nixos: Add Netdata

nixos/boxes/colony/vms/estuary/default.nix

@@ -61,6 +61,7 @@
               lvm = {
                 dmeventd.enable = true;
               };
+              netdata.enable = true;
             };
 
             systemd.network = {

nixos/boxes/colony/vms/shill/containers/jackflix/default.nix

@@ -54,6 +54,8 @@
         };
 
         services = {
+          netdata.enable = true;
+
           transmission = {
             enable = true;
             downloadDirPermissions = null;

nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix

@@ -31,7 +31,7 @@ in
                 tcp dport ${toString transmissionPeerPort} accept
                 iifname vpn return
 
-                tcp dport { 9091, 9117, 7878, 8989, 8096 } accept
+                tcp dport { 19999, 9091, 9117, 7878, 8989, 8096 } accept
                 return
               }
               chain input {

nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix

@@ -1,7 +1,7 @@
 { lib, pkgs, config, ... }:
 let
   inherit (builtins) mapAttrs toJSON;
-  inherit (lib) mkMerge mkDefault genAttrs flatten;
+  inherit (lib) mkMerge mkDefault genAttrs flatten concatStringsSep;
 
   dualStackListen' = l: map (addr: l // { inherit addr; }) [ "0.0.0.0" "[::]" ];
   dualStackListen = ll: flatten (map dualStackListen' ll);
@@ -69,6 +69,37 @@ in
         useACMEHost = lib.my.pubDomain;
       };
 
+      "netdata-colony.${lib.my.pubDomain}" =
+      let
+        hosts = [ "vm" "fw" "ctr" "jackflix-ctr" ];
+        matchHosts = concatStringsSep "|" hosts;
+      in
+      mkMerge [
+        {
+          locations = {
+            "= /".return = "301 https://$host/colony/";
+            "~ /(?<behost>${matchHosts})$".return = "301 https://$host/$behost/";
+            "~ /(?<behost>${matchHosts})/(?<ndpath>.*)" = mkMerge [
+              {
+                proxyPass = "http://$behost.${config.networking.domain}:19999/$ndpath$is_args$args";
+                extraConfig = ''
+                  proxy_pass_request_headers on;
+                  proxy_set_header Connection "keep-alive";
+                  proxy_store off;
+
+                  gzip on;
+                  gzip_proxied any;
+                  gzip_types *;
+                '';
+              }
+              (ssoLoc "generic")
+            ];
+          };
+          useACMEHost = lib.my.pubDomain;
+        }
+        (ssoServer "generic")
+      ];
+
       "pass.${lib.my.pubDomain}" =
       let
         upstream = "http://vaultwarden-ctr.${config.networking.domain}";

nixos/boxes/colony/vms/shill/default.nix

@@ -72,6 +72,10 @@
               };
             };
 
+            services = {
+              netdata.enable = true;
+            };
+
             systemd.network = {
               links = {
                 "10-vms" = {
@@ -112,6 +116,7 @@
               server.enable = true;
 
               firewall = {
+                tcp.allowed = [ 19999 ];
                 trustedInterfaces = [ "vms" "ctrs" ];
               };