1
0
Fork 0

Compare commits

..

2 commits

7 changed files with 115 additions and 48 deletions

View file

@ -234,11 +234,11 @@
"nix-secrets": { "nix-secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1723838364, "lastModified": 1724432746,
"narHash": "sha256-L1KajQACN1256oVG//QPXWuVbuzxlSAlOjXT67i6c0Q=", "narHash": "sha256-s7XsY4ZsS9jyzZWpXOJNVzc03SNQbALM+S28QKXc8co=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "d57c296dab0ec1e7c6f28c7741d9a591b35117da", "rev": "56ccf5bf3f4d8687dc22c390cdafe20c08a7e549",
"revCount": 59, "revCount": 60,
"type": "git", "type": "git",
"url": "file:./nix-secrets" "url": "file:./nix-secrets"
}, },

View file

@ -87,19 +87,11 @@
in in
{ {
formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style); formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style);
nixosConfigurations = { nixosConfigurations = {
Dimaga = nixpkgs.lib.nixosSystem { Dimaga = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
# Add unstable repo
specialArgs = {
pkgs-unstable = import nixpkgs-unstable {
system = "x86_64-linux";
config.allowUnfree = true;
};
};
modules = defaultModules ++ [ modules = defaultModules ++ [
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
./hosts/Dimaga ./hosts/Dimaga

View file

@ -173,10 +173,12 @@ in
netdata = { netdata = {
enable = true; enable = true;
domain = config.secrets.networking.primaryDomain; domain = config.secrets.networking.primaryDomain;
type = "parent";
url = config.secrets.services.netdata.url; url = config.secrets.services.netdata.url;
auth = { auth = {
user = config.users.users.aires.name; user = config.users.users.aires.name;
password = config.secrets.services.netdata.password; password = config.secrets.services.netdata.password;
apiKey = config.secrets.services.netdata.apiKey;
}; };
}; };
nginx = { nginx = {

View file

@ -66,6 +66,12 @@ in
onCalendar = "daily"; onCalendar = "daily";
user = config.users.users.aires.name; user = config.users.users.aires.name;
}; };
netdata = {
enable = true;
type = "child";
url = config.secrets.services.netdata.url;
auth.apiKey = config.secrets.services.netdata.apiKey;
};
# Install virtual machine management tools # Install virtual machine management tools
virtualization = { virtualization = {
enable = true; enable = true;

View file

@ -1,5 +1,10 @@
# Modules common to all systems # Modules common to all systems
{ pkgs, config, ... }: {
pkgs,
config,
inputs,
...
}:
{ {
config = { config = {
@ -14,6 +19,16 @@
]; ];
}; };
# Allow packages from the unstable repo by using 'pkgs.unstable'
nixpkgs.overlays = [
(final: _prev: {
unstable = import inputs.nixpkgs-unstable {
system = final.system;
config.allowUnfree = true;
};
})
];
programs = { programs = {
# Enable NH, an alternative nixos-rebuild frontend. # Enable NH, an alternative nixos-rebuild frontend.
nh = { nh = {

View file

@ -1,6 +1,5 @@
{ {
pkgs, pkgs,
pkgs-unstable,
config, config,
lib, lib,
... ...
@ -23,6 +22,11 @@ in
type = lib.types.str; type = lib.types.str;
description = "Password for basic auth."; description = "Password for basic auth.";
}; };
apiKey = lib.mkOption {
default = "";
type = lib.types.str;
description = "API key for streaming data from a child to a parent.";
};
}; };
domain = lib.mkOption { domain = lib.mkOption {
default = ""; default = "";
@ -30,6 +34,15 @@ in
description = "The root domain that Netdata will be hosted on."; description = "The root domain that Netdata will be hosted on.";
example = "example.com"; example = "example.com";
}; };
type = lib.mkOption {
default = "parent";
type = lib.types.enum [
"parent"
"child"
];
description = "Whether this is a parent (default: includes web UI) or child (no web UI - streaming only).";
example = "child";
};
url = lib.mkOption { url = lib.mkOption {
default = ""; default = "";
type = lib.types.str; type = lib.types.str;
@ -39,42 +52,81 @@ in
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkMerge [
(lib.mkIf cfg.enable {
services = { services.netdata = {
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.domain;
forceSSL = true;
basicAuth = {
"${cfg.auth.user}" = cfg.auth.password;
};
locations."/" = {
proxyPass = "http://127.0.0.1:19999";
extraConfig = ''
# Taken from https://learn.netdata.cloud/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/nginx
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
'';
};
};
netdata = {
enable = true; enable = true;
package = pkgs-unstable.netdataCloud; package = pkgs.unstable.netdataCloud;
enableAnalyticsReporting = false; enableAnalyticsReporting = false;
};
})
(lib.mkIf (cfg.type == "parent") {
services = {
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.domain;
forceSSL = true;
basicAuth = {
"${cfg.auth.user}" = cfg.auth.password;
};
locations."/" = {
proxyPass = "http://127.0.0.1:19999";
extraConfig = ''
# Taken from https://learn.netdata.cloud/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/nginx
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
'';
};
};
netdata = {
configDir = {
# Enable nvidia-smi: https://nixos.wiki/wiki/Netdata#nvidia-smi
"python.d.conf" = pkgs.writeText "python.d.conf" ''
nvidia_smi: yes
'';
# Allow incoming streams
"stream.conf" = pkgs.writeText "stream.conf" ''
[${config.secrets.services.netdata.apiKey}]
enabled = yes
default history = 3600
default memory mode = dbengine
health enabled by default = auto
allow streaming from = *
'';
};
};
};
systemd.services.nginx.wants = [ config.systemd.services.netdata.name ];
})
(lib.mkIf (cfg.type == "child") {
services.netdata = {
# Disable web UI
config = {
global = {
"memory mode" = "none";
};
web = {
mode = "none";
"accept a streaming request every seconds" = 0;
};
};
# Set up streaming
configDir = { configDir = {
# Enable nvidia-smi: https://nixos.wiki/wiki/Netdata#nvidia-smi "stream.conf" = pkgs.writeText "stream.conf" ''
"python.d.conf" = pkgs.writeText "python.d.conf" '' [stream]
nvidia_smi: yes enabled = yes
destination = ${cfg.url}:SSL
api key = ${cfg.auth.apiKey}
[${cfg.auth.apiKey}]
enabled = yes
''; '';
}; };
}; };
}; })
systemd.services.nginx.wants = [ config.systemd.services.netdata.name ]; ];
};
} }

@ -1 +1 @@
Subproject commit d57c296dab0ec1e7c6f28c7741d9a591b35117da Subproject commit 56ccf5bf3f4d8687dc22c390cdafe20c08a7e549