infrastructure/machines/public-cof/monitoring.nix

{ config, lib, pkgs, ... }:
{
  services.nginx.statusPage = true;

  services.netdata = {
    enable = true;
    config = {
      global."memory mode" = "none";
      web = {
        mode = "none";
        "accept a streaming request every seconds" = 0;
      };
    };
    python.extraPackages = ps: [
      ps.psycopg2
    ];
  };

  systemd.services.netdata.serviceConfig.SupplementaryGroups = [ "nginx" ];
  systemd.services.netdata.restartTriggers = map (v: config.environment.etc."netdata/${v}.conf".source) [
    "stream"
    "go.d/phpfpm"
    "go.d/nginx"
    "python.d/postgres"
  ];

  services.postgresql.settings = {
    shared_preload_libraries = "pg_stat_statements";
    track_activity_query_size = 2048;
    "pg_stat_statements.track" = "all";
  };

  services.postgresql.initialScript = pkgs.writeText "grant-pgmonitor-to-netdata" ''
    GRANT pg_monitor TO netdata;
  '';

  services.postgresql.ensureUsers = [
    { name = "netdata"; }
  ];

  environment.etc."netdata/python.d/postgres.conf" = {
    user = "netdata";
    group = "netdata";
    mode = "0600";
    text = builtins.toJSON (
      if config.services.postgresql.enable then 
      {
          name = "socket";
          user = "netdata";
          database = "postgres";
      }
      else {}
    );
  };

  environment.etc."netdata/go.d/phpfpm.conf" = {
    user = "netdata";
    group = "netdata";
    mode = "0600";
    text = builtins.toJSON {
      jobs = 
        map (pool: { name = "local_socket"; inherit (pool) socket; })
        (builtins.attrValues config.services.phpfpm.pools);
    };
  };

  environment.etc."netdata/go.d/nginx.conf" = {
    user = "netdata";
    group = "netdata";
    mode = "0600";
    text = builtins.toJSON {
      jobs = 
        if config.services.nginx.statusPage then [ { name = "local"; url = "http://localhost/nginx_status"; } ]
        else [];
    };
  };

  environment.etc."netdata/stream.conf" = {
    user = "netdata";
    group = "netdata";
    mode = "0600";
    text = ''
      [stream]
        enabled = yes
        destination = 10.1.1.20:19999
        api key = c48e6ef1-5cdf-408d-ae2f-86aadb14e3fe
    '';
  };
}