mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

netdata

Browse Source
This commit is contained in:
mjallen18
2025-01-24 23:29:51 -06:00
parent f9377df790
commit e983e5b47c
6 changed files with 52 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/nas/apps.nix
View File

@@ -10,6 +10,8 @@
./apps/paperless-ai ./apps/paperless-ai
./apps/traefik ./apps/traefik
../../modules ../../modules
./apps/netdata
]; ];
nas-apps = { nas-apps = {

41
hosts/nas/apps/netdata/default.nix Normal file
View File

@@ -0,0 +1,41 @@
{ config, pkgs, ... }:
{
services.netdata = {
enable = true;
# package = pkgs.netdataCloud;
package = pkgs.netdata.override {
withCloudUi = true;
};
configDir."python.d.conf" = pkgs.writeText "python.d.conf" ''
samba: yes
'';
# claimTokenFile = config.sops.secrets."jallen-nas/netdata-token".path;
config = {
# enable machine learning plugin
ml = {
"enabled" = "yes";
};
# enable samba plugin
plugins = {
"enable running new plugins" = "yes";
"ioping.plugin" = "yes";
"freeipmi.plugin" = "yes";
"perf.plugin" = "yes";
};
};
};
# add samba and sudo to path of python plugin
systemd.services.netdata.path = [ pkgs.samba "/run/wrappers" ];
# permit to run sudo smbstatus -P
security.sudo.extraConfig = ''
netdata ALL=(root) NOPASSWD: ${pkgs.samba}/bin/smbstatus
'';
# as documented here : https://github.com/netdata/netdata/blob/master/system/netdata.service.in
# review capabilityset above if other plugins are non functional
systemd.services.netdata.serviceConfig.CapabilityBoundingSet = ["CAP_SETGID"];
}

1
hosts/nas/networking.nix
View File

@@ -5,6 +5,7 @@ let
9000 # authentik 9000 # authentik
2342 # grafana 2342 # grafana
51820 # wireguard 51820 # wireguard
19999 # netdata
]; ];
in in
{ {

4
hosts/nas/sops.nix
View File

@@ -65,6 +65,10 @@
restartUnits = [ "open-webui.service" ]; restartUnits = [ "open-webui.service" ];
}; };
sops.secrets."jallen-nas/netdata-token" = {
restartUnits = [ "netdata.service" ];
};
sops.secrets."jallen-nas/paperless/secret" = { sops.secrets."jallen-nas/paperless/secret" = {
restartUnits = [ "container@paperless.service" ]; restartUnits = [ "container@paperless.service" ];
}; };

1
modules/samba/default.nix
View File

@@ -65,6 +65,7 @@ in
"fruit:time machine" = if share.enableTimeMachine then "yes" else "no"; "fruit:time machine" = if share.enableTimeMachine then "yes" else "no";
"vfs objects" = "catia fruit streams_xattr"; "vfs objects" = "catia fruit streams_xattr";
"fruit:time machine max size" = share.timeMachineMaxSize; "fruit:time machine max size" = share.timeMachineMaxSize;
# "smbd profiling level" = "on";
}; };
in in
mapAttrs' make cfg.shares; mapAttrs' make cfg.shares;

5
secrets/secrets.yaml
View File

@@ -26,6 +26,7 @@ jallen-nas:
secret: ENC[AES256_GCM,data:qrwi13OLSM1Oww4pttfblrjvsdPR,iv:IITw2M6YfoSP3nECeUPWlhr56n7u03ivp8+fx5MDd54=,tag:4thPUaa2ueO95LOB5SiL6w==,type:str] secret: ENC[AES256_GCM,data:qrwi13OLSM1Oww4pttfblrjvsdPR,iv:IITw2M6YfoSP3nECeUPWlhr56n7u03ivp8+fx5MDd54=,tag:4thPUaa2ueO95LOB5SiL6w==,type:str]
authentik-client-id: ENC[AES256_GCM,data:8kHTmnT4kbxrN7Kyet1eu1KB+jA7bBx1Zs64cn5VZm0VjdSfYOwxxA==,iv:iTgsd9XWnRCQoBxj0QVjbIrSjPoYdnXv4lmn3qfllUA=,tag:CDAWMAOQ6X2sbu8RD8oiBw==,type:str] authentik-client-id: ENC[AES256_GCM,data:8kHTmnT4kbxrN7Kyet1eu1KB+jA7bBx1Zs64cn5VZm0VjdSfYOwxxA==,iv:iTgsd9XWnRCQoBxj0QVjbIrSjPoYdnXv4lmn3qfllUA=,tag:CDAWMAOQ6X2sbu8RD8oiBw==,type:str]
authentik-client-secret: ENC[AES256_GCM,data:WROqpqGQrZ8+Xy6v4dxABfqWs4lPDnl/OdsD2xvw5nqZ8mD66IJMx5eoS9UJ1aIOAr0bvQCUyMtC+xzSMcEORCmMoxT7qfg2rV6KZgRzDtRGt1loYdHECXpz1hGAc87YwiD8fVrEsuTAmlK8N6tmmfie5o6QakcFeoTpZSlAUJ0=,iv:fQg5itx52OIZeqBSylSbwtR7FD/8kF0YiDZ0jguIKus=,tag:yIm8q0PJQVDt7F4IIljbdg==,type:str] authentik-client-secret: ENC[AES256_GCM,data:WROqpqGQrZ8+Xy6v4dxABfqWs4lPDnl/OdsD2xvw5nqZ8mD66IJMx5eoS9UJ1aIOAr0bvQCUyMtC+xzSMcEORCmMoxT7qfg2rV6KZgRzDtRGt1loYdHECXpz1hGAc87YwiD8fVrEsuTAmlK8N6tmmfie5o6QakcFeoTpZSlAUJ0=,iv:fQg5itx52OIZeqBSylSbwtR7FD/8kF0YiDZ0jguIKus=,tag:yIm8q0PJQVDt7F4IIljbdg==,type:str]
netdata-token: ENC[AES256_GCM,data:kQiSTLxIztDoka5aa4/ymdp6Xyhc9VC2hwmr/afelGifjN7V7MgzhlMT6xfKoIQ+6RboH6kq50pS5A0AmY/ojog8QEP3k6zGjEsvlV3kNCGWvBU97L+7PH4okIApSYu+Hq996121rSOof+Pgk5mbG7Of5DZGeAJPXe9Dc9Z0cSLJrO6s6zCd,iv:0csCFa1XshbuGp0O3Kxs/NvQsJmadB091ZPSPAnuBL4=,tag:roTlcbeRwA/26G2GkhaaqA==,type:str]
wireguard: wireguard:
private: ENC[AES256_GCM,data:/nOkn5nMrEEeKi1ySo9fAp+r1lQL02k0FZA99hUIKq7THvVWNaQ/Z6paoJU=,iv:iCTfGSdjJ0wMwv/34dv2ygKSm3qAJq6czOErMaFqHtg=,tag:EJZzBlVB5FSvveo5MWtC1g==,type:str] private: ENC[AES256_GCM,data:/nOkn5nMrEEeKi1ySo9fAp+r1lQL02k0FZA99hUIKq7THvVWNaQ/Z6paoJU=,iv:iCTfGSdjJ0wMwv/34dv2ygKSm3qAJq6czOErMaFqHtg=,tag:EJZzBlVB5FSvveo5MWtC1g==,type:str]
public: ENC[AES256_GCM,data:rOmyhwpolxNV2JroLdh90gYAuCGNZu/gY5NBxkHHNJ+qEblmDsom9alNHMQ=,iv:bF+XCO9lPHopLCEILTT4gA349d/Sa5qReSKN70EA3d4=,tag:Yx2TL/37n5Uohlwnlx97vg==,type:str] public: ENC[AES256_GCM,data:rOmyhwpolxNV2JroLdh90gYAuCGNZu/gY5NBxkHHNJ+qEblmDsom9alNHMQ=,iv:bF+XCO9lPHopLCEILTT4gA349d/Sa5qReSKN70EA3d4=,tag:Yx2TL/37n5Uohlwnlx97vg==,type:str]
@@ -65,8 +66,8 @@ sops:
UGhsN2N0Mjl3UEJvUVlGRlJiN05WaUkKW37lU4G4CLTo6JoHC2OyhKsG/FuO+BiN UGhsN2N0Mjl3UEJvUVlGRlJiN05WaUkKW37lU4G4CLTo6JoHC2OyhKsG/FuO+BiN
pzlVJwzRnmAqwklRbc6RMbQLl2EQrp6KQcgYsUxCMH9OQ/9WJ98dxQ== pzlVJwzRnmAqwklRbc6RMbQLl2EQrp6KQcgYsUxCMH9OQ/9WJ98dxQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-22T23:41:50Z" lastmodified: "2025-01-25T05:08:43Z"
mac: ENC[AES256_GCM,data:Sim5O8dLkq4k4TTTqCSvtiPxUpIJKKhhBcUsQFPkvyaHfLriDawhDANFY9c2DZHIDN0pQJuQ8h/a3AsXqq+lfXAtOGQeMkrDaEG6L9rk22QPKpXcPlRfF940r1CUYY1bmjxSd6+8fIYJPyPE7svPzseIyPFfmM9vNZmOhyXmeJ4=,iv:v0UoG3iGWzZS46LctHKF+4cEw/6Er0NKOKJiIX8OD6Y=,tag:LUk7aUdbIjdX1w6aeu5h5A==,type:str] mac: ENC[AES256_GCM,data:TFwJdmF0M4s3etKYXZAsMsEqcn7pt2Z6wgxPnLOpukFCGpNBorVsSWiFa/0UbvpZ7QRzNIEucEGAk0rspgnk0t+1EDxsW/UqXmieoLIQy317UHI/PVPprG6HPH/PHPCyhp/U4ddM94lKbxnEgf4kQDmL8Hl90vSWQs+8hOoByUk=,iv:1MjcEx4InMaDFStTLLvb/e0vAWyXoVb24dh2XwHvg3A=,tag:ZQQsuON1DFFD4aRWD2GTyg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.3 version: 3.9.3