diff --git a/frumar/configuration.nix b/frumar/configuration.nix index 1c918cd..2906ff6 100644 --- a/frumar/configuration.nix +++ b/frumar/configuration.nix @@ -17,6 +17,7 @@ in ../modules/tor-hidden-service.nix ../roles/quassel.nix ../roles/pub.nix + ../roles/collectd.nix ]; diff --git a/pennyworth/configuration.nix b/pennyworth/configuration.nix index 052df29..2261b19 100644 --- a/pennyworth/configuration.nix +++ b/pennyworth/configuration.nix @@ -15,6 +15,8 @@ in imports = [ ./hardware-configuration.nix ../roles/common.nix + ../roles/collectd.nix + ../roles/graphs.nix ../modules/mailz.nix ../modules/nginx.nix ../modules/tor-hidden-service.nix diff --git a/roles/collectd.nix b/roles/collectd.nix new file mode 100644 index 0000000..64dde96 --- /dev/null +++ b/roles/collectd.nix @@ -0,0 +1,63 @@ +{ config, pkgs, lib, ...}: +let + secrets = import ; +in +{ + services.collectd = { + enable = true; + extraConfig = '' + LoadPlugin network + + LoadPlugin conntrack + LoadPlugin cpu + LoadPlugin df + LoadPlugin disk + LoadPlugin interface + LoadPlugin fhcount + LoadPlugin load + LoadPlugin memory + LoadPlugin processes + LoadPlugin swap + LoadPlugin tcpconns + LoadPlugin uptime + LoadPlugin users + + + + LocalPort "443" + + + + Username "${config.networking.hostName}" + Password "${secrets.influx_pass.${config.networking.hostName}}" + + + ''; + }; + boot.kernel.sysctl."net.core.rmem_max" = 26214400; + boot.kernel.sysctl."net.core.rmem_default" = 26214400; + nixpkgs.config.packageOverrides = pkgs: { + collectd = pkgs.collectd.override { + jdk = null; + libcredis = null; + libdbi = null; + libmemcached = null; cyrus_sasl = null; + libmodbus = null; + libnotify = null; gdk_pixbuf = null; + libsigrok = null; + libvirt = null; + libxml2 = null; + libtool = null; + lvm2 = null; + libmysql = null; + protobufc = null; + python = null; + rabbitmq-c = null; + riemann = null; + rrdtool = null; + varnish = null; + yajl = null; + net_snmp = null; + }; + }; +} diff --git a/roles/graphs.nix b/roles/graphs.nix new file mode 100644 index 0000000..be097e6 --- /dev/null +++ b/roles/graphs.nix @@ -0,0 +1,38 @@ +# use together with ./collectd.nix +{ config, pkgs, lib, ...}: +let + secrets = import ; + grafana_port = 3000; + domain = "graphs.yori.cc"; +in +{ + networking.firewall.allowedUDPPorts = [25826]; + services.influxdb = { + enable = true; + extraConfig = { + collectd = [{ + enabled = true; + typesdb = "${pkgs.collectd}/share/collectd/types.db"; + database = "collectd_db"; + "security-level" = "sign"; + "auth-file" = pkgs.writeText "collectd_auth" + (builtins.concatStringsSep "\n" (lib.mapAttrsToList (n: p: "${n}: ${p}") secrets.influx_pass) + "\n"); + port = 25826; + }]; + }; + }; + services.grafana = { + enable = true; + inherit domain; + rootUrl = "https://${domain}/"; + port = grafana_port; + }; + services.nginx.virtualHosts.${domain} = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString grafana_port}"; + }; + }; + +} diff --git a/secrets.nix.asc b/secrets.nix.asc index dd31cc7..6783e4b 100644 --- a/secrets.nix.asc +++ b/secrets.nix.asc @@ -1,26 +1,24 @@ -----BEGIN PGP MESSAGE----- -hQEMAwEAjpZflP7cAQgAuUQH4GHZsM4Qh+zUBK9nMQ+Cl+jetPLYv8QFzsTWFOge -gAPdZs5NRi+ncvaoA/jnZtNfo8awtZ7UPT2wh3j102cGB5rB3flsVD61wQuiu1rG -v3wh4875vjHpRZy6JaJuRTHvno0usoebg1dwiVaiFI10oXRzrEtiM+M6CiDeUFGM -aUl356YxRbLgkYHw/R6C5WdssOt4jOuQkXV1Jv+b3Td5HJYLL+Ae9Dwg7MVfGzas -aSboFHatQ2HqS/pTyNLz3zJzoxPWhQPaIFV5V3BpmQvC6qnBp824T2tHz4G9vqND -G3UI6sI1Um/KuPg9pgDdO30O8+1n1E9LxLjwm4vVKNLpASVp/SY8UrJmx5bGFr/0 -qkCuVVPcJm0rr9VAHSGrDwXanE4HFG5W+LFb1EL/gEa2rlcYvv7YsOxMTXjYKBRC -cY9w8NNTsxgGTm1Mn76cCS5sUSLeoPYlYTbgsmGrMO7EEYdOQhFsK1IHv8ANoDA+ -OnciOCLOKCb85cCO5w8zM63Fdz0sK8uDs0W/XUWBmk0vyeqv1dFFExzZ06Y2l4yh -pKwuIb4hEniv0i+T5ElN93PM2nMaxfPj8M4T8DEsIA5kRiO96ITXCJLLEsCxkF2s -fJZ4U4bF7jxj3rErLJthPsA2Xw62vq0I60g7+BcZt/g8Sj0TGmYRR+MvvOeXUuIT -JtqeIFx2c6NbOT5rKqu7HbI5AlRZ1pmjDgfYF0CF6U/0fq5PHbh7ntyRU79Ca8Hn -tr9SU/g3Uq/WMpPzFbZ21+kCXrwBkti4urUkOfUzUO04fUS7SUj/FzgyyBCh3nHG -cRSrcy49f9mvSvV1hxpu0ukWJID8UiDyoM0RqQ8Qab7BrKsCgodUnKFHWIKuYxgX -defCwQzuEq/A4kmB1pPF6F56cfa4wyKVjXgreQzgQxqG4LtjsZGzA84Q/R+2xVxj -LBJzuKzBmuDgwCKw6/9q872Vz8+r1MdeXdpkxEUS8knMbmhHMKw0Pb7vwI5t3JQy -5DziTWV0M6rAuBjXJ0h876XARDwVUue0mNf9FovMvnak4af/cXPWuBCZ+ZDJzL7Y -d5FXz5/Tb5Lqw+qoJtjullDR3Vtntmm4MOUTytVBFWz5NXw5NlVm3KmpLUHK4KbY -grHphnz87JZJ7jA2o1WXPsj8FwzmNpIYqTbB/mp/Gtr4vfarD2Org1uyc16n9e0e -AIePoJIR5Rsrkb51WSuJ4kV+5A1M+YH+k400qYmTcPKeenZvn8RJvjeD7R4ErpK7 -vc3RsAFEdBvsUVidrKM0DmWmMSxeNYU72Bubr8TfHcDOe3ZSotokh1v3JE2gdICQ -LO0PkA3txVH+gjOa02Y9ZiDm0eqWQiwGx5g6TeiKD4jx9zpNfCt7 -=u9KE +hF4DVNqm0KmYcYASAQdAzceaPLCjk6UKh4KT0GkBKnOLxv8fbysTLTXW/kxL2l4w +X+FzhmbeD6jlLoLmYHEKMDvYT6/OdbxdnI803Inlu6URwupUAzTyHmDhG99vw8AB +0ukBDbZs9VEwEV4dXxgyZbBZ2sCNUrEO/WGSHEKmFcSl6XrXAt767StQ10ohce3y +5mf7F/L36+bdqZ4Ndzr+N27p7RQNyAnF9RmyiG6COnlJBuflo5TOyOpF0Az71hid +Nff8xjhnp0DyMAI0xXo2pQvtKgerDuYRsXVNl2eUEHnDg0rd88jt0mt34SvBjI9e +B3Tg4acgSHCNbrGuODc3uW/ellmFEblaZ+ybXV8K1kWarXxgecrOv6sjLS/s9jWD +Pj+qNT/UOaCVXe1bxutc3cPD5m2kgPlZHF3UNcKzpR8HFR/dVcuilHmcaX5D9sm1 +b77KD3a81blq9xb/bDb9H7JJ+V4z1yCzx2CngetqVQ4Ksgpz+ctUFGQHbDixX2Yn +VRpKNdcVzJZfQy4SPaG2fz0mQdRFJmdqkauaxT/PY/uhDA9QtkIHmE6xjJxOTfqu +guAeVZZtLzy26bSGPiRoO7UfBZQ9nBZrsaV7xtEbq1W6mt/951mZfKC8KpX1cDiO +0ld6+lHH47zCPpA5TSbyy0GY14QMqPmIQvfkL1ul7GfhAYb8Wba+Z1m2BfYis+bn +XQdXkdTJieS0I/Uc1pvXzTzjVHReRisKBreqAeZ97bYZqlV8e4O14GhUqdwEHMSE +Gp6HybrOVA1sVOtvCAcUx2xMVBET0xSNCD0B05e5cbgZQMCPn0aA+qAlNBPXGJzf +0ckP0eOj2iSAjYQNyoCmP8R6ULKc74Pwb4xaNlcPMvlCaDfR/7W1P+u9HDH1/ep+ +SV1nkyW5RRlpWbEfwPI1j50O5FR44sxb7YmrxIPM97p62zCm6wqn7AoRlkztw8pB +XUwfx+mWRusRZrB4fDMTltLtu3Tj6wFanlmK5FYFDnujMZHWUKwuUPgp66Y+W7q0 +4kJSvfi2VXGRKzhWuHTdhNKIm4pDooePQtzBJdqN0xg9j+M5QEjhVqpZf0E/Vtt3 +UI8DpDr71HvNem6HgE74tcCHegjUc5DKEVQjLAFa5nTFPjeMHsQc2VPB2htCtp/f +n0E76Muu4YRHUeroo8LXMuuZ/fJdsyv7avlHYBmn5wPDj1HTbk6sOSKrAaHzDuDX +s2Mb4L+0HHecO3B6uPv1FRPUnV7i+URNcV9UtHt8MGyJyXQ= +=NQWD -----END PGP MESSAGE----- diff --git a/woodhouse/configuration.nix b/woodhouse/configuration.nix index 5cbe44e..63d184c 100644 --- a/woodhouse/configuration.nix +++ b/woodhouse/configuration.nix @@ -11,6 +11,7 @@ in [ # Include the results of the hardware scan. ./hardware-configuration.nix ../roles/common.nix + ../roles/collectd.nix ../modules/tor-hidden-service.nix ../roles/graphical.nix ];