Services: enable parent/child config for Netdata
This commit is contained in:
parent
6132528eee
commit
e49d13d8e8
|
@ -173,10 +173,12 @@ in
|
|||
netdata = {
|
||||
enable = true;
|
||||
domain = config.secrets.networking.primaryDomain;
|
||||
type = "parent";
|
||||
url = config.secrets.services.netdata.url;
|
||||
auth = {
|
||||
user = config.users.users.aires.name;
|
||||
password = config.secrets.services.netdata.password;
|
||||
apiKey = config.secrets.services.netdata.apiKey;
|
||||
};
|
||||
};
|
||||
nginx = {
|
||||
|
|
|
@ -66,6 +66,12 @@ in
|
|||
onCalendar = "daily";
|
||||
user = config.users.users.aires.name;
|
||||
};
|
||||
netdata = {
|
||||
enable = true;
|
||||
type = "child";
|
||||
url = config.secrets.services.netdata.url;
|
||||
auth.apiKey = config.secrets.services.netdata.apiKey;
|
||||
};
|
||||
# Install virtual machine management tools
|
||||
virtualization = {
|
||||
enable = true;
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{
|
||||
pkgs,
|
||||
pkgs-unstable,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
|
@ -23,6 +22,11 @@ in
|
|||
type = lib.types.str;
|
||||
description = "Password for basic auth.";
|
||||
};
|
||||
apiKey = lib.mkOption {
|
||||
default = "";
|
||||
type = lib.types.str;
|
||||
description = "API key for streaming data from a child to a parent.";
|
||||
};
|
||||
};
|
||||
domain = lib.mkOption {
|
||||
default = "";
|
||||
|
@ -30,6 +34,15 @@ in
|
|||
description = "The root domain that Netdata will be hosted on.";
|
||||
example = "example.com";
|
||||
};
|
||||
type = lib.mkOption {
|
||||
default = "parent";
|
||||
type = lib.types.enum [
|
||||
"parent"
|
||||
"child"
|
||||
];
|
||||
description = "Whether this is a parent (default: includes web UI) or child (no web UI - streaming only).";
|
||||
example = "child";
|
||||
};
|
||||
url = lib.mkOption {
|
||||
default = "";
|
||||
type = lib.types.str;
|
||||
|
@ -39,42 +52,81 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
services = {
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = cfg.domain;
|
||||
forceSSL = true;
|
||||
basicAuth = {
|
||||
"${cfg.auth.user}" = cfg.auth.password;
|
||||
};
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:19999";
|
||||
extraConfig = ''
|
||||
# Taken from https://learn.netdata.cloud/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/nginx
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass_request_headers on;
|
||||
proxy_set_header Connection "keep-alive";
|
||||
proxy_store off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
netdata = {
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf cfg.enable {
|
||||
services.netdata = {
|
||||
enable = true;
|
||||
package = pkgs-unstable.netdataCloud;
|
||||
package = pkgs.unstable.netdataCloud;
|
||||
enableAnalyticsReporting = false;
|
||||
};
|
||||
})
|
||||
(lib.mkIf (cfg.type == "parent") {
|
||||
services = {
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = cfg.domain;
|
||||
forceSSL = true;
|
||||
basicAuth = {
|
||||
"${cfg.auth.user}" = cfg.auth.password;
|
||||
};
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:19999";
|
||||
extraConfig = ''
|
||||
# Taken from https://learn.netdata.cloud/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/nginx
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass_request_headers on;
|
||||
proxy_set_header Connection "keep-alive";
|
||||
proxy_store off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
netdata = {
|
||||
configDir = {
|
||||
# Enable nvidia-smi: https://nixos.wiki/wiki/Netdata#nvidia-smi
|
||||
"python.d.conf" = pkgs.writeText "python.d.conf" ''
|
||||
nvidia_smi: yes
|
||||
'';
|
||||
# Allow incoming streams
|
||||
"stream.conf" = pkgs.writeText "stream.conf" ''
|
||||
[${config.secrets.services.netdata.apiKey}]
|
||||
enabled = yes
|
||||
default history = 3600
|
||||
default memory mode = dbengine
|
||||
health enabled by default = auto
|
||||
allow streaming from = *
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
systemd.services.nginx.wants = [ config.systemd.services.netdata.name ];
|
||||
})
|
||||
|
||||
(lib.mkIf (cfg.type == "child") {
|
||||
services.netdata = {
|
||||
# Disable web UI
|
||||
config = {
|
||||
global = {
|
||||
"memory mode" = "none";
|
||||
};
|
||||
web = {
|
||||
mode = "none";
|
||||
"accept a streaming request every seconds" = 0;
|
||||
};
|
||||
};
|
||||
# Set up streaming
|
||||
configDir = {
|
||||
# Enable nvidia-smi: https://nixos.wiki/wiki/Netdata#nvidia-smi
|
||||
"python.d.conf" = pkgs.writeText "python.d.conf" ''
|
||||
nvidia_smi: yes
|
||||
"stream.conf" = pkgs.writeText "stream.conf" ''
|
||||
[stream]
|
||||
enabled = yes
|
||||
destination = ${cfg.url}:SSL
|
||||
api key = ${cfg.auth.apiKey}
|
||||
[${cfg.auth.apiKey}]
|
||||
enabled = yes
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
systemd.services.nginx.wants = [ config.systemd.services.netdata.name ];
|
||||
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit d57c296dab0ec1e7c6f28c7741d9a591b35117da
|
||||
Subproject commit 56ccf5bf3f4d8687dc22c390cdafe20c08a7e549
|
Loading…
Reference in a new issue