34 | }; |
58 | security.acme.certs."${name}" = { | 35 | security.acme.certs."${name}" = { |