From 5f2a5ff7826f23954e29a4f5f8e6780f8c82afde Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Sat, 14 May 2022 20:21:12 +0200
Subject: [PATCH] core01: generalize monitoring, open up a wgmon for external
 nodes

---
 machines/core-services-01/monitoring.nix | 68 ++++++++++++++++++------
 1 file changed, 51 insertions(+), 17 deletions(-)

diff --git a/machines/core-services-01/monitoring.nix b/machines/core-services-01/monitoring.nix
index fca223d..5013b2c 100644
--- a/machines/core-services-01/monitoring.nix
+++ b/machines/core-services-01/monitoring.nix
@@ -1,11 +1,48 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 let
   my = config.my;
   realm = "ClubReseau";
+  mkChildNode = { uuid, allowFrom }: { ... }@options: ''
+    [${uuid}]
+      enabled = yes
+      default history = 10000
+      default memory mode = dbengine
+      health enabled by default = auto
+      allow from = ${allowFrom}
+  '';
+  testClusterHypervisors = lib.attrValues {
+    pve01 = {
+      uuid = "ff9a34ec-2bf4-4389-a01a-6e242424e675";
+      allowFrom = "fd85:27e8:0fc9::2";
+    };
+    pve02 = {
+      uuid = "ed393d76-e325-48c4-be90-3d7a1d3066ee";
+      allowFrom = "fd85:27e8:0fc9::3";
+    };
+    pve03 = {
+      uuid = "abeeab1f-d4f4-4ca7-aabb-54ff28031f82";
+      allowFrom = "fd85:27e8:0fc9::4";
+    };
+    pve04 = {
+      uuid = "ee0f7cec-86f8-4fa2-8258-f7bf4172eb4b";
+      allowFrom = "fd85:27e8:0fc9::5";
+    };
+  };
 in
 {
   services.netdata.enable = true;
 
+  networking.interfaces.wireguard.wgmon = {
+    ips = [ "fd85:27e8:0fc9::1/48" ];
+
+    listenPort = 51820;
+
+    privateKeyFile = "/etc/secrets/wgmon";
+    generatePrivateKeyFile = true;
+
+    peers = [];
+  };
+
   systemd.services.netdata.restartTriggers = map (v: config.environment.etc."netdata/${v}.conf".source) [
     "netdata"
     "stream"
@@ -27,22 +64,19 @@ in
     user = "netdata";
     group = "netdata";
     mode = "0600";
-    text = ''
-      # pve01 hypervisor
-      [e245097d-bf52-4f66-9c10-984e8d5ee178]
-        enabled = yes
-        default history = 10000
-        default memory mode = dbengine
-        health enabled by default = auto
-        allow from = 10.1.1.10
-      # public-cof server
-      [c48e6ef1-5cdf-408d-ae2f-86aadb14e3fe]
-        enabled = yes
-        default history = 10000
-        default memory mode = dbengine
-        health enabled by default = auto
-        allow from = 10.1.1.21
-    '';
+    text = (concatMapStrings map (cfg: mkChildNode cfg {})
+    [
+      # PVE01 hypervisor
+      {
+        uuid = "e245097d-bf52-4f66-9c10-984e8d5ee178";
+        allowFrom = "10.1.1.10";
+      }
+      # Public COF server
+      {
+        uuid = "c48e6ef1-5cdf-408d-ae2f-86aadb14e3fe";
+        allowFrom = "10.1.1.21";
+      }
+    ]; ++ testClusterHypervisors;
   };
 
   environment.etc."netdata/health_alarm_notify.conf" = {