Services: add Netdata to Dimaga

2024-08-04 17:55:02 -04:00 · 2024-08-04 17:55:02 -04:00 · 2ec01e9bc1
parent 11bd9b2458
commit 2ec01e9bc1
4 changed files with 90 additions and 5 deletions
--- a/flake.lock
+++ b/flake.lock
@ -234,11 +234,11 @@
    "nix-secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1722259498,
-        "narHash": "sha256-85jL6CvmxPloZDL313Eezu8mcEeGM+YzonlYyshz3w0=",
+        "lastModified": 1722808247,
+        "narHash": "sha256-86DGPkJh8dXSS/M5F6a0M7roGdn3QSTGY0X5fUyZk/M=",
        "ref": "refs/heads/main",
-        "rev": "108f2efee01541c9680a8ec38666609e4e3e56cc",
-        "revCount": 56,
+        "rev": "1cc4e1ea861931fccbfd7d7ca8e364ca277138d6",
+        "revCount": 57,
        "type": "git",
        "url": "file:./nix-secrets"
      },
--- a/hosts/Dimaga/default.nix
+++ b/hosts/Dimaga/default.nix
@ -14,6 +14,7 @@ let
    config.secrets.services.forgejo.url
    config.secrets.services.gremlin-lab.url
    config.secrets.services.jellyfin.url
+    config.secrets.services.netdata.url
  ];

  namecheapCredentials = {
@ -176,6 +177,11 @@ in
        };
      };
      msmtp.enable = true;
+      netdata = {
+        enable = true;
+        domain = config.secrets.networking.primaryDomain;
+        url = config.secrets.services.netdata.url;
+      };
      nginx = {
        enable = true;
        autostart = false;
--- a/modules/services/netdata.nix
+++ b/modules/services/netdata.nix
@ -0,0 +1,79 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.aux.system.services.netdata;
+in
+{
+  options = {
+    aux.system.services.netdata = {
+      enable = lib.mkEnableOption "Enables Netdata monitoring.";
+      auth = {
+        user = lib.mkOption {
+          default = "netdata";
+          type = lib.types.str;
+          description = "Username for basic auth.";
+        };
+        password = lib.mkOption {
+          default = "";
+          type = lib.types.str;
+          description = "Password for basic auth.";
+        };
+      };
+      domain = lib.mkOption {
+        default = "";
+        type = lib.types.str;
+        description = "The root domain that Netdata will be hosted on.";
+        example = "example.com";
+      };
+      url = lib.mkOption {
+        default = "";
+        type = lib.types.str;
+        description = "The complete URL where Netdata is hosted.";
+        example = "https://netdata.example.com";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services = {
+      nginx.virtualHosts."${cfg.url}" = {
+        useACMEHost = cfg.domain;
+        forceSSL = true;
+        basicAuth = {
+          "${cfg.auth.user}" = cfg.auth.password;
+        };
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:19999";
+          proxyWebsockets = true;
+          extraConfig = ''
+            # Taken from https://learn.netdata.cloud/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/nginx
+            proxy_set_header X-Forwarded-Host $host;
+            proxy_set_header X-Forwarded-Server $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_pass http://backend;
+            proxy_http_version 1.1;
+            proxy_pass_request_headers on;
+            proxy_set_header Connection "keep-alive";
+            proxy_store off;
+          '';
+        };
+      };
+
+      netdata = {
+        enable = true;
+        enableAnalyticsReporting = false;
+        configDir = {
+          # Enable nvidia-smi: https://nixos.wiki/wiki/Netdata#nvidia-smi
+          "python.d.conf" = pkgs.writeText "python.d.conf" ''
+            nvidia_smi: yes
+          '';
+        };
+      };
+    };
+    systemd.services.nginx.wants = [ config.systemd.services.netdata.name ];
+  };
+}
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 108f2efee01541c9680a8ec38666609e4e3e56cc
+Subproject commit 1cc4e1ea861931fccbfd7d7ca8e364ca277138d6