aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2023-01-08 11:08:52 +0100
committerKarel Kočí <cynerd@email.cz>2023-01-08 11:08:52 +0100
commit99c357915697b9d800523b2252850c758e2aae1d (patch)
treed296b94d4f4532f412554ce52f414bc77df67fce
parente7abf8728a0fd0a77e6fa5803acd1b0c1e0682c6 (diff)
downloadnixos-personal-99c357915697b9d800523b2252850c758e2aae1d.tar.gz
nixos-personal-99c357915697b9d800523b2252850c758e2aae1d.tar.bz2
nixos-personal-99c357915697b9d800523b2252850c758e2aae1d.zip
nixos/monitoring: expand monitoring
-rw-r--r--flake.lock26
-rw-r--r--nixos/machine/mrpump.nix3
-rw-r--r--nixos/modules/desktop.nix2
-rw-r--r--nixos/modules/home-assistant.nix49
-rw-r--r--nixos/modules/hosts.nix2
-rw-r--r--nixos/modules/monitoring.nix61
-rwxr-xr-xtools/influxdb-monitoring.sh6
7 files changed, 114 insertions, 35 deletions
diff --git a/flake.lock b/flake.lock
index 9c7b894..80b48d2 100644
--- a/flake.lock
+++ b/flake.lock
@@ -93,11 +93,11 @@
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
- "lastModified": 1672695323,
- "narHash": "sha256-lNqpBa/77nbze8JhWtzeE9DgPy5Z8/JUlfbHHghx+G0=",
+ "lastModified": 1673071673,
+ "narHash": "sha256-yFr+MLbKqj2GH3I/J05vAMA9s7mdeUVAVRMvTTjw6zw=",
"owner": "NixOS",
"repo": "nix",
- "rev": "a75b7ba30f1e4f8b15e810fd18e63ee9552e0815",
+ "rev": "4e2b155d2346f1abeef7cf7ee8a076e884fba15d",
"type": "github"
},
"original": {
@@ -186,11 +186,11 @@
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1672683526,
- "narHash": "sha256-t0MENMO85gpsAWFy63WdPMsuBqeq+35lfwaccAfCFuE=",
+ "lastModified": 1673039641,
+ "narHash": "sha256-Bc9FVhyLxp2mX2SXr0N4Fj4St7o4yaYEXpd12etSNBY=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "e4c38ad4e69dc93c1366d576712f529585ec52ad",
+ "rev": "d9f73e41fd3c8e85b266bdb91cb7535600010798",
"type": "github"
},
"original": {
@@ -251,11 +251,11 @@
]
},
"locked": {
- "lastModified": 1671564570,
- "narHash": "sha256-Upy3xAZKU3FVu4acqyWSdn17JsWdwifIBLvjU4+3CQc=",
+ "lastModified": 1672861162,
+ "narHash": "sha256-0aiZdSkj0FGp7x2hW4/MhMsk/52BiUPFMUdpIiCTOD0=",
"owner": "cynerd",
"repo": "nixturris",
- "rev": "5b38cd01bb906f99deb762de4d13b1d569d9d994",
+ "rev": "64347b8b590096204f44b5ae0ef7e05837b9f233",
"type": "github"
},
"original": {
@@ -266,11 +266,11 @@
},
"personal-secret": {
"locked": {
- "lastModified": 1672431649,
- "narHash": "sha256-NQ5ExhJGZdTx8WW0gWqqaFaGoBKrtmMrQ2nvacoIVuI=",
+ "lastModified": 1673115364,
+ "narHash": "sha256-Iycxa2kd3O3SCjkbosTr70t3CtKrxqaGNYEqBrOAY54=",
"ref": "refs/heads/master",
- "rev": "26658654dc647a93ee33342364d4dc6cd97613c6",
- "revCount": 52,
+ "rev": "bbed897a2c4b851790425ca193957191654350e3",
+ "revCount": 54,
"type": "git",
"url": "ssh://git@cynerd.cz/nixos-personal-secret"
},
diff --git a/nixos/machine/mrpump.nix b/nixos/machine/mrpump.nix
index 5da00e4..0b322dc 100644
--- a/nixos/machine/mrpump.nix
+++ b/nixos/machine/mrpump.nix
@@ -33,6 +33,9 @@ with lib;
};
in {
+ # MrPump won't see Errol anyway
+ cynerd.hosts.enable = false;
+ cynerd.monitoring.enable = false;
# Docker for the gitlab runner
virtualisation.docker = {
diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix
index 1f3ab71..27beb04 100644
--- a/nixos/modules/desktop.nix
+++ b/nixos/modules/desktop.nix
@@ -23,8 +23,6 @@ in {
};
config = mkIf cnf.enable {
- cynerd.hosts.enable = true;
-
programs.sway.enable = true;
programs.sway.wrapperFeatures.gtk = true;
programs.sway.extraPackages = with pkgs; [
diff --git a/nixos/modules/home-assistant.nix b/nixos/modules/home-assistant.nix
index 80c76b3..e4f2232 100644
--- a/nixos/modules/home-assistant.nix
+++ b/nixos/modules/home-assistant.nix
@@ -26,6 +26,10 @@ in {
acl = ["readwrite bigclown/#"];
passwordFile = "/run/secrets/mosquitto.bigclown.pass";
};
+ telegraf = {
+ acl = ["read bigclown/node/#"];
+ passwordFile = "/run/secrets/mosquitto.telegraf.pass";
+ };
homeassistant = {
acl = [
"readwrite bigclown/#"
@@ -51,6 +55,7 @@ in {
};
};
mqtt2influxdb = {
+ # TODO remove as we have telegraf
enable = true;
environmentFile = "/run/secrets/bigclown.env";
mqtt = {
@@ -128,6 +133,50 @@ in {
serviceConfig.ExecStart = "${pkgs.bigclown-leds}/bin/bigclown-leds /run/secrets/bigclown-leds.ini";
};
+ services.telegraf.extraConfig = {
+ outputs.influxdb_v2 = [{
+ urls = ["http://errol:8086"];
+ token = "$INFLUX_TOKEN";
+ organization = "personal";
+ bucket = "bigclown";
+ tagpass.source = ["bigclown"];
+ }];
+ inputs.mqtt_consumer = let
+ consumer = data_type: topics: {
+ tags = { source = "bigclown"; };
+ servers = ["tcp://localhost:1883"];
+ topics = topics;
+ username = "telegraf";
+ password = "$MQTT_PASSWORD";
+ data_format = "value";
+ data_type = data_type;
+ topic_parsing = [{
+ topic = "bigclown/node/+/+/+/+";
+ measurement = "_/_/_/_/_/measurement";
+ tags = "_/_/device/field/_/_";
+ }];
+ };
+ in [
+ (consumer "float" [
+ "bigclown/node/+/battery/+/voltage"
+ "bigclown/node/+/thermometer/+/temperature"
+ "bigclown/node/+/hygrometer/+/relative-humidity"
+ "bigclown/node/+/lux-meter/+/illuminance"
+ "bigclown/node/+/barometer/+/pressure"
+ "bigclown/node/+/pir/+/event-count"
+ "bigclown/node/+/push-button/+/event-count"
+ ])
+ (consumer "boolean" [
+ "bigclown/node/+/flood-detector/+/alarm"
+ ])
+ ];
+ processors.pivot = [{
+ tag_key = "field";
+ value_key = "value";
+ tagpass.source = ["bigclown"];
+ }];
+ };
+
services.home-assistant = {
enable = false;
openFirewall = true;
diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix
index e307619..ca9daa1 100644
--- a/nixos/modules/hosts.nix
+++ b/nixos/modules/hosts.nix
@@ -17,7 +17,7 @@ in {
cynerd.hosts = {
enable = mkOption {
type = types.bool;
- default = false;
+ default = true;
description = "Use my personal static hosts";
};
vpn = staticZoneOption;
diff --git a/nixos/modules/monitoring.nix b/nixos/modules/monitoring.nix
index 1f011dd..abeba2d 100644
--- a/nixos/modules/monitoring.nix
+++ b/nixos/modules/monitoring.nix
@@ -30,6 +30,7 @@ in {
config = mkMerge [
{ cynerd.monitoring.host = "errol"; }
+
(mkIf cnf.enable {
# Telegraf configuration
services.telegraf = {
@@ -37,44 +38,63 @@ in {
environmentFiles = ["/run/secrets/telegraf.env"];
extraConfig = {
agent = {};
- outputs.influxdb_v2 = {
+ outputs.influxdb_v2 = [{
urls = ["http://errol:8086"];
token = "$INFLUX_TOKEN";
organization = "personal";
bucket = "monitoring";
- };
+ tagdrop.source = ["bigclown"]; # See home-assistant.nix
+ }];
inputs = {
- cpu = {
+ cpu = [{
percpu = true;
totalcpu = true;
- };
- disk = {
+ }];
+ mem = [{}];
+ swap = [{}];
+ disk = [{
ignore_fs = [
"tmpfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs"
];
- };
- diskio = {};
- diskio = {};
- mem = {};
- net = {};
- processes = {};
- swap = {};
- system = {};
+ }];
+ diskio = [{}];
+ net = [{}];
+ system = [{}];
+ processes = [{}];
+ systemd_units = [{}];
+ wireguard = [{}];
} // (optionalAttrs cnf.hw {
- sensors = {};
- smart = {};
+ sensors = [{}];
+ smart = [{
+ path_smartctl = "${pkgs.smartmontools}/bin/smartctl";
+ use_sudo = true;
+ }];
+ wireless = [{}];
});
};
};
- # TODO probably add this to the upstream configuration
systemd.services.telegraf.path = with pkgs; [
+ "/run/wrappers"
] ++ (optionals cnf.hw [
- nvme-cli lm_sensors smartmontools
+ lm_sensors smartmontools nvme-cli
]);
+ security.sudo.extraRules = [
+ {
+ users = ["telegraf"];
+ commands = [{
+ command = "${pkgs.smartmontools}/bin/smartctl";
+ options = ["NOPASSWD"];
+ }];
+ }
+ ];
})
+
(mkIf isHost {
# InfluxDB
services.influxdb2.enable = mkIf isHost true;
+ services.telegraf.extraConfig.inputs.prometheus = {
+ urls = ["http://localhost:8086/metrics"];
+ };
# Grafana
services.grafana = mkIf isHost {
enable = true;
@@ -84,9 +104,14 @@ in {
admin_user = "cynerd";
admin_password = "$__file{/run/secrets/grafana.admin.pass}";
};
+ server = {
+ http_addr = "";
+ http_port = 3000;
+ };
};
};
-
+ networking.firewall.allowedTCPPorts = [8086 3000];
})
+
];
}
diff --git a/tools/influxdb-monitoring.sh b/tools/influxdb-monitoring.sh
index 6488d4f..f83f792 100755
--- a/tools/influxdb-monitoring.sh
+++ b/tools/influxdb-monitoring.sh
@@ -3,11 +3,15 @@
# telemetries.
set -eu
+if ! command -v influx jq pass; then
+ exec nix shell 'nixpkgs#influxdb2' 'nixpkgs#jq' 'nixpkgs#pass' -c "$0" "$@"
+fi
+
cd "${0%/*}/.."
influx_args=(
# Warning: you might want to modify this when you move the InfluxDB host
- "--host" "http://ridcully:8086"
+ "--host" "http://errol:8086"
"--token" "$(pass 'nixos-secrets/influxdb/token/cynerd')"
)