Services: enable parent/child config for Netdata

2024-08-23 14:16:18 -04:00 · 2024-08-23 14:16:18 -04:00 · e49d13d8e8
parent 6132528eee
commit e49d13d8e8
4 changed files with 94 additions and 34 deletions
--- a/hosts/Dimaga/default.nix
+++ b/hosts/Dimaga/default.nix
@ -173,10 +173,12 @@ in
      netdata = {
        enable = true;
        domain = config.secrets.networking.primaryDomain;
+        type = "parent";
        url = config.secrets.services.netdata.url;
        auth = {
          user = config.users.users.aires.name;
          password = config.secrets.services.netdata.password;
+          apiKey = config.secrets.services.netdata.apiKey;
        };
      };
      nginx = {
--- a/hosts/Shura/default.nix
+++ b/hosts/Shura/default.nix
@ -66,6 +66,12 @@ in
        onCalendar = "daily";
        user = config.users.users.aires.name;
      };
+      netdata = {
+        enable = true;
+        type = "child";
+        url = config.secrets.services.netdata.url;
+        auth.apiKey = config.secrets.services.netdata.apiKey;
+      };
      # Install virtual machine management tools
      virtualization = {
        enable = true;
--- a/modules/services/netdata.nix
+++ b/modules/services/netdata.nix
@ -1,6 +1,5 @@
 {
  pkgs,
-  pkgs-unstable,
  config,
  lib,
  ...
@ -23,6 +22,11 @@ in
          type = lib.types.str;
          description = "Password for basic auth.";
        };
+        apiKey = lib.mkOption {
+          default = "";
+          type = lib.types.str;
+          description = "API key for streaming data from a child to a parent.";
+        };
      };
      domain = lib.mkOption {
        default = "";
@ -30,6 +34,15 @@ in
        description = "The root domain that Netdata will be hosted on.";
        example = "example.com";
      };
+      type = lib.mkOption {
+        default = "parent";
+        type = lib.types.enum [
+          "parent"
+          "child"
+        ];
+        description = "Whether this is a parent (default: includes web UI) or child (no web UI - streaming only).";
+        example = "child";
+      };
      url = lib.mkOption {
        default = "";
        type = lib.types.str;
@ -39,42 +52,81 @@ in
    };
  };

-  config = lib.mkIf cfg.enable {
-
-    services = {
-      nginx.virtualHosts."${cfg.url}" = {
-        useACMEHost = cfg.domain;
-        forceSSL = true;
-        basicAuth = {
-          "${cfg.auth.user}" = cfg.auth.password;
-        };
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:19999";
-          extraConfig = ''
-            # Taken from https://learn.netdata.cloud/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/nginx
-            proxy_set_header X-Forwarded-Host $host;
-            proxy_set_header X-Forwarded-Server $host;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_pass_request_headers on;
-            proxy_set_header Connection "keep-alive";
-            proxy_store off;
-          '';
-        };
-      };
-
-      netdata = {
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
+      services.netdata = {
        enable = true;
-        package = pkgs-unstable.netdataCloud;
+        package = pkgs.unstable.netdataCloud;
        enableAnalyticsReporting = false;
+      };
+    })
+    (lib.mkIf (cfg.type == "parent") {
+      services = {
+        nginx.virtualHosts."${cfg.url}" = {
+          useACMEHost = cfg.domain;
+          forceSSL = true;
+          basicAuth = {
+            "${cfg.auth.user}" = cfg.auth.password;
+          };
+          locations."/" = {
+            proxyPass = "http://127.0.0.1:19999";
+            extraConfig = ''
+              # Taken from https://learn.netdata.cloud/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/nginx
+              proxy_set_header X-Forwarded-Host $host;
+              proxy_set_header X-Forwarded-Server $host;
+              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+              proxy_pass_request_headers on;
+              proxy_set_header Connection "keep-alive";
+              proxy_store off;
+            '';
+          };
+        };
+
+        netdata = {
+          configDir = {
+            # Enable nvidia-smi: https://nixos.wiki/wiki/Netdata#nvidia-smi
+            "python.d.conf" = pkgs.writeText "python.d.conf" ''
+              nvidia_smi: yes
+            '';
+            # Allow incoming streams
+            "stream.conf" = pkgs.writeText "stream.conf" ''
+              [${config.secrets.services.netdata.apiKey}]
+                enabled = yes
+                default history = 3600
+                default memory mode = dbengine
+                health enabled by default = auto
+                allow streaming from = *
+            '';
+          };
+        };
+      };
+      systemd.services.nginx.wants = [ config.systemd.services.netdata.name ];
+    })
+
+    (lib.mkIf (cfg.type == "child") {
+      services.netdata = {
+        # Disable web UI
+        config = {
+          global = {
+            "memory mode" = "none";
+          };
+          web = {
+            mode = "none";
+            "accept a streaming request every seconds" = 0;
+          };
+        };
+        # Set up streaming
        configDir = {
-          # Enable nvidia-smi: https://nixos.wiki/wiki/Netdata#nvidia-smi
-          "python.d.conf" = pkgs.writeText "python.d.conf" ''
-            nvidia_smi: yes
+          "stream.conf" = pkgs.writeText "stream.conf" ''
+            [stream]
+              enabled = yes
+              destination = ${cfg.url}:SSL
+              api key = ${cfg.auth.apiKey}
+            [${cfg.auth.apiKey}]
+              enabled = yes 
          '';
        };
      };
-    };
-    systemd.services.nginx.wants = [ config.systemd.services.netdata.name ];
-
-  };
+    })
+  ];
 }
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit d57c296dab0ec1e7c6f28c7741d9a591b35117da
+Subproject commit 56ccf5bf3f4d8687dc22c390cdafe20c08a7e549