switch to netdata cloud

fix performance issues with caddy mostly

apps/netdata-cloud.nix

@@ -0,0 +1,19 @@
+{ pkgs, ... }: {
+
+  type = "app";
+
+  program = builtins.toString (pkgs.writeShellScript "netdata-cloud" ''
+    if [ "$EUID" -ne 0 ]; then
+      echo "Please run as root"
+      exit 1
+    fi
+    mkdir --parents --mode 0750 /var/lib/netdata/cloud.d
+    printf "\nEnter the claim token for netdata cloud...\n\n"
+    read -p "Token: " token
+    echo "''${token}" > /var/lib/netdata/cloud.d/token
+    chown -R netdata:netdata /var/lib/netdata
+    ${pkgs.netdata}/bin/netdata-claim.sh -id=$(uuidgen)
+    printf "\n\nNow restart netdata service.\n\n"
+  '');
+
+}

flake.nix

@@ -92,6 +92,9 @@
           # Load the SSH key for this machine
           loadkey = import ./apps/loadkey.nix { inherit pkgs; };
 
+          # Connect machine metrics to Netdata Cloud
+          netdata = import ./apps/netdata-cloud.nix { inherit pkgs; };
+
         });
 
       devShells = forAllSystems (system:

hosts/oracle/default.nix

@@ -21,17 +21,12 @@ nixpkgs.lib.nixosSystem {
       streamServer = "stream.masu.rs";
       nextcloudServer = "cloud.masu.rs";
       transmissionServer = "download.masu.rs";
-      metricsServer = "metrics.masu.rs";
 
       # Disable passwords, only use SSH key
       passwordHash = null;
       publicKey =
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
 
-      # Password for metrics server
-      metricsPasswordHashed =
-        "$2a$14$rr.lPIF8ktl5bepks1iD3OXu5Se11/uAog01wlFMwgk0MCb1Rm3PG";
-
       # Nextcloud backup config
       backupS3 = {
         endpoint = "s3.us-west-002.backblazeb2.com";

modules/services/metrics.nix

@@ -1,42 +1,13 @@
-{ config, lib, ... }: {
-
-  options = {
-    metricsServer = lib.mkOption {
-      type = lib.types.str;
-      description = "Hostname for Metrics server";
-    };
-    metricsPasswordHashed = lib.mkOption {
-      type = lib.types.str;
-      description = "Metrics password hashed with `caddy hash-password`";
-    };
-  };
-
-  imports = [ ./caddy.nix ];
+{ config, pkgs, lib, ... }: {
 
   config = {
 
-    services.netdata.enable = true;
+    services.netdata = {
+      enable = true;
 
-    caddyRoutes = [{
-      match = [{ host = [ config.metricsServer ]; }];
-      handle = [
-        {
-          handler = "authentication";
-          providers = {
-            http_basic = {
-              accounts = [{
-                username = config.user;
-                password = config.metricsPasswordHashed;
-              }];
-            };
-          };
-        }
-        {
-          handler = "reverse_proxy";
-          upstreams = [{ dial = "localhost:19999"; }];
-        }
-      ];
-    }];
+      # Disable local dashboard (unsecured)
+      config = { web.mode = "none"; };
+    };
 
   };
 

modules/services/nextcloud.nix

@@ -146,10 +146,7 @@ in {
     systemd.services.litestream-s3 = {
       requiredBy = [ "litestream.service" ];
       before = [ "litestream.service" ];
-      serviceConfig = {
-        Type = "oneshot";
-        RemainAfterExit = true;
-      };
+      serviceConfig = { Type = "oneshot"; };
       script = ''
         echo \
           LITESTREAM_SECRET_ACCESS_KEY=$(${pkgs.age}/bin/age --decrypt \