diff --git a/apps/netdata-cloud.nix b/apps/netdata-cloud.nix new file mode 100644 index 0000000..f98dbd7 --- /dev/null +++ b/apps/netdata-cloud.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: { + + type = "app"; + + program = builtins.toString (pkgs.writeShellScript "netdata-cloud" '' + if [ "$EUID" -ne 0 ]; then + echo "Please run as root" + exit 1 + fi + mkdir --parents --mode 0750 /var/lib/netdata/cloud.d + printf "\nEnter the claim token for netdata cloud...\n\n" + read -p "Token: " token + echo "''${token}" > /var/lib/netdata/cloud.d/token + chown -R netdata:netdata /var/lib/netdata + ${pkgs.netdata}/bin/netdata-claim.sh -id=$(uuidgen) + printf "\n\nNow restart netdata service.\n\n" + ''); + +} diff --git a/flake.nix b/flake.nix index d1aff1c..04c5811 100644 --- a/flake.nix +++ b/flake.nix @@ -92,6 +92,9 @@ # Load the SSH key for this machine loadkey = import ./apps/loadkey.nix { inherit pkgs; }; + # Connect machine metrics to Netdata Cloud + netdata = import ./apps/netdata-cloud.nix { inherit pkgs; }; + }); devShells = forAllSystems (system: diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix index 73653e8..f34d32a 100644 --- a/hosts/oracle/default.nix +++ b/hosts/oracle/default.nix @@ -21,17 +21,12 @@ nixpkgs.lib.nixosSystem { streamServer = "stream.masu.rs"; nextcloudServer = "cloud.masu.rs"; transmissionServer = "download.masu.rs"; - metricsServer = "metrics.masu.rs"; # Disable passwords, only use SSH key passwordHash = null; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"; - # Password for metrics server - metricsPasswordHashed = - "$2a$14$rr.lPIF8ktl5bepks1iD3OXu5Se11/uAog01wlFMwgk0MCb1Rm3PG"; - # Nextcloud backup config backupS3 = { endpoint = "s3.us-west-002.backblazeb2.com"; diff --git a/modules/services/metrics.nix b/modules/services/metrics.nix index 8239fdd..cc14d8d 100644 --- a/modules/services/metrics.nix +++ b/modules/services/metrics.nix @@ -1,42 +1,13 @@ -{ config, lib, ... }: { - - options = { - metricsServer = lib.mkOption { - type = lib.types.str; - description = "Hostname for Metrics server"; - }; - metricsPasswordHashed = lib.mkOption { - type = lib.types.str; - description = "Metrics password hashed with `caddy hash-password`"; - }; - }; - - imports = [ ./caddy.nix ]; +{ config, pkgs, lib, ... }: { config = { - services.netdata.enable = true; + services.netdata = { + enable = true; - caddyRoutes = [{ - match = [{ host = [ config.metricsServer ]; }]; - handle = [ - { - handler = "authentication"; - providers = { - http_basic = { - accounts = [{ - username = config.user; - password = config.metricsPasswordHashed; - }]; - }; - }; - } - { - handler = "reverse_proxy"; - upstreams = [{ dial = "localhost:19999"; }]; - } - ]; - }]; + # Disable local dashboard (unsecured) + config = { web.mode = "none"; }; + }; }; diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index 7c8e270..40a3a2c 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -146,10 +146,7 @@ in { systemd.services.litestream-s3 = { requiredBy = [ "litestream.service" ]; before = [ "litestream.service" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; + serviceConfig = { Type = "oneshot"; }; script = '' echo \ LITESTREAM_SECRET_ACCESS_KEY=$(${pkgs.age}/bin/age --decrypt \