diff --git a/flake.nix b/flake.nix index 6af08af..6639b67 100644 --- a/flake.nix +++ b/flake.nix @@ -27,6 +27,7 @@ ./modules/common.nix ./modules/users.nix ./modules/ssh.nix + ./modules/monitoring.nix ]; in { nixosConfigurations = { diff --git a/hosts/skydick/default.nix b/hosts/skydick/default.nix index 72ee6b5..c03bc35 100644 --- a/hosts/skydick/default.nix +++ b/hosts/skydick/default.nix @@ -237,5 +237,23 @@ linuxPackages_6_6.perf ]; + # ========================================================================== + # TELEGRAF MONITORING + # ========================================================================== + skyworks.monitoring = { + enable = true; + bucket = "skydick"; + netInterfaces = [ "bond0" ]; + smartDevices = [ + "/dev/disk/by-id/wwn-0x6000c500cab9587b0000000000000000 -d scsi" + "/dev/disk/by-id/wwn-0x6000c500caf746970000000000000000 -d scsi" + "/dev/disk/by-id/wwn-0x6000c500cb3613eb0000000000000000 -d scsi" + "/dev/disk/by-id/wwn-0x6000c500cb3957ab0000000000000000 -d scsi" + "/dev/disk/by-id/wwn-0x6000c500cb9dd2eb0000000000000000 -d scsi" + "/dev/disk/by-id/nvme-INTEL_SSDPE21K750GAC_PHKE0163008K750BGN -d nvme" + "/dev/disk/by-id/wwn-0x5002538e4099ad35 -d sat" + ]; + }; + system.stateVersion = "25.11"; } diff --git a/modules/monitoring.nix b/modules/monitoring.nix new file mode 100644 index 0000000..c453d61 --- /dev/null +++ b/modules/monitoring.nix @@ -0,0 +1,80 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.skyworks.monitoring; +in { + options.skyworks.monitoring = { + enable = lib.mkEnableOption "Telegraf monitoring to door1 InfluxDB"; + bucket = lib.mkOption { + type = lib.types.str; + description = "InfluxDB bucket name"; + }; + smartDevices = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "SMART device specs for Telegraf inputs.smart"; + }; + netInterfaces = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ "*" ]; + }; + }; + + config = lib.mkIf cfg.enable { + age.secrets.influxdb-token = { + file = ../secrets/influxdb-token.age; + owner = "telegraf"; + group = "telegraf"; + mode = "0400"; + }; + + systemd.services.telegraf.serviceConfig.EnvironmentFile = + config.age.secrets.influxdb-token.path; + + services.telegraf = { + enable = true; + extraConfig = { + agent = { + interval = "10s"; + round_interval = true; + metric_batch_size = 1000; + metric_buffer_limit = 10000; + flush_interval = "10s"; + hostname = config.networking.hostName; + }; + + outputs.influxdb_v2 = [{ + urls = [ "http://172.16.1.1:8086" ]; + token = "$INFLUX_TOKEN"; + organization = "door1"; + bucket = cfg.bucket; + }]; + + inputs = { + cpu = [{ percpu = true; totalcpu = true; }]; + mem = [{}]; + swap = [{}]; + system = [{}]; + kernel = [{}]; + disk = [{ ignore_fs = [ "tmpfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs" ]; }]; + diskio = [{ devices = [ "*" ]; }]; + net = [{ interfaces = cfg.netInterfaces; }]; + sensors = [{ timeout = "5s"; }]; + zfs = [{ poolMetrics = true; }]; + smart = [{ + interval = "6h"; + use_sudo = true; + attributes = true; + devices = cfg.smartDevices; + }]; + }; + }; + }; + + security.sudo.extraRules = lib.mkAfter [{ + users = [ "telegraf" ]; + commands = [ + { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } + ]; + }]; + }; +} diff --git a/secrets/influxdb-token.age b/secrets/influxdb-token.age new file mode 100644 index 0000000..147b09e --- /dev/null +++ b/secrets/influxdb-token.age Binary files differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 88f2618..72c410c 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -11,4 +11,5 @@ "xlab-wg-wgnet.age".publicKeys = [ admin xlab-gateway ]; "xlab-wg-wgnet-psk.age".publicKeys = [ admin xlab-gateway ]; "xlab-wg-warp.age".publicKeys = [ admin xlab-gateway ]; + "influxdb-token.age".publicKeys = [ admin skydick ]; }