karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace telegraf with node exporter

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-04-19 17:57:34 +03:00
parent 3f1531fbd1
commit 1a445ab6fd
37 changed files with 3099 additions and 421 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/common/configs/system/boot/default.nix
View File

@@ -13,6 +13,5 @@
initrd.systemd.enable = true;
kernelPackages = pkgs.linuxPackages_latest;
supportedFilesystems = [ "btrfs" ];
};
}

5
hosts/common/configs/system/btrfs/default.nix
View File

@@ -1,5 +1,10 @@
{ pkgs, ... }:
{
boot = {
initrd.supportedFilesystems = [ "btrfs" ];
supportedFilesystems = [ "btrfs" ];
};
services.btrfs.autoScrub = {
enable = true;
interval = "weekly";

13
hosts/common/configs/system/impermanence/default.nix
View File

@@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}:
{ config, pkgs, ... }:
{
imports = [ ./options.nix ];
@@ -11,15 +6,15 @@
# https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/administration/systemd-state.section.md
# https://github.com/NixOS/nixpkgs/pull/286140/files
# https://git.eisfunke.com/config/nixos/-/blob/e65e1dc21d06d07b454005762b177ef151f8bfb6/nixos/machine-id.nix
sops.secrets."machineId".mode = "0444";
sops.secrets.machineId.mode = "0444";
fileSystems."/persist".neededForBoot = true;
environment = {
impermanence.enable = true;
etc."machine-id".source = pkgs.runCommandLocal "machine-id-link" { } ''
ln -s ${config.sops.secrets."machineId".path} $out
etc.machine-id.source = pkgs.runCommandLocal "machine-id-link" { } ''
ln -s ${config.sops.secrets.machineId.path} $out
'';
persistence = {

4
hosts/common/configs/system/nix/default.nix
View File

@@ -8,7 +8,7 @@
../../../../../secrets/personal/secrets.yaml;
};
templates."nix-access-tokens" = {
templates.nix-access-tokens = {
content = ''
access-tokens = github.com=${config.sops.placeholder."git/credentials/github.com/public/password"}
'';
@@ -33,7 +33,7 @@
registry.self.flake = inputs.self;
extraOptions = ''
!include ${config.sops.templates."nix-access-tokens".path}
!include ${config.sops.templates.nix-access-tokens.path}
'';
};
}

16
hosts/common/configs/system/sshd/default.nix
View File

@@ -1,13 +1,5 @@
{ ... }:
{
nixpkgs.overlays = [
(final: prev: {
fail2ban = prev.fail2ban.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [ ./remove-umask.patch ];
});
})
];
environment = {
enableAllTerminfo = true;
persistence."/persist/state"."/var/lib/fail2ban" = { };
@@ -32,12 +24,4 @@
};
};
};
systemd.services.fail2ban.serviceConfig = {
User = "root";
Group = "fail2ban";
UMask = "0117";
};
users.groups.fail2ban = { };
}

15
hosts/common/configs/system/sshd/remove-umask.patch
View File

@@ -1,15 +0,0 @@
diff --git a/fail2ban/server/server.py b/fail2ban/server/server.py
index e438c4ca..aeee4075 100644
--- a/fail2ban/server/server.py
+++ b/fail2ban/server/server.py
@@ -108,9 +108,7 @@ class Server:
signal.signal(s, new)
def start(self, sock, pidfile, force=False, observer=True, conf={}):
- # First set the mask to only allow access to owner
- os.umask(0o077)
- # Second daemonize before logging etc, because it will close all handles:
+ # Daemonize before logging etc, because it will close all handles:
if self.__daemon: # pragma: no cover
logSys.info("Starting in daemon mode")
ret = self.__createDaemon()

117
hosts/common/configs/system/telegraf/default.nix
View File

@@ -1,117 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (
subject.user == "telegraf"
&& action.id.indexOf("org.freedesktop.systemd1.") == 0
)
{ return polkit.Result.YES; }
});
'';
services.telegraf = {
enable = true;
extraConfig = {
agent.quiet = true;
outputs.prometheus_client = [ { listen = ":9273"; } ];
inputs =
{
cpu = [ { report_active = true; } ];
disk = [
{
mount_points = lib.attrsets.mapAttrsToList (_: fs: fs.mountPoint) config.fileSystems;
}
];
diskio = [ { skip_serial_number = false; } ];
kernel = [ { } ];
mem = [ { } ];
processes = [ { } ];
swap = [ { } ];
system = [ { } ];
internal = [ { } ];
# TODO: Enable
# linux_cpu = [ { } ];
net = [ { ignore_protocol_stats = true; } ];
# TODO: Enable
# sensors = [ { remove_numbers = false; } ];
smart = [ { } ];
# TODO: Enable
# amd_rocm_smi = [ { } ];
systemd_units = [ { } ];
}
// lib.attrsets.optionalAttrs config.virtualisation.podman.enable {
docker = [
{
endpoint = "unix:///var/run/podman/podman.sock";
perdevice = false;
perdevice_include = [
"cpu"
"blkio"
"network"
];
}
];
}
// lib.attrsets.optionalAttrs config.services.fail2ban.enable {
fail2ban = [ { } ];
}
// lib.attrsets.optionalAttrs (config.networking.wireguard.interfaces != { }) {
wireguard = [ { } ];
};
};
};
systemd.services.telegraf = {
path =
with pkgs;
[
dbus
smartmontools
# TODO: Enable
# lm_sensors
# rocmPackages.rocm-smi
]
++ lib.lists.optional config.services.fail2ban.enable fail2ban;
environment = {
DBUS_SYSTEM_BUS_ADDRESS = "unix:path=/var/run/dbus/system_bus_socket";
};
serviceConfig = {
AmbientCapabilities = [
"CAP_NET_RAW"
"CAP_SYS_RAWIO"
] ++ lib.lists.optional (config.networking.wireguard.interfaces != { }) "CAP_NET_ADMIN";
SupplementaryGroups =
[
"disk"
]
++ lib.lists.optional config.virtualisation.podman.enable "podman"
++ lib.lists.optional config.services.fail2ban.enable "fail2ban";
};
};
}

58
hosts/common/configs/user/console/telegraf/default.nix
View File

@@ -1,58 +0,0 @@
{
user ? throw "user argument is required",
home ? throw "home argument is required",
}:
{
config,
lib,
pkgs,
...
}:
let
port = 9273 + config.users.users.${user}.uid;
hmConfig = config.home-manager.users.${user};
in
{
home-manager.users.${user}.systemd.user.services.telegraf =
let
telegrafConfig = (pkgs.formats.toml { }).generate "config.toml" {
agent.quiet = true;
outputs.prometheus_client = [ { listen = ":${builtins.toString port}"; } ];
inputs =
{
systemd_units = [
{ scope = "user"; }
];
}
// lib.attrsets.optionalAttrs hmConfig.services.podman.enable {
docker = [
{
endpoint =
let
uid = builtins.toString config.users.users.${user}.uid;
in
"unix:///var/run/user/${uid}/podman/podman.sock";
perdevice = false;
perdevice_include = [
"cpu"
"blkio"
"network"
];
}
];
};
};
in
{
Unit.Description = "Telegraf Agent";
Install.WantedBy = [ "default.target" ];
Service = {
ExecStart = "${config.services.telegraf.package}/bin/telegraf -config ${telegrafConfig}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
};
};
}

24
hosts/common/configs/user/gui/firefox/default.nix
View File

@@ -38,14 +38,14 @@ in
EmailTracking = true;
};
FirefoxHome = {
"Locked" = true;
"Search" = true;
"TopSites" = true;
"SponsoredTopSites" = false;
"Highlights" = false;
"Pocket" = false;
"SponsoredPocket" = false;
"Snippets" = false;
Locked = true;
Search = true;
TopSites = true;
SponsoredTopSites = false;
Highlights = false;
Pocket = false;
SponsoredPocket = false;
Snippets = false;
};
NoDefaultBookmarks = true;
OfferToSaveLogins = false;
@@ -94,10 +94,10 @@ in
];
force = true;
engines = {
"google".metaData.alias = "@g";
"ddg".metaData.alias = "@d";
"wikipedia".metaData.alias = "@w";
"nix" = {
google.metaData.alias = "@g";
ddg.metaData.alias = "@d";
wikipedia.metaData.alias = "@w";
nix = {
urls = [
{
template = "https://mynixos.com/search";

110
hosts/common/configs/user/gui/obsidian/default.nix
View File

@@ -308,85 +308,85 @@ in
settings = {
"markerIconRules" = [
{
"ruleName" = "default";
"preset" = true;
"iconDetails" = {
"prefix" = "fas";
"icon" = "fa-circle";
"markerColor" = "blue";
ruleName = "default";
preset = true;
iconDetails = {
prefix = "fas";
icon = "fa-circle";
markerColor = "blue";
};
}
{
"ruleName" = "#restaurant";
"preset" = false;
"iconDetails" = {
"prefix" = "fas";
"icon" = "fa-utensils";
"markerColor" = "red";
ruleName = "#restaurant";
preset = false;
iconDetails = {
prefix = "fas";
icon = "fa-utensils";
markerColor = "red";
};
}
{
"ruleName" = "#bar";
"preset" = false;
"iconDetails" = {
"prefix" = "fas";
"icon" = "fa-martini-glass";
"markerColor" = "purple";
ruleName = "#bar";
preset = false;
iconDetails = {
prefix = "fas";
icon = "fa-martini-glass";
markerColor = "purple";
};
}
{
"ruleName" = "#coffee";
"preset" = false;
"iconDetails" = {
"prefix" = "fas";
"icon" = "fa-mug-hot";
"markerColor" = "purple";
ruleName = "#coffee";
preset = false;
iconDetails = {
prefix = "fas";
icon = "fa-mug-hot";
markerColor = "purple";
};
}
{
"ruleName" = "#culture";
"preset" = false;
"iconDetails" = {
"prefix" = "fas";
"icon" = "fa-building-columns";
"markerColor" = "black";
ruleName = "#culture";
preset = false;
iconDetails = {
prefix = "fas";
icon = "fa-building-columns";
markerColor = "black";
};
}
{
"ruleName" = "#shopping";
"preset" = false;
"iconDetails" = {
"prefix" = "fas";
"icon" = "fa-shopping-bag";
"markerColor" = "yellow";
ruleName = "#shopping";
preset = false;
iconDetails = {
prefix = "fas";
icon = "fa-shopping-bag";
markerColor = "yellow";
};
}
{
"ruleName" = "#entertainment";
"preset" = false;
"iconDetails" = {
"prefix" = "fas";
"icon" = "fa-microphone";
"markerColor" = "pink";
ruleName = "#entertainment";
preset = false;
iconDetails = {
prefix = "fas";
icon = "fa-microphone";
markerColor = "pink";
};
}
{
"ruleName" = "#nature";
"preset" = false;
"iconDetails" = {
"prefix" = "fas";
"icon" = "fa-tree";
"markerColor" = "green";
ruleName = "#nature";
preset = false;
iconDetails = {
prefix = "fas";
icon = "fa-tree";
markerColor = "green";
};
}
];
"searchProvider" = "google";
"geocodingApiMethod" = "path";
"geocodingApiPath" = hmConfig.sops.secrets."google/geocoding".path;
"useGooglePlaces" = true;
"letZoomBeyondMax" = true;
"showGeolinkPreview" = true;
"newNotePath" = "Inbox";
searchProvider = "google";
geocodingApiMethod = "path";
geocodingApiPath = hmConfig.sops.secrets."google/geocoding".path;
useGooglePlaces = true;
letZoomBeyondMax = true;
showGeolinkPreview = true;
newNotePath = "Inbox";
};
}
{

4
hosts/common/configs/user/gui/vscode/options.nix
View File

@@ -64,8 +64,8 @@ in
(lib.mkIf cfg.copilot.enable {
"github.copilot.enable" = {
"*" = true;
"plaintext" = true;
"markdown" = true;
plaintext = true;
markdown = true;
};
"chat.editing.alwaysSaveWithGeneratedChanges" = true;
})