feat(nasp): sops and telegraf (experimental)

2024-06-14 17:11:07 +08:00 · 2024-06-14 17:11:07 +08:00 · bdc22786ec
commit bdc22786ec
parent 6b49e40596
1 changed files with 78 additions and 5 deletions
--- a/hosts/modules/nasp.nix
+++ b/hosts/modules/nasp.nix
@ -6,6 +6,8 @@ let
  dockerCfg = mainCfg.docker;
  nginxCfg = mainCfg.nginx;
  registryCfg = mainCfg.registry;
  sopsCfg = mainCfg.sops;
  telegrafCfg = mainCfg.telegraf;
  gCfg = mainCfg.gSeries;
  dnew = (pkgs.writeShellScriptBin "dnew" (builtins.readFile ./scripts/dnew));
 in
@ -25,6 +27,12 @@ in
    registry = {
      enable = lib.mkEnableOption "the nasp registry";
    };
    sops = {
      enable = lib.mkEnableOption "sops";
    };
    telegraf = {
      enable = lib.mkEnableOption "telegraf";
    };
    gSeries = {
      enable = lib.mkEnableOption "the g-series server configurations";
      serial = lib.mkOption {
@ -234,6 +242,58 @@ in
        %nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/ip
      '';
    })
    # sops-nix
    ## gpg --fetch-keys "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xa5d6250d1806caa8"
    ## nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
    ## mkdir -p ~/.config/sops/age
    ## nix-shell -p ssh-to-age --run "ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key > ~/.config/sops/age/keys.txt"
    (lib.mkIf sopsCfg.enable {
      sops.defaultSopsFile = ../${mainCfg.hostName}/secrets.yaml;
      sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
    })
    # telegraf
    (lib.mkIf (telegrafCfg.enable) {
      sops.secrets.telegraf = assert sopsCfg.enable; {};
      services.telegraf = {
        enable = true;
        environmentFiles = [ "/run/secrets/telegraf" ];
        extraConfig = {
          agent = {
            interval = "3s";
            round_interval = true;
            metric_batch_size = 1000;
            metric_buffer_limit = 10000;
            collection_jitter = "0s";
            flush_interval = "30s";
            flush_jitter = "3s";
            precision = "0s";
            hostname = assert (mainCfg.netName != ""); mainCfg.netName;
            omit_hostname = false;
          };
          outputs.influxdb_v2 = {
            urls = [ "\${INFLUX_URL}" ];
            token = "\${INFLUX_TOKEN}";
            organization = "nasp.fit";
            bucket = "trash";
            bucket_tag = "bucket";
            exclude_bucket_tag = true;
            timeout = "5s";
          };
          inputs.system = {
            name_override = "load";
            tags = { bucket = "device"; };
            fieldpass = [ "load1" "bucket" ];
            interval = "15s";
          };
          inputs.mem = {
            name_override = "memory";
            tags = { bucket = "device"; };
            fieldpass = [ "used" "total" "bucket"];
            interval = "30s";
          };
        };
      };
    })
    # g series
    (lib.mkIf (gCfg.enable) (let
      ipSuffix = (builtins.toString (gCfg.serial + 100)); in {
@ -314,11 +374,24 @@ in
        fsType = "nfs";
      };
      ## packages and services
-      nasp.docker.enable = true;
+      nasp.docker.enable = lib.mkDefault true;
-      nasp.nvidia.enable = true;
+      nasp.nvidia.enable = lib.mkDefault true;
-      nasp.registry.enable = true;
+      nasp.registry.enable = lib.mkDefault true;
-      nasp.nginx.enable = true;
+      nasp.nginx.enable = lib.mkDefault true;
-      nasp.nginx.enableCodeServer = true;
+      nasp.nginx.enableCodeServer = lib.mkDefault true;
      nasp.sops.enable = lib.mkDefault true;
      nasp.telegraf.enable = lib.mkDefault true;
      services.telegraf.extraConfig = {
        inputs.net = {
          interfaces = [ gCfg.eth0Name gCfg.eth1Name gCfg.eth2Name ];
          ignore_protocol_stats = true;
          tags = { bucket = "device"; };
        };
        inputs.nvidia_smi = {
          bin_path = "/run/current-system/sw/bin/nvidia-smi";
          tags = { bucket = "device"; };
        };
      };
    }))
  ]);
 }