From 2066940c77c537fb80f9434915326e90eec01013 Mon Sep 17 00:00:00 2001 From: soraefir Date: Sat, 6 Jun 2026 00:34:26 +0200 Subject: [PATCH] add telegraf --- modules/nixos/tools/default.nix | 62 +---------- modules/nixos/tools/telegraf/default.nix | 129 +++++++++++++++++++++++ modules/shared/sops/default.nix | 3 + modules/shared/syscfg/default.nix | 4 + modules/shared/syscfg/monitoring.nix | 54 ++++++++++ systems/sandbox/cfg.nix | 25 +++++ 6 files changed, 216 insertions(+), 61 deletions(-) create mode 100644 modules/nixos/tools/telegraf/default.nix create mode 100644 modules/shared/syscfg/monitoring.nix diff --git a/modules/nixos/tools/default.nix b/modules/nixos/tools/default.nix index 0dd7a5f..d93bfd9 100644 --- a/modules/nixos/tools/default.nix +++ b/modules/nixos/tools/default.nix @@ -1,64 +1,4 @@ { pkgs, ... }: { - imports = [ ./debug ./develop ]; + imports = [ ./debug ./develop ./telegraf ]; - # services.telegraf = { - # enable = true; - # extraConfig = { - # agent = { - # interval = "10s"; - # round_interval = true; - # metric_batch_size = 1000; - # metric_buffer_limit = 10000; - # collection_jitter = "0s"; - # flush_interval = "10s"; - # flush_jitter = "0s"; - # precision = ""; - # hostname = "valinor"; - # omit_hostname = false; - # }; - - # inputs.cpu = { - # percpu = true; - # totalcpu = true; - # collect_cpu_time = false; - # report_active = false; - # }; - - # inputs.mem = {}; - # inputs.swap = {}; - # inputs.system = {}; - # inputs.disk = { - # ignore_fs = ["tmpfs" "devtmpfs" "devfs"]; - # }; - - # inputs.net = {}; - # inputs.netstat = {}; - - # inputs.ping = { - # urls = ["8.8.8.8" "8.8.4.4"]; - # count = 4; - # interval = "60s"; - # binary = "${pkgs.iputils.out}/bin/ping"; - # }; - - # inputs.internet_speed = { - # interval = "2m"; - # }; - - # inputs.net_response = { - # protocol = "tcp"; - # address = "google.com:80"; - # timeout = "5s"; - # read_timeout = "5s"; - # interval = "30s"; - # }; - - # outputs.influxdb_v2 = { - # urls = [""]; - # token = ""; - # organization = ""; - # bucket = ""; - # }; - # }; - # }; } diff --git a/modules/nixos/tools/telegraf/default.nix b/modules/nixos/tools/telegraf/default.nix new file mode 100644 index 0000000..5d361b5 --- /dev/null +++ b/modules/nixos/tools/telegraf/default.nix @@ -0,0 +1,129 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.syscfg.monitoring.telegraf; + hasCollector = name: builtins.elem name cfg.collectors; + influxCfg = cfg.outputs.influxdb_v3; + telegrafEnvFiles = + lib.optional (influxCfg.secretName != null) "/run/secrets/${influxCfg.secretName}"; + dockerGroups = + lib.optionals (cfg.enable && hasCollector "docker" && config.virtualisation.podman.enable) [ "podman" ] + ++ lib.optionals (cfg.enable && hasCollector "docker" && config.virtualisation.docker.enable) [ "docker" ]; + baseConfig = { + agent = { + interval = "10s"; + round_interval = true; + metric_batch_size = 1000; + metric_buffer_limit = 10000; + flush_interval = "10s"; + hostname = config.syscfg.hostname; + omit_hostname = false; + }; + global_tags = { + host = config.syscfg.hostname; + }; + }; + inputsConfig = lib.mkMerge [ + (lib.mkIf (hasCollector "cpu") { + inputs.cpu = { + percpu = true; + totalcpu = true; + collect_cpu_time = false; + report_active = false; + }; + }) + (lib.mkIf (hasCollector "mem") { + inputs.mem = { }; + }) + (lib.mkIf (hasCollector "swap") { + inputs.swap = { }; + }) + (lib.mkIf (hasCollector "system") { + inputs.system = { }; + }) + (lib.mkIf (hasCollector "disk") { + inputs.disk = { + ignore_fs = [ "tmpfs" "devtmpfs" "devfs" "overlay" "squashfs" ]; + }; + }) + (lib.mkIf (hasCollector "diskio") { + inputs.diskio = { }; + }) + (lib.mkIf (hasCollector "kernel") { + inputs.kernel = { }; + }) + (lib.mkIf (hasCollector "net") { + inputs.net = { }; + }) + (lib.mkIf (hasCollector "netstat") { + inputs.netstat = { }; + }) + (lib.mkIf (hasCollector "processes") { + inputs.processes = { }; + }) + (lib.mkIf (hasCollector "temp") { + inputs.temp = { }; + }) + (lib.mkIf (hasCollector "mdstat") { + inputs.mdstat = { }; + }) + (lib.mkIf (hasCollector "smart") { + inputs.smart = { + use_sudo = true; + attributes = true; + }; + }) + (lib.mkIf (hasCollector "docker") { + inputs.docker = { + endpoint = "unix:///var/run/docker.sock"; + timeout = "5s"; + perdevice = true; + total = false; + }; + }) + (lib.mkIf (hasCollector "ping") { + inputs.ping = { + urls = [ "1.1.1.1" ]; + count = 4; + interval = "60s"; + timeout = 5.0; + binary = "${pkgs.iputils}/bin/ping"; + }; + }) + ]; + outputsConfig = lib.mkMerge [{ + outputs.influxdb_v3 = { + urls = influxCfg.urls; + token = influxCfg.token; + database = influxCfg.database or "telegraf"; + }; + } + ]; +in { + config = lib.mkIf cfg.enable { + services.telegraf = { + enable = true; + environmentFiles = telegrafEnvFiles; + extraConfig = lib.mkMerge [ + baseConfig + inputsConfig + outputsConfig + cfg.extraConfig + ]; + }; + + users.users.telegraf.extraGroups = dockerGroups; + + systemd.services.telegraf = { + path = lib.optionals (hasCollector "smart") [ pkgs.smartmontools ]; + serviceConfig.SupplementaryGroups = dockerGroups; + }; + + security.sudo.extraRules = lib.optionals (hasCollector "smart") [{ + users = [ "telegraf" ]; + commands = [{ + command = "${pkgs.smartmontools}/bin/smartctl"; + options = [ "NOPASSWD" ]; + }]; + }]; + }; +} diff --git a/modules/shared/sops/default.nix b/modules/shared/sops/default.nix index b30caf6..6d3c7d0 100755 --- a/modules/shared/sops/default.nix +++ b/modules/shared/sops/default.nix @@ -23,6 +23,9 @@ in { group = config.users.users.${config.syscfg.defaultUser}.group; }; "${config.syscfg.hostname}_wg_priv" = { }; + telegraf = { + mode = "0400"; + }; } ]; } diff --git a/modules/shared/syscfg/default.nix b/modules/shared/syscfg/default.nix index f837881..f10e8a1 100644 --- a/modules/shared/syscfg/default.nix +++ b/modules/shared/syscfg/default.nix @@ -28,6 +28,10 @@ in with lib; { type = types.oneOf [ types.bool (types.submodule { options = import ./server.nix {inherit lib;}; }) ]; default = false; }; + monitoring = mkOption { + type = types.submodule { options = import ./monitoring.nix { inherit lib; }; }; + default = { }; + }; media = mkOption { type = types.submodule { options = import ./media.nix { inherit lib; }; }; default = {}; diff --git a/modules/shared/syscfg/monitoring.nix b/modules/shared/syscfg/monitoring.nix new file mode 100644 index 0000000..c55ecd5 --- /dev/null +++ b/modules/shared/syscfg/monitoring.nix @@ -0,0 +1,54 @@ +{ lib, ... }: +with lib; { + telegraf = { + enable = mkOption { + type = types.bool; + default = false; + }; + + collectors = mkOption { + type = types.listOf (types.enum [ + "cpu" + "mem" + "swap" + "system" + "disk" + "diskio" + "kernel" + "net" + "netstat" + "processes" + "temp" + "mdstat" + "smart" + "docker" + "ping" + ]); + default = [ ]; + }; + + outputs = { + urls = mkOption { + type = types.listOf types.str; + default = [ ]; + }; + database = mkOption { + type = types.nullOr types.str; + default = null; + }; + token = mkOption { + type = types.str; + default = "$INFLUXDB_TOKEN"; + }; + secretName = mkOption { + type = types.nullOr types.str; + default = null; + }; + }; + + extraConfig = mkOption { + type = types.attrs; + default = { }; + }; + }; +} diff --git a/systems/sandbox/cfg.nix b/systems/sandbox/cfg.nix index a4d9d81..0165837 100644 --- a/systems/sandbox/cfg.nix +++ b/systems/sandbox/cfg.nix @@ -88,5 +88,30 @@ }; }; }; + monitoring.telegraf = { + enable = true; + collectors = [ + "cpu" + "mem" + "swap" + "system" + "disk" + "diskio" + "kernel" + "net" + "netstat" + "processes" + "docker" + "ping" + ]; + outputs = { + urls = [ "http://127.0.0.1:8181" ]; + database = "main"; + secretName = "INFLUX"; + }; + tags = { + role = "sandbox"; + }; + }; }; }