2023-07-05 12:04:30 +02:00
|
|
|
{ config, pkgs, hostname, ... }: {
|
|
|
|
# Telegraf Monitoring
|
|
|
|
|
2023-07-06 06:23:15 +02:00
|
|
|
# Set up the secrets file for the token:
|
2023-07-05 12:47:56 +02:00
|
|
|
sops.secrets.telegraf-token = {
|
2023-07-05 12:04:30 +02:00
|
|
|
owner = "telegraf";
|
|
|
|
sopsFile = ../secrets/secrets.yaml;
|
|
|
|
restartUnits = [ "telegraf.service" ];
|
|
|
|
};
|
|
|
|
|
2023-07-06 06:23:15 +02:00
|
|
|
# Add telegraf to "wheel" to allow the use of sudo:
|
2023-07-06 05:36:04 +02:00
|
|
|
users.users.telegraf = {
|
2023-07-06 06:00:49 +02:00
|
|
|
extraGroups = [ "wheel" ];
|
2023-07-06 06:16:24 +02:00
|
|
|
isSystemUser = true;
|
2023-07-06 05:35:33 +02:00
|
|
|
};
|
|
|
|
|
2023-07-06 06:16:24 +02:00
|
|
|
# Allow the telegraf account to invoke sudo without a password
|
|
|
|
security.sudo.extraConfig = ''
|
2023-07-06 06:19:09 +02:00
|
|
|
Cmnd_Alias FAIL2BAN = /run/current-system/sw/bin/fail2ban-client status, /run/current-system/sw/bin/fail2ban-client status *
|
2023-07-06 06:16:24 +02:00
|
|
|
telegraf ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
|
|
|
|
Defaults!FAIL2BAN !logfile, !syslog, !pam_session
|
|
|
|
'';
|
|
|
|
|
2023-07-05 12:04:30 +02:00
|
|
|
# Install the package
|
|
|
|
environment.systemPackages = with pkgs; [
|
2023-07-05 12:55:15 +02:00
|
|
|
lm_sensors
|
2023-07-05 12:04:30 +02:00
|
|
|
telegraf
|
2023-07-05 14:26:30 +02:00
|
|
|
smartmontools
|
2023-07-06 07:13:15 +02:00
|
|
|
fail2ban
|
2023-07-05 12:04:30 +02:00
|
|
|
];
|
|
|
|
|
2023-07-05 14:24:39 +02:00
|
|
|
# Allow telegraf to talk to other executables it requires:
|
2023-07-05 14:04:12 +02:00
|
|
|
systemd.services.telegraf = {
|
2023-07-05 14:04:53 +02:00
|
|
|
path = with pkgs; [
|
2023-07-05 14:26:30 +02:00
|
|
|
lm_sensors # sensors
|
|
|
|
fail2ban # fail2ban-client
|
|
|
|
linuxPackages.nvidia_x11 # nvidia-smi
|
|
|
|
smartmontools # smartctl
|
2023-07-06 06:02:15 +02:00
|
|
|
sudo # sudo
|
2023-07-05 14:04:12 +02:00
|
|
|
];
|
|
|
|
};
|
2023-07-05 14:03:36 +02:00
|
|
|
|
2023-07-05 12:04:30 +02:00
|
|
|
# Configure the package:
|
|
|
|
services.telegraf = {
|
|
|
|
enable = true;
|
2023-07-05 12:52:22 +02:00
|
|
|
environmentFiles = [ /run/secrets/telegraf-token ];
|
2023-07-05 12:04:30 +02:00
|
|
|
extraConfig = {
|
2023-07-05 12:47:56 +02:00
|
|
|
outputs = {
|
|
|
|
influxdb_v2 = {
|
|
|
|
urls = [ "https://influx.sysctl.io/" ];
|
2023-07-05 12:53:01 +02:00
|
|
|
token = "$TELEGRAF_TOKEN";
|
2023-07-05 12:47:56 +02:00
|
|
|
organization = "default";
|
|
|
|
bucket = "telegrafdb";
|
2023-07-05 13:45:21 +02:00
|
|
|
http_headers = { Authorization = "Token $TELEGRAF_TOKEN"; };
|
2023-07-05 12:47:56 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
inputs = {
|
|
|
|
cpu = {
|
|
|
|
percpu = true;
|
|
|
|
totalcpu = true;
|
|
|
|
collect_cpu_time = false;
|
|
|
|
report_active = false;
|
|
|
|
};
|
2023-07-05 13:24:09 +02:00
|
|
|
disk = {
|
2023-07-05 13:30:54 +02:00
|
|
|
ignore_fs = ["tmpfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs"];
|
2023-07-05 13:24:09 +02:00
|
|
|
};
|
2023-07-05 12:47:56 +02:00
|
|
|
diskio = {};
|
|
|
|
kernel = {};
|
|
|
|
mem = {};
|
|
|
|
processes = {};
|
|
|
|
swap = {};
|
|
|
|
system = {};
|
2023-07-06 06:00:49 +02:00
|
|
|
fail2ban = {
|
|
|
|
use_sudo = true;
|
2023-07-06 07:20:28 +02:00
|
|
|
socket = "/var/run/fail2ban/fail2ban.sock";
|
2023-07-06 06:00:49 +02:00
|
|
|
};
|
2023-07-05 12:47:56 +02:00
|
|
|
intel_powerstat = {};
|
|
|
|
net = {};
|
|
|
|
nvidia_smi = {};
|
|
|
|
sensors = {};
|
|
|
|
smart = {
|
2023-07-05 12:54:39 +02:00
|
|
|
timeout = "30s";
|
2023-07-05 12:47:56 +02:00
|
|
|
};
|
|
|
|
temp = {};
|
|
|
|
wireless = {};
|
|
|
|
};
|
2023-07-05 12:04:30 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|