{ config, pkgs, ... }: let my = config.my; realm = "ClubReseau"; in { services.netdata.enable = true; systemd.services.netdata.restartTriggers = map (v: config.environment.etc."netdata/${v}.conf".source) [ "netdata" "stream" "health_alarm_notify" ]; environment.etc."netdata/netdata.conf" = { user = "netdata"; group = "netdata"; mode = "0600"; text = '' [global] page cache size = 32 dbengine multihost disk space = 8192 ''; }; environment.etc."netdata/stream.conf" = { user = "netdata"; group = "netdata"; mode = "0600"; text = '' # pve01 hypervisor [e245097d-bf52-4f66-9c10-984e8d5ee178] enabled = yes default history = 10000 default memory mode = dbengine health enabled by default = auto allow from = 10.1.1.10 # public-cof server [c48e6ef1-5cdf-408d-ae2f-86aadb14e3fe] enabled = yes default history = 10000 default memory mode = dbengine health enabled by default = auto allow from = 10.1.1.21 ''; }; environment.etc."netdata/health_alarm_notify.conf" = { user = "netdata"; group = "netdata"; mode = "0600"; text = '' # External tools nc="${pkgs.netcat}/bin/nc" # IRC configuration SEND_IRC="YES" DEFAULT_RECIPIENT_IRC="#réseau" IRC_NETWORK="ens.wtf" IRC_NICKNAME="core-services-01" IRC_REALNAME="KlubRZ Core Services 01" ''; }; services.oauth2_proxy = { enable = true; keyFile = config.age.secrets.oauth2ProxyKeyFile.path; provider = "keycloak"; email.domains = [ "*" ]; setXauthrequest = true; scope = "profile"; loginURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/auth"; redeemURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/token"; profileURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/userinfo"; validateURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/userinfo"; redirectURL = "https://monitoring.${my.subZone}/oauth2/callback"; reverseProxy = true; passHostHeader = true; nginx = { virtualHosts = [ "monitoring.${my.subZone}" ]; }; }; services.nginx = { enable = true; virtualHosts."monitoring.${my.subZone}" = { enableACME = true; forceSSL = true; locations."/".proxyPass = "http://localhost:19999"; }; }; # services.smartd = { # enable = true; # extraOptions = [ "-A /var/log/smartd/" ]; # For netdata # }; }