mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 14:50:40 +02:00
Code Activity

chore: format everything

Browse source
This commit is contained in:
oddlama 2024-11-26 13:34:55 +01:00
parent deca311c68
commit 7ccd7856ee
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
162 changed files with 4750 additions and 3718 deletions
Download patch file Download diff file Expand all files Collapse all files

263
modules/telegraf.nix
View file

@ -6,9 +6,9 @@
nodes,
pkgs,
...
}: let
inherit
(lib)
}:
let
inherit (lib)
concatLists
elem
flip
@ -26,8 +26,9 @@
;
cfg = config.meta.telegraf;
mkIfNotEmpty = xs: mkIf (xs != []) xs;
in {
mkIfNotEmpty = xs: mkIf (xs != [ ]) xs;
in
{
options.meta.telegraf = {
enable = mkEnableOption "telegraf to push metrics to influx.";
@ -39,7 +40,7 @@ in {
secrets = mkOption {
type = types.attrsOf types.path;
default = {};
default = { };
example = {
"@INFLUX_TOKEN@" = "/run/agenix/influx-token";
};
@ -48,7 +49,7 @@ in {
availableMonitoringNetworks = mkOption {
type = types.listOf types.str;
example = ["internet"];
example = [ "internet" ];
description = ''
Any of the global monitoring definitions which has a network from this list
will automatically be monitored via telegraf. Set this to any networks that
@ -88,7 +89,7 @@ in {
config = mkIf (!minimal && cfg.enable) {
# Monitor anything that can only be monitored from this node
meta.telegraf.availableMonitoringNetworks = ["local-${config.node.name}"];
meta.telegraf.availableMonitoringNetworks = [ "local-${config.node.name}" ];
assertions = [
{
@ -106,9 +107,10 @@ in {
};
services.influxdb2.provision.organizations.machines.auths."telegraf (${config.node.name})" = {
readBuckets = ["telegraf"];
writeBuckets = ["telegraf"];
tokenFile = nodes.${cfg.influxdb2.node}.config.age.secrets."telegraf-influxdb-token-${config.node.name}".path;
readBuckets = [ "telegraf" ];
writeBuckets = [ "telegraf" ];
tokenFile =
nodes.${cfg.influxdb2.node}.config.age.secrets."telegraf-influxdb-token-${config.node.name}".path;
};
};
@ -121,28 +123,32 @@ in {
meta.telegraf.secrets."@INFLUX_TOKEN@" = config.age.secrets.telegraf-influxdb-token.path;
security.elewrap.telegraf-sensors = mkIf cfg.scrapeSensors {
command = ["${pkgs.lm_sensors}/bin/sensors" "-A" "-u"];
command = [
"${pkgs.lm_sensors}/bin/sensors"
"-A"
"-u"
];
targetUser = "root";
allowedUsers = ["telegraf"];
allowedUsers = [ "telegraf" ];
};
security.elewrap.telegraf-nvme = mkIf config.services.smartd.enable {
command = ["${pkgs.nvme-cli}/bin/nvme"];
command = [ "${pkgs.nvme-cli}/bin/nvme" ];
targetUser = "root";
allowedUsers = ["telegraf"];
allowedUsers = [ "telegraf" ];
passArguments = true;
};
security.elewrap.telegraf-smartctl = mkIf config.services.smartd.enable {
command = ["${pkgs.smartmontools}/bin/smartctl"];
command = [ "${pkgs.smartmontools}/bin/smartctl" ];
targetUser = "root";
allowedUsers = ["telegraf"];
allowedUsers = [ "telegraf" ];
passArguments = true;
};
services.telegraf = {
enable = true;
environmentFiles = ["/dev/null"]; # Needed so the config file is copied to /run/telegraf
environmentFiles = [ "/dev/null" ]; # Needed so the config file is copied to /run/telegraf
extraConfig = {
agent = {
interval = "10s";
@ -158,112 +164,135 @@ in {
};
outputs = {
influxdb_v2 = {
urls = ["https://${cfg.influxdb2.domain}"];
urls = [ "https://${cfg.influxdb2.domain}" ];
token = "@INFLUX_TOKEN@";
inherit (cfg.influxdb2) organization bucket;
};
};
inputs =
{
conntrack = {};
cpu = {};
disk = {};
diskio = {};
internal = {};
interrupts = {};
kernel = {};
kernel_vmstat = {};
linux_sysctl_fs = {};
mem = {};
conntrack = { };
cpu = { };
disk = { };
diskio = { };
internal = { };
interrupts = { };
kernel = { };
kernel_vmstat = { };
linux_sysctl_fs = { };
mem = { };
net = {
ignore_protocol_stats = true;
};
netstat = {};
nstat = {};
processes = {};
swap = {};
system = {};
netstat = { };
nstat = { };
processes = { };
swap = { };
system = { };
systemd_units = {
unittype = "service";
};
temp = {};
wireguard = {};
temp = { };
wireguard = { };
ping = mkIfNotEmpty (concatLists (flip mapAttrsToList globals.monitoring.ping (
name: pingCfg:
optionals (elem pingCfg.network cfg.availableMonitoringNetworks) (
concatLists (forEach ["hostv4" "hostv6"] (
attr:
optional (pingCfg.${attr} != null) {
interval = "1m";
method = "native";
urls = [pingCfg.${attr}];
ipv4 = attr == "hostv4";
ipv6 = attr == "hostv6";
tags = {
inherit name;
inherit (pingCfg) network;
ip_version =
if attr == "hostv4"
then "v4"
else "v6";
};
fieldinclude = [
"percent_packet_loss"
"average_response_ms"
];
}
))
ping = mkIfNotEmpty (
concatLists (
flip mapAttrsToList globals.monitoring.ping (
name: pingCfg:
optionals (elem pingCfg.network cfg.availableMonitoringNetworks) (
concatLists (
forEach
[
"hostv4"
"hostv6"
]
(
attr:
optional (pingCfg.${attr} != null) {
interval = "1m";
method = "native";
urls = [ pingCfg.${attr} ];
ipv4 = attr == "hostv4";
ipv6 = attr == "hostv6";
tags = {
inherit name;
inherit (pingCfg) network;
ip_version = if attr == "hostv4" then "v4" else "v6";
};
fieldinclude = [
"percent_packet_loss"
"average_response_ms"
];
}
)
)
)
)
)));
)
);
http_response = mkIfNotEmpty (concatLists (flip mapAttrsToList globals.monitoring.http (
name: httpCfg:
optional (elem httpCfg.network cfg.availableMonitoringNetworks) {
interval = "1m";
urls = toList httpCfg.url;
method = "GET";
response_status_code = httpCfg.expectedStatus;
response_string_match = mkIf (httpCfg.expectedBodyRegex != null) httpCfg.expectedBodyRegex;
insecure_skip_verify = httpCfg.skipTlsVerification;
follow_redirects = true;
tags = {
inherit name;
inherit (httpCfg) network;
};
}
)));
http_response = mkIfNotEmpty (
concatLists (
flip mapAttrsToList globals.monitoring.http (
name: httpCfg:
optional (elem httpCfg.network cfg.availableMonitoringNetworks) {
interval = "1m";
urls = toList httpCfg.url;
method = "GET";
response_status_code = httpCfg.expectedStatus;
response_string_match = mkIf (httpCfg.expectedBodyRegex != null) httpCfg.expectedBodyRegex;
insecure_skip_verify = httpCfg.skipTlsVerification;
follow_redirects = true;
tags = {
inherit name;
inherit (httpCfg) network;
};
}
)
)
);
dns_query = mkIfNotEmpty (concatLists (flip mapAttrsToList globals.monitoring.dns (
name: dnsCfg:
optional (elem dnsCfg.network cfg.availableMonitoringNetworks) {
interval = "1m";
servers = [dnsCfg.server];
domains = [dnsCfg.domain];
record_type = dnsCfg.record-type;
tags = {
inherit name;
inherit (dnsCfg) network;
};
}
)));
dns_query = mkIfNotEmpty (
concatLists (
flip mapAttrsToList globals.monitoring.dns (
name: dnsCfg:
optional (elem dnsCfg.network cfg.availableMonitoringNetworks) {
interval = "1m";
servers = [ dnsCfg.server ];
domains = [ dnsCfg.domain ];
record_type = dnsCfg.record-type;
tags = {
inherit name;
inherit (dnsCfg) network;
};
}
)
)
);
net_response = mkIfNotEmpty (concatLists (flip mapAttrsToList globals.monitoring.tcp (
name: tcpCfg:
optional (elem tcpCfg.network cfg.availableMonitoringNetworks) {
interval = "1m";
address = "${tcpCfg.host}:${toString tcpCfg.port}";
protocol = "tcp";
tags = {
inherit name;
inherit (tcpCfg) network;
};
fieldexclude = ["result_type" "string_found"];
}
)));
net_response = mkIfNotEmpty (
concatLists (
flip mapAttrsToList globals.monitoring.tcp (
name: tcpCfg:
optional (elem tcpCfg.network cfg.availableMonitoringNetworks) {
interval = "1m";
address = "${tcpCfg.host}:${toString tcpCfg.port}";
protocol = "tcp";
tags = {
inherit name;
inherit (tcpCfg) network;
};
fieldexclude = [
"result_type"
"string_found"
];
}
)
)
);
}
// optionalAttrs config.services.smartd.enable {
sensors = {};
sensors = { };
smart = {
attributes = true;
path_nvme = config.security.elewrap.telegraf-nvme.path;
@ -272,16 +301,19 @@ in {
};
}
// optionalAttrs config.services.nginx.enable {
nginx.urls = ["http://localhost/nginx_status"];
nginx.urls = [ "http://localhost/nginx_status" ];
}
// optionalAttrs (config.networking.wireless.enable || config.networking.wireless.iwd.enable) {
wireless = {};
wireless = { };
};
};
};
services.nginx.virtualHosts = mkIf config.services.nginx.enable {
localhost.listenAddresses = ["127.0.0.1" "[::1]"];
localhost.listenAddresses = [
"127.0.0.1"
"[::1]"
];
localhost.locations."= /nginx_status".extraConfig = ''
allow 127.0.0.0/8;
allow ::1;
@ -303,13 +335,14 @@ in {
systemd.services.telegraf = {
path = [
# Make sensors refer to the correct wrapper
(mkIf cfg.scrapeSensors
(pkgs.writeShellScriptBin "sensors" config.security.elewrap.telegraf-sensors.path))
(mkIf cfg.scrapeSensors (
pkgs.writeShellScriptBin "sensors" config.security.elewrap.telegraf-sensors.path
))
];
serviceConfig = {
ExecStartPre = mkAfter [
(
pkgs.writeShellScript "pre-start-token" (lib.concatLines (
(pkgs.writeShellScript "pre-start-token" (
lib.concatLines (
lib.flip lib.mapAttrsToList config.meta.telegraf.secrets (
key: secret: ''
${lib.getExe pkgs.replace-secret} \
@ -318,11 +351,11 @@ in {
/var/run/telegraf/config.toml
''
)
))
)
)
))
];
# For wireguard statistics
AmbientCapabilities = ["CAP_NET_ADMIN"];
AmbientCapabilities = [ "CAP_NET_ADMIN" ];
RestartSec = "60"; # Retry every minute
};
};