From c0ca7888aa39ae749c9d0aeb6a78d2fbbb1dc029 Mon Sep 17 00:00:00 2001 From: Jack O'Sullivan Date: Sun, 12 Jun 2022 17:27:11 +0100 Subject: [PATCH] nixos: Add Netdata --- nixos/boxes/colony/default.nix | 1 + nixos/boxes/colony/vms/estuary/default.nix | 1 + .../vms/shill/containers/jackflix/default.nix | 2 ++ .../shill/containers/jackflix/networking.nix | 2 +- .../vms/shill/containers/middleman/vhosts.nix | 33 ++++++++++++++++++- nixos/boxes/colony/vms/shill/default.nix | 5 +++ nixos/modules/common.nix | 10 ++++++ nixos/modules/tmproot.nix | 12 +++++++ 8 files changed, 64 insertions(+), 2 deletions(-) diff --git a/nixos/boxes/colony/default.nix b/nixos/boxes/colony/default.nix index 70da818..96b002e 100644 --- a/nixos/boxes/colony/default.nix +++ b/nixos/boxes/colony/default.nix @@ -57,6 +57,7 @@ boot.thin.enable = true; dmeventd.enable = true; }; + netdata.enable = true; }; environment.systemPackages = with pkgs; [ diff --git a/nixos/boxes/colony/vms/estuary/default.nix b/nixos/boxes/colony/vms/estuary/default.nix index 10577a0..1b57dd2 100644 --- a/nixos/boxes/colony/vms/estuary/default.nix +++ b/nixos/boxes/colony/vms/estuary/default.nix @@ -61,6 +61,7 @@ lvm = { dmeventd.enable = true; }; + netdata.enable = true; }; systemd.network = { diff --git a/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix b/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix index 417e2bd..e5cb23b 100644 --- a/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix +++ b/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix @@ -54,6 +54,8 @@ }; services = { + netdata.enable = true; + transmission = { enable = true; downloadDirPermissions = null; diff --git a/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix b/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix index 69b3dfe..fe9d259 100644 --- a/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix +++ b/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix @@ -31,7 +31,7 @@ in tcp dport ${toString transmissionPeerPort} accept iifname vpn return - tcp dport { 9091, 9117, 7878, 8989, 8096 } accept + tcp dport { 19999, 9091, 9117, 7878, 8989, 8096 } accept return } chain input { diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix index 51d51f0..f6566fd 100644 --- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix +++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix @@ -1,7 +1,7 @@ { lib, pkgs, config, ... }: let inherit (builtins) mapAttrs toJSON; - inherit (lib) mkMerge mkDefault genAttrs flatten; + inherit (lib) mkMerge mkDefault genAttrs flatten concatStringsSep; dualStackListen' = l: map (addr: l // { inherit addr; }) [ "0.0.0.0" "[::]" ]; dualStackListen = ll: flatten (map dualStackListen' ll); @@ -69,6 +69,37 @@ in useACMEHost = lib.my.pubDomain; }; + "netdata-colony.${lib.my.pubDomain}" = + let + hosts = [ "vm" "fw" "ctr" "jackflix-ctr" ]; + matchHosts = concatStringsSep "|" hosts; + in + mkMerge [ + { + locations = { + "= /".return = "301 https://$host/colony/"; + "~ /(?${matchHosts})$".return = "301 https://$host/$behost/"; + "~ /(?${matchHosts})/(?.*)" = mkMerge [ + { + proxyPass = "http://$behost.${config.networking.domain}:19999/$ndpath$is_args$args"; + extraConfig = '' + proxy_pass_request_headers on; + proxy_set_header Connection "keep-alive"; + proxy_store off; + + gzip on; + gzip_proxied any; + gzip_types *; + ''; + } + (ssoLoc "generic") + ]; + }; + useACMEHost = lib.my.pubDomain; + } + (ssoServer "generic") + ]; + "pass.${lib.my.pubDomain}" = let upstream = "http://vaultwarden-ctr.${config.networking.domain}"; diff --git a/nixos/boxes/colony/vms/shill/default.nix b/nixos/boxes/colony/vms/shill/default.nix index c477378..044cbc0 100644 --- a/nixos/boxes/colony/vms/shill/default.nix +++ b/nixos/boxes/colony/vms/shill/default.nix @@ -72,6 +72,10 @@ }; }; + services = { + netdata.enable = true; + }; + systemd.network = { links = { "10-vms" = { @@ -112,6 +116,7 @@ server.enable = true; firewall = { + tcp.allowed = [ 19999 ]; trustedInterfaces = [ "vms" "ctrs" ]; }; diff --git a/nixos/modules/common.nix b/nixos/modules/common.nix index 9cde962..5e26dca 100644 --- a/nixos/modules/common.nix +++ b/nixos/modules/common.nix @@ -128,6 +128,16 @@ in permitRootLogin = mkDefault "no"; passwordAuthentication = mkDefault false; }; + + netdata = { + config = { + global = { + "memory mode" = "dbengine"; + "page cache size" = 32; + "dbengine multihost disk space" = 256; + }; + }; + }; }; } (mkIf config.services.kmscon.enable { diff --git a/nixos/modules/tmproot.nix b/nixos/modules/tmproot.nix index b475323..b9d4d46 100644 --- a/nixos/modules/tmproot.nix +++ b/nixos/modules/tmproot.nix @@ -280,6 +280,18 @@ in } ]; }) + (mkIf config.services.netdata.enable { + my.tmproot.persistence.config.directories = [ + { + directory = "/var/lib/netdata"; + inherit (config.services.netdata) user group; + } + { + directory = "/var/cache/netdata"; + inherit (config.services.netdata) user group; + } + ]; + }) (persistSimpleSvc "transmission") (persistSimpleSvc "jackett") (persistSimpleSvc "radarr")