nix/services/telegraf.nix

88 lines
2.3 KiB
Nix
Raw Normal View History

2023-07-05 12:04:30 +02:00
{ config, pkgs, hostname, ... }: {
# Telegraf Monitoring
2023-07-06 06:23:15 +02:00
# Set up the secrets file for the token:
2023-07-05 12:47:56 +02:00
sops.secrets.telegraf-token = {
2023-07-05 12:04:30 +02:00
owner = "telegraf";
sopsFile = ../secrets/secrets.yaml;
restartUnits = [ "telegraf.service" ];
};
2023-07-06 06:23:15 +02:00
# Add telegraf to "wheel" to allow the use of sudo:
2023-07-06 05:36:04 +02:00
users.users.telegraf = {
2023-07-06 08:01:30 +02:00
extraGroups = [ "root" ];
2023-07-06 06:16:24 +02:00
isSystemUser = true;
2023-07-06 05:35:33 +02:00
};
2023-07-06 06:16:24 +02:00
# Allow the telegraf account to invoke sudo without a password
security.sudo.extraConfig = ''
2023-07-06 06:19:09 +02:00
Cmnd_Alias FAIL2BAN = /run/current-system/sw/bin/fail2ban-client status, /run/current-system/sw/bin/fail2ban-client status *
2023-07-06 06:16:24 +02:00
telegraf ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
Defaults!FAIL2BAN !logfile, !syslog, !pam_session
'';
2023-07-05 12:04:30 +02:00
# Install the package
environment.systemPackages = with pkgs; [
2023-07-05 12:55:15 +02:00
lm_sensors
2023-07-05 12:04:30 +02:00
telegraf
2023-07-05 14:26:30 +02:00
smartmontools
2023-07-06 07:13:15 +02:00
fail2ban
2023-07-05 12:04:30 +02:00
];
2023-07-05 14:24:39 +02:00
# Allow telegraf to talk to other executables it requires:
2023-07-05 14:04:12 +02:00
systemd.services.telegraf = {
2023-07-05 14:04:53 +02:00
path = with pkgs; [
2023-07-05 14:26:30 +02:00
lm_sensors # sensors
2023-07-06 07:54:53 +02:00
# fail2ban # fail2ban-client
2023-07-05 14:26:30 +02:00
linuxPackages.nvidia_x11 # nvidia-smi
smartmontools # smartctl
2023-07-06 06:02:15 +02:00
sudo # sudo
2023-07-05 14:04:12 +02:00
];
};
2023-07-05 14:03:36 +02:00
2023-07-05 12:04:30 +02:00
# Configure the package:
services.telegraf = {
enable = true;
2023-07-05 12:52:22 +02:00
environmentFiles = [ /run/secrets/telegraf-token ];
2023-07-05 12:04:30 +02:00
extraConfig = {
2023-07-05 12:47:56 +02:00
outputs = {
influxdb_v2 = {
urls = [ "https://influx.sysctl.io/" ];
2023-07-05 12:53:01 +02:00
token = "$TELEGRAF_TOKEN";
2023-07-05 12:47:56 +02:00
organization = "default";
bucket = "telegrafdb";
2023-07-05 13:45:21 +02:00
http_headers = { Authorization = "Token $TELEGRAF_TOKEN"; };
2023-07-05 12:47:56 +02:00
};
};
inputs = {
cpu = {
percpu = true;
totalcpu = true;
collect_cpu_time = false;
report_active = false;
};
2023-07-05 13:24:09 +02:00
disk = {
2023-07-05 13:30:54 +02:00
ignore_fs = ["tmpfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs"];
2023-07-05 13:24:09 +02:00
};
2023-07-05 12:47:56 +02:00
diskio = {};
kernel = {};
mem = {};
processes = {};
swap = {};
system = {};
2023-07-06 06:00:49 +02:00
fail2ban = {
2023-07-06 08:01:30 +02:00
# use_sudo = true;
2023-07-06 06:00:49 +02:00
};
2023-07-05 12:47:56 +02:00
intel_powerstat = {};
net = {};
nvidia_smi = {};
sensors = {};
smart = {
2023-07-05 12:54:39 +02:00
timeout = "30s";
2023-07-05 12:47:56 +02:00
};
temp = {};
wireless = {};
};
2023-07-05 12:04:30 +02:00
};
};
}