123 lines
3.6 KiB
Nix
123 lines
3.6 KiB
Nix
{
|
|
pkgs,
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.aux.system.services.netdata;
|
|
in
|
|
{
|
|
options = {
|
|
aux.system.services.netdata = {
|
|
enable = lib.mkEnableOption "Enables Netdata monitoring.";
|
|
auth = {
|
|
user = lib.mkOption {
|
|
default = "netdata";
|
|
type = lib.types.str;
|
|
description = "Username for basic auth.";
|
|
};
|
|
password = lib.mkOption {
|
|
default = "";
|
|
type = lib.types.str;
|
|
description = "Password for basic auth.";
|
|
};
|
|
apiKey = lib.mkOption {
|
|
default = "";
|
|
type = lib.types.str;
|
|
description = "API key for streaming data from a child to a parent.";
|
|
};
|
|
};
|
|
type = lib.mkOption {
|
|
default = "parent";
|
|
type = lib.types.enum [
|
|
"parent"
|
|
"child"
|
|
];
|
|
description = "Whether this is a parent (default: includes web UI) or child (no web UI - streaming only).";
|
|
example = "child";
|
|
};
|
|
url = lib.mkOption {
|
|
default = "";
|
|
type = lib.types.str;
|
|
description = "The complete URL where Netdata is hosted.";
|
|
example = "https://netdata.example.com";
|
|
};
|
|
};
|
|
};
|
|
|
|
config = lib.mkMerge [
|
|
(lib.mkIf (cfg.enable && cfg.type == "parent") {
|
|
services = {
|
|
nginx.virtualHosts."${cfg.url}" = {
|
|
useACMEHost = lib.Sapana.getDomainFromURI cfg.url;
|
|
forceSSL = true;
|
|
basicAuth = {
|
|
"${cfg.auth.user}" = cfg.auth.password;
|
|
};
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:19999";
|
|
extraConfig = ''
|
|
# Taken from https://learn.netdata.cloud/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/nginx
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header X-Forwarded-Server $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_pass_request_headers on;
|
|
proxy_set_header Connection "keep-alive";
|
|
proxy_store off;
|
|
'';
|
|
};
|
|
};
|
|
|
|
netdata = {
|
|
enable = true;
|
|
package = pkgs.unstable.netdataCloud;
|
|
enableAnalyticsReporting = false;
|
|
configDir = {
|
|
# Allow incoming streams
|
|
"stream.conf" = pkgs.writeText "stream.conf" ''
|
|
[${config.secrets.services.netdata.apiKey}]
|
|
enabled = no
|
|
default history = 3600
|
|
default memory mode = dbengine
|
|
health enabled by default = auto
|
|
allow streaming from = *
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
systemd.services.nginx.wants = [ config.systemd.services.netdata.name ];
|
|
})
|
|
|
|
(lib.mkIf (cfg.enable && cfg.type == "child") {
|
|
services.netdata = {
|
|
enable = true;
|
|
package = pkgs.unstable.netdataCloud;
|
|
enableAnalyticsReporting = false;
|
|
# Disable web UI
|
|
config = {
|
|
global = {
|
|
"memory mode" = "none";
|
|
};
|
|
web = {
|
|
mode = "none";
|
|
"accept a streaming request every seconds" = 0;
|
|
};
|
|
};
|
|
# Set up streaming
|
|
# FIXME: Requires a non-HTTP port. See https://community.netdata.cloud/t/properly-running-parent-child-nodes/1417/4
|
|
configDir = {
|
|
"stream.conf" = pkgs.writeText "stream.conf" ''
|
|
[stream]
|
|
enabled = yes
|
|
destination = ${cfg.url}:443:SSL
|
|
api key = ${cfg.auth.apiKey}
|
|
[${cfg.auth.apiKey}]
|
|
enabled = yes
|
|
'';
|
|
};
|
|
};
|
|
})
|
|
];
|
|
}
|