netdata

hosts/nas/apps.nix

@@ -10,6 +10,8 @@
     ./apps/paperless-ai
     ./apps/traefik
     ../../modules
+
+    ./apps/netdata
   ];
 
   nas-apps = {

hosts/nas/apps/netdata/default.nix

@@ -0,0 +1,41 @@
+{ config, pkgs, ... }:
+{
+  services.netdata = {
+    enable = true;
+    # package = pkgs.netdataCloud;
+    package = pkgs.netdata.override {
+      withCloudUi = true;
+    };
+    configDir."python.d.conf" = pkgs.writeText "python.d.conf" ''
+      samba: yes
+    '';
+    # claimTokenFile = config.sops.secrets."jallen-nas/netdata-token".path;
+
+    config = {
+      # enable machine learning plugin
+      ml = {
+        "enabled" = "yes";
+      };
+
+      # enable samba plugin
+      plugins = {
+        "enable running new plugins" = "yes";
+        "ioping.plugin" = "yes";
+        "freeipmi.plugin" = "yes";
+        "perf.plugin" = "yes";
+      };
+    };
+  };
+
+  # add samba and sudo to path of python plugin
+  systemd.services.netdata.path = [  pkgs.samba "/run/wrappers" ];
+
+  # permit to run sudo smbstatus -P
+  security.sudo.extraConfig = ''
+    netdata ALL=(root) NOPASSWD: ${pkgs.samba}/bin/smbstatus
+  '';
+
+  # as documented here : https://github.com/netdata/netdata/blob/master/system/netdata.service.in
+  # review capabilityset above if other plugins are non functional
+  systemd.services.netdata.serviceConfig.CapabilityBoundingSet = ["CAP_SETGID"];
+}

hosts/nas/networking.nix

@@ -5,6 +5,7 @@ let
     9000 # authentik
     2342 # grafana
     51820 # wireguard
+    19999 # netdata
   ];
 in
 {

hosts/nas/sops.nix

@@ -65,6 +65,10 @@
     restartUnits = [ "open-webui.service" ];
   };
 
+  sops.secrets."jallen-nas/netdata-token" = {
+    restartUnits = [ "netdata.service" ];
+  };
+
   sops.secrets."jallen-nas/paperless/secret" = {
     restartUnits = [ "container@paperless.service" ];
   };