albert/nix
albert/nix
1
0
Fork 0
Code Issues Pull requests Activity Actions
nix/services/telegraf.nix

89 lines
2.3 KiB
Nix
Raw Normal View History

test
2023-07-05 19:04:30 +09:00
{ config, pkgs, hostname, ... }: {
# Telegraf Monitoring
Add fail2ban socket
2023-07-06 13:23:15 +09:00
# Set up the secrets file for the token:
Testing telegraf
2023-07-05 19:47:56 +09:00
sops.secrets.telegraf-token = {
test
2023-07-05 19:04:30 +09:00
owner = "telegraf";
sopsFile = ../secrets/secrets.yaml;
restartUnits = [ "telegraf.service" ];
};
Add fail2ban socket
2023-07-06 13:23:15 +09:00
# Add telegraf to "wheel" to allow the use of sudo:
test
2023-07-06 12:36:04 +09:00
users.users.telegraf = {
test
2023-07-06 15:01:30 +09:00
extraGroups = [ "root" ];
test
2023-07-06 13:16:24 +09:00
isSystemUser = true;
test
2023-07-06 12:35:33 +09:00
};
test
2023-07-06 13:16:24 +09:00
# Allow the telegraf account to invoke sudo without a password
security.sudo.extraConfig = ''
test
2023-07-06 13:19:09 +09:00
Cmnd_Alias FAIL2BAN = /run/current-system/sw/bin/fail2ban-client status, /run/current-system/sw/bin/fail2ban-client status *
test
2023-07-06 13:16:24 +09:00
telegraf ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
Defaults!FAIL2BAN !logfile, !syslog, !pam_session
'';
test
2023-07-05 19:04:30 +09:00
# Install the package
environment.systemPackages = with pkgs; [
test
2023-07-05 19:55:15 +09:00
lm_sensors
test
2023-07-05 19:04:30 +09:00
telegraf
test
2023-07-05 21:26:30 +09:00
smartmontools
Add fail2ban to telegraf
2023-07-06 14:13:15 +09:00
fail2ban
test
2023-07-05 19:04:30 +09:00
];
test
2023-07-05 21:24:39 +09:00
# Allow telegraf to talk to other executables it requires:
test
2023-07-05 21:04:12 +09:00
systemd.services.telegraf = {
test
2023-07-05 21:04:53 +09:00
path = with pkgs; [
test
2023-07-05 21:26:30 +09:00
lm_sensors # sensors
test
2023-07-06 14:54:53 +09:00
# fail2ban # fail2ban-client
test
2023-07-05 21:26:30 +09:00
linuxPackages.nvidia_x11 # nvidia-smi
smartmontools # smartctl
test
2023-07-06 13:02:15 +09:00
sudo # sudo
test
2023-07-05 21:04:12 +09:00
];
};
test
2023-07-05 21:03:36 +09:00
test
2023-07-05 19:04:30 +09:00
# Configure the package:
services.telegraf = {
enable = true;
test
2023-07-05 19:52:22 +09:00
environmentFiles = [ /run/secrets/telegraf-token ];
test
2023-07-05 19:04:30 +09:00
extraConfig = {
Testing telegraf
2023-07-05 19:47:56 +09:00
outputs = {
influxdb_v2 = {
urls = [ "https://influx.sysctl.io/" ];
test
2023-07-05 19:53:01 +09:00
token = "$TELEGRAF_TOKEN";
Testing telegraf
2023-07-05 19:47:56 +09:00
organization = "default";
bucket = "telegrafdb";
test
2023-07-05 20:45:21 +09:00
http_headers = { Authorization = "Token $TELEGRAF_TOKEN"; };
Testing telegraf
2023-07-05 19:47:56 +09:00
};
};
inputs = {
cpu = {
percpu = true;
totalcpu = true;
collect_cpu_time = false;
report_active = false;
};
test
2023-07-05 20:24:09 +09:00
disk = {
test
2023-07-05 20:30:54 +09:00
ignore_fs = ["tmpfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs"];
test
2023-07-05 20:24:09 +09:00
};
Testing telegraf
2023-07-05 19:47:56 +09:00
diskio = {};
kernel = {};
mem = {};
processes = {};
swap = {};
system = {};
test
2023-07-06 13:00:49 +09:00
fail2ban = {
test
2023-07-06 15:01:30 +09:00
# use_sudo = true;
test
2023-07-06 14:59:21 +09:00
socket = "/var/run/fail2ban/fail2ban.sock";
test
2023-07-06 13:00:49 +09:00
};
Testing telegraf
2023-07-05 19:47:56 +09:00
intel_powerstat = {};
net = {};
nvidia_smi = {};
sensors = {};
smart = {
SEMICOLONS!@
2023-07-05 19:54:39 +09:00
timeout = "30s";
Testing telegraf
2023-07-05 19:47:56 +09:00
};
temp = {};
wireless = {};
};
test
2023-07-05 19:04:30 +09:00
};
};
}
Reference in a new issue Copy permalink