92 lines
2.3 KiB
Nix
92 lines
2.3 KiB
Nix
{ config, pkgs, ... }:
|
|
let
|
|
my = config.my;
|
|
realm = "ClubReseau";
|
|
in
|
|
{
|
|
services.netdata.enable = true;
|
|
|
|
systemd.services.netdata.restartTriggers = map (v: config.environment.etc."netdata/${v}.conf".source) [
|
|
"netdata"
|
|
"stream"
|
|
"health_alarm_notify"
|
|
];
|
|
|
|
environment.etc."netdata/netdata.conf" = {
|
|
user = "netdata";
|
|
group = "netdata";
|
|
mode = "0600";
|
|
text = ''
|
|
[global]
|
|
page cache size = 32
|
|
dbengine multihost disk space = 4096
|
|
'';
|
|
};
|
|
|
|
environment.etc."netdata/stream.conf" = {
|
|
user = "netdata";
|
|
group = "netdata";
|
|
mode = "0600";
|
|
text = ''
|
|
[e245097d-bf52-4f66-9c10-984e8d5ee178]
|
|
enabled = yes
|
|
default history = 5000
|
|
default memory mode = dbengine
|
|
health enabled by default = auto
|
|
allow from = 10.1.1.10
|
|
'';
|
|
};
|
|
|
|
environment.etc."netdata/health_alarm_notify.conf" = {
|
|
user = "netdata";
|
|
group = "netdata";
|
|
mode = "0600";
|
|
text = ''
|
|
# External tools
|
|
nc="${pkgs.netcat}/bin/nc"
|
|
|
|
# IRC configuration
|
|
SEND_IRC="YES"
|
|
DEFAULT_RECIPIENT_IRC="#réseau"
|
|
IRC_NETWORK="ens.wtf"
|
|
IRC_NICKNAME="core-services-01"
|
|
IRC_REALNAME="KlubRZ Core Services 01"
|
|
'';
|
|
};
|
|
|
|
services.oauth2_proxy = {
|
|
enable = true;
|
|
keyFile = config.age.secrets.oauth2ProxyKeyFile.path;
|
|
provider = "keycloak";
|
|
email.domains = [ "*" ];
|
|
setXauthrequest = true;
|
|
scope = "profile";
|
|
loginURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/auth";
|
|
redeemURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/token";
|
|
profileURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/userinfo";
|
|
validateURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/userinfo";
|
|
redirectURL = "https://monitoring.${my.subZone}/oauth2/callback";
|
|
reverseProxy = true;
|
|
passHostHeader = true;
|
|
|
|
nginx = {
|
|
virtualHosts = [ "monitoring.${my.subZone}" ];
|
|
};
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
virtualHosts."monitoring.${my.subZone}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/".proxyPass = "http://localhost:19999";
|
|
};
|
|
};
|
|
|
|
# services.smartd = {
|
|
# enable = true;
|
|
# extraOptions = [ "-A /var/log/smartd/" ]; # For netdata
|
|
# };
|
|
}
|