{ config, lib, pkgs, ... }: { security.polkit.extraConfig = '' polkit.addRule(function(action, subject) { if ( subject.user == "telegraf" && action.id.indexOf("org.freedesktop.systemd1.") == 0 ) { return polkit.Result.YES; } }); ''; services.telegraf = { enable = true; extraConfig = { agent.quiet = true; outputs.prometheus_client = [ { listen = ":9273"; } ]; inputs = { cpu = [ { report_active = true; } ]; disk = [ { mount_points = lib.attrsets.mapAttrsToList (_: fs: fs.mountPoint) config.fileSystems; } ]; diskio = [ { skip_serial_number = false; } ]; kernel = [ { } ]; mem = [ { } ]; processes = [ { } ]; swap = [ { } ]; system = [ { } ]; internal = [ { } ]; # TODO: Enable # linux_cpu = [ { } ]; net = [ { ignore_protocol_stats = true; } ]; # TODO: Enable # sensors = [ { remove_numbers = false; } ]; smart = [ { } ]; # TODO: Enable # amd_rocm_smi = [ { } ]; systemd_units = [ { } ]; } // lib.attrsets.optionalAttrs config.virtualisation.podman.enable { docker = [ { endpoint = "unix:///var/run/podman/podman.sock"; perdevice = false; perdevice_include = [ "cpu" "blkio" "network" ]; } ]; } // lib.attrsets.optionalAttrs config.services.fail2ban.enable { fail2ban = [ { } ]; } // lib.attrsets.optionalAttrs (config.networking.wireguard.interfaces != { }) { wireguard = [ { } ]; }; }; }; systemd.services.telegraf = { path = with pkgs; [ dbus smartmontools # TODO: Enable # lm_sensors # rocmPackages.rocm-smi ] ++ lib.lists.optional config.services.fail2ban.enable fail2ban; environment = { DBUS_SYSTEM_BUS_ADDRESS = "unix:path=/var/run/dbus/system_bus_socket"; }; serviceConfig = { AmbientCapabilities = [ "CAP_NET_RAW" "CAP_SYS_RAWIO" ] ++ lib.lists.optional (config.networking.wireguard.interfaces != { }) "CAP_NET_ADMIN"; SupplementaryGroups = [ "disk" ] ++ lib.lists.optional config.virtualisation.podman.enable "podman" ++ lib.lists.optional config.services.fail2ban.enable "fail2ban"; }; }; }