l telegraf: update config

This commit is contained in:
lassulus 2023-09-03 11:57:38 +02:00
parent 32bac4e054
commit ba79c70bbd

View File

@ -1,60 +1,127 @@
{ config, lib, pkgs, ... }: { pkgs, lib, config, ... }:
# To use this module you also need to allow port 9273 either on the internet or on a vpn interface
# i.e. networking.firewall.interfaces."vpn0".allowedTCPPorts = [ 9273 ];
# Example prometheus alert rules:
# - https://github.com/Mic92/dotfiles/blob/master/nixos/eva/modules/prometheus/alert-rules.nix
let let
isVM = lib.any (mod: mod == "xen-blkfront" || mod == "virtio_console") config.boot.initrd.kernelModules; isVM = lib.any (mod: mod == "xen-blkfront" || mod == "virtio_console") config.boot.initrd.kernelModules;
in { # potentially wrong if the nvme is not used at boot...
hasNvme = lib.any (m: m == "nvme") config.boot.initrd.availableKernelModules;
krebs.iptables.tables.filter.INPUT.rules = [ ipv6DadCheck = pkgs.writeShellScript "ipv6-dad-check" ''
{ predicate = "-i retiolum -p tcp --dport 9273"; target = "ACCEPT"; } ${pkgs.iproute2}/bin/ip --json addr | \
]; ${pkgs.jq}/bin/jq -r 'map(.addr_info) | flatten(1) | map(select(.dadfailed == true)) | map(.local) | @text "ipv6_dad_failures count=\(length)i"'
'';
systemd.services.telegraf.path = [ pkgs.nvme-cli ]; zfsChecks = lib.optional
(lib.any (fs: fs == "zfs") config.boot.supportedFilesystems)
(pkgs.writeScript "zpool-health" ''
#!${pkgs.gawk}/bin/awk -f
BEGIN {
while ("${pkgs.zfs}/bin/zpool status" | getline) {
if ($1 ~ /pool:/) { printf "zpool_status,name=%s ", $2 }
if ($1 ~ /state:/) { printf " state=\"%s\",", $2 }
if ($1 ~ /errors:/) {
if (index($2, "No")) printf "errors=0i\n"; else printf "errors=%di\n", $2
}
}
}
'');
nfsChecks =
let
collectHosts = shares: fs:
if builtins.elem fs.fsType [ "nfs" "nfs3" "nfs4" ]
then
shares
// (
let
# also match ipv6 addresses
group = builtins.match "\\[?([^\]]+)]?:([^:]+)$" fs.device;
host = builtins.head group;
path = builtins.elemAt group 1;
in
{
${host} = (shares.${host} or [ ]) ++ [ path ];
}
)
else shares;
nfsHosts = lib.foldl collectHosts { } (builtins.attrValues config.fileSystems);
in
lib.mapAttrsToList
(
host: args:
(pkgs.writeScript "nfs-health" ''
#!${pkgs.gawk}/bin/awk -f
BEGIN {
for (i = 2; i < ARGC; i++) {
mounts[ARGV[i]] = 1
}
while ("${pkgs.nfs-utils}/bin/showmount -e " ARGV[1] | getline) {
if (NR == 1) { continue }
if (mounts[$1] == 1) {
printf "nfs_export,host=%s,path=%s present=1\n", ARGV[1], $1
}
delete mounts[$1]
}
for (mount in mounts) {
printf "nfs_export,host=%s,path=%s present=0\n", ARGV[1], $1
}
}
'')
+ " ${host} ${builtins.concatStringsSep " " args}"
)
nfsHosts;
in
{
systemd.services.telegraf.path = lib.optional (!isVM && hasNvme) pkgs.nvme-cli;
services.telegraf = { services.telegraf = {
enable = true; enable = true;
extraConfig = { extraConfig = {
agent.interval = "60s"; agent.interval = "60s";
inputs = { inputs = {
http_response = [ prometheus.urls = lib.mkIf config.services.promtail.enable [
{ urls = [ # default promtail port
"http://localhost:8080/about/health/" "http://localhost:9080/metrics"
]; }
]; ];
prometheus.metric_version = 2; prometheus.metric_version = 2;
kernel_vmstat = { }; kernel_vmstat = { };
# smart = lib.mkIf (!isVM) { nginx.urls = lib.mkIf config.services.nginx.statusPage [
# path = pkgs.writeShellScript "smartctl" '' "http://localhost/nginx_status"
# exec /run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl "$@" ];
# ''; smart = lib.mkIf (!isVM) {
# }; path_smartctl = pkgs.writeShellScript "smartctl" ''
exec /run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl "$@"
'';
};
system = { }; system = { };
mem = { }; mem = { };
file = [{ file =
data_format = "influx"; [
file_tag = "name"; {
files = [ "/var/log/telegraf/*" ]; data_format = "influx";
}] ++ lib.optional (lib.any (fs: fs == "ext4") config.boot.supportedFilesystems) { file_tag = "name";
name_override = "ext4_errors"; files = [ "/var/log/telegraf/*" ];
files = [ "/sys/fs/ext4/*/errors_count" ]; }
data_format = "value"; ]
}; ++ lib.optional (lib.any (fs: fs == "ext4") config.boot.supportedFilesystems) {
exec = lib.optionalAttrs (lib.any (fs: fs == "zfs") config.boot.supportedFilesystems) { name_override = "ext4_errors";
## Commands array files = [ "/sys/fs/ext4/*/errors_count" ];
commands = [ data_format = "value";
(pkgs.writeScript "zpool-health" '' };
#!${pkgs.gawk}/bin/awk -f exec = [
BEGIN { {
while ("${pkgs.zfs}/bin/zpool status" | getline) { ## Commands array
if ($1 ~ /pool:/) { printf "zpool_status,name=%s ", $2 } commands =
if ($1 ~ /state:/) { printf " state=\"%s\",", $2 } [ ipv6DadCheck ]
if ($1 ~ /errors:/) { ++ zfsChecks
if (index($2, "No")) printf "errors=0i\n"; else printf "errors=%di\n", $2 ++ nfsChecks;
} data_format = "influx";
} }
} ];
'')
];
data_format = "influx";
};
systemd_units = { }; systemd_units = { };
swap = { }; swap = { };
disk.tagdrop = { disk.tagdrop = {
@ -62,6 +129,11 @@ in {
device = [ "rpc_pipefs" "lxcfs" "nsfs" "borgfs" ]; device = [ "rpc_pipefs" "lxcfs" "nsfs" "borgfs" ];
}; };
diskio = { }; diskio = { };
zfs = {
poolMetrics = true;
};
} // lib.optionalAttrs (if lib.versionAtLeast (lib.versions.majorMinor lib.version) "23.11" then config.boot.swraid.enable else config.boot.initrd.services.swraid.enable) {
mdstat = { };
}; };
outputs.prometheus_client = { outputs.prometheus_client = {
listen = ":9273"; listen = ":9273";
@ -69,4 +141,23 @@ in {
}; };
}; };
}; };
security.sudo.extraRules = lib.mkIf (!isVM) [
{
users = [ "telegraf" ];
commands = [
{
command = "${pkgs.smartmontools}/bin/smartctl";
options = [ "NOPASSWD" ];
}
];
}
];
# avoid logging sudo use
security.sudo.configFile = ''
Defaults:telegraf !syslog,!pam_session
'';
# create dummy file to avoid telegraf errors
systemd.tmpfiles.rules = [
"f /var/log/telegraf/dummy 0444 root root - -"
];
} }