summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/nix-community
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2021-09-28 22:48:17 +0200
committertv <tv@krebsco.de>2021-09-28 22:48:17 +0200
commited2c6bd9792afbc433ae4eb23f40e17b90420f99 (patch)
tree289de32dd7f58f46accf7ad25ed184db5aa45198 /makefu/2configs/nix-community
parent20e358043546482acfa8c6134f095c1a64ef144d (diff)
parente151cfd3298120ec541987d4beb155e18335a0d8 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/2configs/nix-community')
-rw-r--r--makefu/2configs/nix-community/mediawiki-matrix-bot.nix23
-rw-r--r--makefu/2configs/nix-community/supervision.nix82
2 files changed, 105 insertions, 0 deletions
diff --git a/makefu/2configs/nix-community/mediawiki-matrix-bot.nix b/makefu/2configs/nix-community/mediawiki-matrix-bot.nix
new file mode 100644
index 000000000..6dff64121
--- /dev/null
+++ b/makefu/2configs/nix-community/mediawiki-matrix-bot.nix
@@ -0,0 +1,23 @@
+{ pkgs, ... }:
+let
+ seccfg = toString <secrets/mediawikibot-config.json>;
+ statecfg = "/var/lib/mediawiki-matrix-bot/config.json";
+in {
+ systemd.services.mediawiki-matrix-bot = {
+ description = "Mediawiki Matrix Bot";
+ after = [ "network-online.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ Restart = "always";
+ RestartSec = "60s";
+ DynamicUser = true;
+ StateDirectory = "mediawiki-matrix-bot";
+ PermissionsStartOnly = true;
+ ExecStartPre = pkgs.writeDash "mediawikibot-copy-config" ''
+ install -D -m644 ${seccfg} ${statecfg}
+ '';
+ ExecStart = "${pkgs.mediawiki-matrix-bot}/bin/mediawiki-matrix-bot ${statecfg}";
+ PrivateTmp = true;
+ };
+ };
+}
diff --git a/makefu/2configs/nix-community/supervision.nix b/makefu/2configs/nix-community/supervision.nix
new file mode 100644
index 000000000..f648b9c17
--- /dev/null
+++ b/makefu/2configs/nix-community/supervision.nix
@@ -0,0 +1,82 @@
+{ config, lib, pkgs, ... }:
+let
+ isVM = lib.any (mod: mod == "xen-blkfront" || mod == "virtio_console") config.boot.initrd.kernelModules;
+ port = "9273";
+in {
+
+ networking.firewall.extraCommands = ''
+ iptables -A INPUT -i retiolum -p tcp --dport ${port} -j ACCEPT
+ '';
+
+ services.telegraf = {
+ enable = true;
+ extraConfig = {
+ agent.interval = "60s";
+ inputs = {
+ prometheus.metric_version = 2;
+ kernel_vmstat = { };
+ smart = lib.mkIf (!isVM) {
+ path = pkgs.writeShellScript "smartctl" ''
+ exec /run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl "$@"
+ '';
+ };
+ system = { };
+ mem = { };
+ file = [{
+ data_format = "influx";
+ file_tag = "name";
+ files = [ "/var/log/telegraf/*" ];
+ }] ++ lib.optional (lib.any (fs: fs == "ext4") config.boot.supportedFilesystems) {
+ name_override = "ext4_errors";
+ files = [ "/sys/fs/ext4/*/errors_count" ];
+ data_format = "value";
+ };
+ exec = lib.optionalAttrs (lib.any (fs: fs == "zfs") config.boot.supportedFilesystems) {
+ ## Commands array
+ commands = [
+ (pkgs.writeScript "zpool-health" ''
+ #!${pkgs.gawk}/bin/awk -f
+ BEGIN {
+ while ("${pkgs.zfs}/bin/zpool status" | getline) {
+ if ($1 ~ /pool:/) { printf "zpool_status,name=%s ", $2 }
+ if ($1 ~ /state:/) { printf " state=\"%s\",", $2 }
+ if ($1 ~ /errors:/) {
+ if (index($2, "No")) printf "errors=0i\n"; else printf "errors=%di\n", $2
+ }
+ }
+ }
+ '')
+ ];
+ data_format = "influx";
+ };
+ systemd_units = { };
+ swap = { };
+ disk.tagdrop = {
+ fstype = [ "tmpfs" "ramfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs" ];
+ device = [ "rpc_pipefs" "lxcfs" "nsfs" "borgfs" ];
+ };
+ diskio = { };
+ };
+ outputs.prometheus_client = {
+ listen = ":${port}";
+ metric_version = 2;
+ };
+ };
+ };
+
+ security.sudo.extraRules = lib.mkIf (!isVM) [{
+ users = [ "telegraf" ];
+ commands = [{
+ command = "${pkgs.smartmontools}/bin/smartctl";
+ options = [ "NOPASSWD" ];
+ }];
+ }];
+ # avoid logging sudo use
+ security.sudo.configFile = ''
+ Defaults:telegraf !syslog,!pam_session
+ '';
+ # create dummy file to avoid telegraf errors
+ systemd.tmpfiles.rules = [
+ "f /var/log/telegraf/dummy 0444 root root - -"
+ ];
+}