nixos/monitoring: expand monitoring

7 files changed, 114 insertions, 35 deletions

diff --git a/flake.lock b/flake.lock
index 9c7b894..80b48d2 100644
--- a/flake.lock
+++ b/flake.lock
@@ -93,11 +93,11 @@
         "nixpkgs-regression": "nixpkgs-regression"
       },
       "locked": {
-        "lastModified": 1672695323,
-        "narHash": "sha256-lNqpBa/77nbze8JhWtzeE9DgPy5Z8/JUlfbHHghx+G0=",
+        "lastModified": 1673071673,
+        "narHash": "sha256-yFr+MLbKqj2GH3I/J05vAMA9s7mdeUVAVRMvTTjw6zw=",
         "owner": "NixOS",
         "repo": "nix",
-        "rev": "a75b7ba30f1e4f8b15e810fd18e63ee9552e0815",
+        "rev": "4e2b155d2346f1abeef7cf7ee8a076e884fba15d",
         "type": "github"
       },
       "original": {
@@ -186,11 +186,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1672683526,
-        "narHash": "sha256-t0MENMO85gpsAWFy63WdPMsuBqeq+35lfwaccAfCFuE=",
+        "lastModified": 1673039641,
+        "narHash": "sha256-Bc9FVhyLxp2mX2SXr0N4Fj4St7o4yaYEXpd12etSNBY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e4c38ad4e69dc93c1366d576712f529585ec52ad",
+        "rev": "d9f73e41fd3c8e85b266bdb91cb7535600010798",
         "type": "github"
       },
       "original": {
@@ -251,11 +251,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1671564570,
-        "narHash": "sha256-Upy3xAZKU3FVu4acqyWSdn17JsWdwifIBLvjU4+3CQc=",
+        "lastModified": 1672861162,
+        "narHash": "sha256-0aiZdSkj0FGp7x2hW4/MhMsk/52BiUPFMUdpIiCTOD0=",
         "owner": "cynerd",
         "repo": "nixturris",
-        "rev": "5b38cd01bb906f99deb762de4d13b1d569d9d994",
+        "rev": "64347b8b590096204f44b5ae0ef7e05837b9f233",
         "type": "github"
       },
       "original": {
@@ -266,11 +266,11 @@
     },
     "personal-secret": {
       "locked": {
-        "lastModified": 1672431649,
-        "narHash": "sha256-NQ5ExhJGZdTx8WW0gWqqaFaGoBKrtmMrQ2nvacoIVuI=",
+        "lastModified": 1673115364,
+        "narHash": "sha256-Iycxa2kd3O3SCjkbosTr70t3CtKrxqaGNYEqBrOAY54=",
         "ref": "refs/heads/master",
-        "rev": "26658654dc647a93ee33342364d4dc6cd97613c6",
-        "revCount": 52,
+        "rev": "bbed897a2c4b851790425ca193957191654350e3",
+        "revCount": 54,
         "type": "git",
         "url": "ssh://git@cynerd.cz/nixos-personal-secret"
       },
diff --git a/nixos/machine/mrpump.nix b/nixos/machine/mrpump.nix
index 5da00e4..0b322dc 100644
--- a/nixos/machine/mrpump.nix
+++ b/nixos/machine/mrpump.nix
@@ -33,6 +33,9 @@ with lib;
     };
 
   in {
+    # MrPump won't see Errol anyway
+    cynerd.hosts.enable = false;
+    cynerd.monitoring.enable = false;
 
     # Docker for the gitlab runner
     virtualisation.docker = {
diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix
index 1f3ab71..27beb04 100644
--- a/nixos/modules/desktop.nix
+++ b/nixos/modules/desktop.nix
@@ -23,8 +23,6 @@ in {
   };
 
   config = mkIf cnf.enable {
-    cynerd.hosts.enable = true;
-
     programs.sway.enable = true;
     programs.sway.wrapperFeatures.gtk = true;
     programs.sway.extraPackages = with pkgs; [
diff --git a/nixos/modules/home-assistant.nix b/nixos/modules/home-assistant.nix
index 80c76b3..e4f2232 100644
--- a/nixos/modules/home-assistant.nix
+++ b/nixos/modules/home-assistant.nix
@@ -26,6 +26,10 @@ in {
               acl = ["readwrite bigclown/#"];
               passwordFile = "/run/secrets/mosquitto.bigclown.pass";
             };
+            telegraf = {
+              acl = ["read bigclown/node/#"];
+              passwordFile = "/run/secrets/mosquitto.telegraf.pass";
+            };
             homeassistant = {
               acl = [
                 "readwrite bigclown/#"
@@ -51,6 +55,7 @@ in {
         };
       };
       mqtt2influxdb = {
+        # TODO remove as we have telegraf
         enable = true;
         environmentFile = "/run/secrets/bigclown.env";
         mqtt = {
@@ -128,6 +133,50 @@ in {
       serviceConfig.ExecStart = "${pkgs.bigclown-leds}/bin/bigclown-leds /run/secrets/bigclown-leds.ini";
     };
 
+    services.telegraf.extraConfig = {
+      outputs.influxdb_v2 = [{
+        urls = ["http://errol:8086"];
+        token = "$INFLUX_TOKEN";
+        organization = "personal";
+        bucket = "bigclown";
+        tagpass.source = ["bigclown"];
+      }];
+      inputs.mqtt_consumer = let
+        consumer = data_type: topics: {
+          tags = { source = "bigclown"; };
+          servers = ["tcp://localhost:1883"];
+          topics = topics;
+          username = "telegraf";
+          password = "$MQTT_PASSWORD";
+          data_format = "value";
+          data_type = data_type;
+          topic_parsing = [{
+            topic = "bigclown/node/+/+/+/+";
+            measurement = "_/_/_/_/_/measurement";
+            tags = "_/_/device/field/_/_";
+          }];
+        };
+      in [
+        (consumer "float" [
+          "bigclown/node/+/battery/+/voltage"
+          "bigclown/node/+/thermometer/+/temperature"
+          "bigclown/node/+/hygrometer/+/relative-humidity"
+          "bigclown/node/+/lux-meter/+/illuminance"
+          "bigclown/node/+/barometer/+/pressure"
+          "bigclown/node/+/pir/+/event-count"
+          "bigclown/node/+/push-button/+/event-count"
+        ])
+        (consumer "boolean" [
+          "bigclown/node/+/flood-detector/+/alarm"
+        ])
+      ];
+      processors.pivot = [{
+        tag_key = "field";
+        value_key = "value";
+        tagpass.source = ["bigclown"];
+      }];
+    };
+
     services.home-assistant = {
       enable = false;
       openFirewall = true;
diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix
index e307619..ca9daa1 100644
--- a/nixos/modules/hosts.nix
+++ b/nixos/modules/hosts.nix
@@ -17,7 +17,7 @@ in {
     cynerd.hosts = {
       enable = mkOption {
         type = types.bool;
-        default = false;
+        default = true;
         description = "Use my personal static hosts";
       };
       vpn = staticZoneOption;
diff --git a/nixos/modules/monitoring.nix b/nixos/modules/monitoring.nix
index 1f011dd..abeba2d 100644
--- a/nixos/modules/monitoring.nix
+++ b/nixos/modules/monitoring.nix
@@ -30,6 +30,7 @@ in {
 
   config = mkMerge [
     { cynerd.monitoring.host = "errol"; }
+
     (mkIf cnf.enable {
       # Telegraf configuration
       services.telegraf = {
@@ -37,44 +38,63 @@ in {
         environmentFiles = ["/run/secrets/telegraf.env"];
         extraConfig = {
           agent = {};
-          outputs.influxdb_v2 = {
+          outputs.influxdb_v2 = [{
             urls = ["http://errol:8086"];
             token = "$INFLUX_TOKEN";
             organization = "personal";
             bucket = "monitoring";
-          };
+            tagdrop.source = ["bigclown"]; # See home-assistant.nix
+          }];
           inputs = {
-            cpu = {
+            cpu = [{
               percpu = true;
               totalcpu = true;
-            };
-            disk = {
+            }];
+            mem = [{}];
+            swap = [{}];
+            disk = [{
               ignore_fs = [
                 "tmpfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs"
               ];
-            };
-            diskio = {};
-            diskio = {};
-            mem = {};
-            net = {};
-            processes = {};
-            swap = {};
-            system = {};
+            }];
+            diskio = [{}];
+            net = [{}];
+            system = [{}];
+            processes = [{}];
+            systemd_units = [{}];
+            wireguard = [{}];
           } // (optionalAttrs cnf.hw {
-            sensors = {};
-            smart = {};
+            sensors = [{}];
+            smart = [{
+              path_smartctl = "${pkgs.smartmontools}/bin/smartctl";
+              use_sudo = true;
+            }];
+            wireless = [{}];
           });
         };
       };
-      # TODO probably add this to the upstream configuration
       systemd.services.telegraf.path = with pkgs; [
+        "/run/wrappers"
       ] ++ (optionals cnf.hw [
-        nvme-cli lm_sensors smartmontools
+        lm_sensors smartmontools nvme-cli
       ]);
+      security.sudo.extraRules = [
+        {
+          users = ["telegraf"];
+          commands = [{
+            command = "${pkgs.smartmontools}/bin/smartctl";
+            options = ["NOPASSWD"];
+          }];
+        }
+      ];
     })
+
     (mkIf isHost {
       # InfluxDB
       services.influxdb2.enable = mkIf isHost true;
+      services.telegraf.extraConfig.inputs.prometheus = {
+        urls = ["http://localhost:8086/metrics"];
+      };
       # Grafana
       services.grafana = mkIf isHost {
         enable = true;
@@ -84,9 +104,14 @@ in {
             admin_user = "cynerd";
             admin_password = "$__file{/run/secrets/grafana.admin.pass}";
           };
+          server = {
+            http_addr = "";
+            http_port = 3000;
+          };
         };
       };
-
+      networking.firewall.allowedTCPPorts = [8086 3000];
     })
+
   ];
 }
diff --git a/tools/influxdb-monitoring.sh b/tools/influxdb-monitoring.sh
index 6488d4f..f83f792 100755
--- a/tools/influxdb-monitoring.sh
+++ b/tools/influxdb-monitoring.sh
@@ -3,11 +3,15 @@
 # telemetries.
 set -eu
 
+if ! command -v influx jq pass; then
+	exec nix shell 'nixpkgs#influxdb2' 'nixpkgs#jq' 'nixpkgs#pass' -c "$0" "$@"
+fi
+
 cd "${0%/*}/.."
 
 influx_args=(
 	# Warning: you might want to modify this when you move the InfluxDB host
-	"--host" "http://ridcully:8086"
+	"--host" "http://errol:8086"
 	"--token" "$(pass 'nixos-secrets/influxdb/token/cynerd')"
 )