Add grafana

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-04-07 21:51:34 +01:00
parent b3dd72de22
commit dc5a91ebf7
14 changed files with 533 additions and 9 deletions
--- a/hosts/common/configs/system/telegraf/default.nix
+++ b/hosts/common/configs/system/telegraf/default.nix
@@ -0,0 +1,117 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  security.polkit.extraConfig = ''
+    polkit.addRule(function(action, subject) {
+      if (
+        subject.user == "telegraf"
+        && action.id.indexOf("org.freedesktop.systemd1.") == 0
+        )
+          { return polkit.Result.YES; }
+    });
+  '';
+
+  services.telegraf = {
+    enable = true;
+
+    extraConfig = {
+      agent.quiet = true;
+
+      outputs.prometheus_client = [ { listen = ":9273"; } ];
+
+      inputs =
+        {
+          cpu = [ { report_active = true; } ];
+
+          disk = [
+            {
+              mount_points = lib.attrsets.mapAttrsToList (_: fs: fs.mountPoint) config.fileSystems;
+            }
+          ];
+
+          diskio = [ { skip_serial_number = false; } ];
+
+          kernel = [ { } ];
+
+          mem = [ { } ];
+
+          processes = [ { } ];
+
+          swap = [ { } ];
+
+          system = [ { } ];
+
+          internal = [ { } ];
+
+          # TODO: Enable
+          # linux_cpu = [ { } ];
+
+          net = [ { ignore_protocol_stats = true; } ];
+
+          # TODO: Enable
+          # sensors = [ { remove_numbers = false; } ];
+
+          smart = [ { } ];
+
+          # TODO: Enable
+          # amd_rocm_smi = [ { } ];
+
+          systemd_units = [ { } ];
+        }
+        // lib.attrsets.optionalAttrs config.virtualisation.podman.enable {
+          docker = [
+            {
+              endpoint = "unix:///var/run/podman/podman.sock";
+              perdevice = false;
+              perdevice_include = [
+                "cpu"
+                "blkio"
+                "network"
+              ];
+            }
+          ];
+        }
+        // lib.attrsets.optionalAttrs config.services.fail2ban.enable {
+          fail2ban = [ { } ];
+        }
+        // lib.attrsets.optionalAttrs (config.networking.wireguard.interfaces != { }) {
+          wireguard = [ { } ];
+        };
+    };
+  };
+
+  systemd.services.telegraf = {
+    path =
+      with pkgs;
+      [
+        dbus
+        smartmontools
+        # TODO: Enable
+        # lm_sensors
+        # rocmPackages.rocm-smi
+      ]
+      ++ lib.lists.optional config.services.fail2ban.enable fail2ban;
+
+    environment = {
+      DBUS_SYSTEM_BUS_ADDRESS = "unix:path=/var/run/dbus/system_bus_socket";
+    };
+
+    serviceConfig = {
+      AmbientCapabilities = [
+        "CAP_NET_RAW"
+        "CAP_SYS_RAWIO"
+      ] ++ lib.lists.optional (config.networking.wireguard.interfaces != { }) "CAP_NET_ADMIN";
+
+      SupplementaryGroups =
+        [
+          "disk"
+        ]
+        ++ lib.lists.optional config.virtualisation.podman.enable "podman"
+        ++ lib.lists.optional config.services.fail2ban.enable "fail2ban";
+    };
+  };
+}