diff --git a/hosts/Dimaga/default.nix b/hosts/Dimaga/default.nix index 10fff7f..db0126a 100644 --- a/hosts/Dimaga/default.nix +++ b/hosts/Dimaga/default.nix @@ -173,10 +173,12 @@ in netdata = { enable = true; domain = config.secrets.networking.primaryDomain; + type = "parent"; url = config.secrets.services.netdata.url; auth = { user = config.users.users.aires.name; password = config.secrets.services.netdata.password; + apiKey = config.secrets.services.netdata.apiKey; }; }; nginx = { diff --git a/hosts/Shura/default.nix b/hosts/Shura/default.nix index 1f4edf1..539a907 100644 --- a/hosts/Shura/default.nix +++ b/hosts/Shura/default.nix @@ -66,6 +66,12 @@ in onCalendar = "daily"; user = config.users.users.aires.name; }; + netdata = { + enable = true; + type = "child"; + url = config.secrets.services.netdata.url; + auth.apiKey = config.secrets.services.netdata.apiKey; + }; # Install virtual machine management tools virtualization = { enable = true; diff --git a/modules/services/netdata.nix b/modules/services/netdata.nix index 279b370..37c3106 100644 --- a/modules/services/netdata.nix +++ b/modules/services/netdata.nix @@ -1,6 +1,5 @@ { pkgs, - pkgs-unstable, config, lib, ... @@ -23,6 +22,11 @@ in type = lib.types.str; description = "Password for basic auth."; }; + apiKey = lib.mkOption { + default = ""; + type = lib.types.str; + description = "API key for streaming data from a child to a parent."; + }; }; domain = lib.mkOption { default = ""; @@ -30,6 +34,15 @@ in description = "The root domain that Netdata will be hosted on."; example = "example.com"; }; + type = lib.mkOption { + default = "parent"; + type = lib.types.enum [ + "parent" + "child" + ]; + description = "Whether this is a parent (default: includes web UI) or child (no web UI - streaming only)."; + example = "child"; + }; url = lib.mkOption { default = ""; type = lib.types.str; @@ -39,42 +52,81 @@ in }; }; - config = lib.mkIf cfg.enable { - - services = { - nginx.virtualHosts."${cfg.url}" = { - useACMEHost = cfg.domain; - forceSSL = true; - basicAuth = { - "${cfg.auth.user}" = cfg.auth.password; - }; - locations."/" = { - proxyPass = "http://127.0.0.1:19999"; - extraConfig = '' - # Taken from https://learn.netdata.cloud/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/nginx - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass_request_headers on; - proxy_set_header Connection "keep-alive"; - proxy_store off; - ''; - }; - }; - - netdata = { + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + services.netdata = { enable = true; - package = pkgs-unstable.netdataCloud; + package = pkgs.unstable.netdataCloud; enableAnalyticsReporting = false; + }; + }) + (lib.mkIf (cfg.type == "parent") { + services = { + nginx.virtualHosts."${cfg.url}" = { + useACMEHost = cfg.domain; + forceSSL = true; + basicAuth = { + "${cfg.auth.user}" = cfg.auth.password; + }; + locations."/" = { + proxyPass = "http://127.0.0.1:19999"; + extraConfig = '' + # Taken from https://learn.netdata.cloud/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/nginx + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_request_headers on; + proxy_set_header Connection "keep-alive"; + proxy_store off; + ''; + }; + }; + + netdata = { + configDir = { + # Enable nvidia-smi: https://nixos.wiki/wiki/Netdata#nvidia-smi + "python.d.conf" = pkgs.writeText "python.d.conf" '' + nvidia_smi: yes + ''; + # Allow incoming streams + "stream.conf" = pkgs.writeText "stream.conf" '' + [${config.secrets.services.netdata.apiKey}] + enabled = yes + default history = 3600 + default memory mode = dbengine + health enabled by default = auto + allow streaming from = * + ''; + }; + }; + }; + systemd.services.nginx.wants = [ config.systemd.services.netdata.name ]; + }) + + (lib.mkIf (cfg.type == "child") { + services.netdata = { + # Disable web UI + config = { + global = { + "memory mode" = "none"; + }; + web = { + mode = "none"; + "accept a streaming request every seconds" = 0; + }; + }; + # Set up streaming configDir = { - # Enable nvidia-smi: https://nixos.wiki/wiki/Netdata#nvidia-smi - "python.d.conf" = pkgs.writeText "python.d.conf" '' - nvidia_smi: yes + "stream.conf" = pkgs.writeText "stream.conf" '' + [stream] + enabled = yes + destination = ${cfg.url}:SSL + api key = ${cfg.auth.apiKey} + [${cfg.auth.apiKey}] + enabled = yes ''; }; }; - }; - systemd.services.nginx.wants = [ config.systemd.services.netdata.name ]; - - }; + }) + ]; } diff --git a/nix-secrets b/nix-secrets index d57c296..56ccf5b 160000 --- a/nix-secrets +++ b/nix-secrets @@ -1 +1 @@ -Subproject commit d57c296dab0ec1e7c6f28c7741d9a591b35117da +Subproject commit 56ccf5bf3f4d8687dc22c390cdafe20c08a7e549