move telegraf to srvos

flake.lock

@@ -212,11 +212,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1671462804,
-        "narHash": "sha256-WPwJpBn9XYwkZp/RsSKM0hKi/pmDl7EPQS7/XS5IgKA=",
+        "lastModified": 1671482743,
+        "narHash": "sha256-YqOjz4ZY++p6/siB0eygD0kFeYJwQgwfkz2W/d9JWkA=",
         "owner": "numtide",
         "repo": "srvos",
-        "rev": "754b897b4c0a925f9bd3130110d5e2d6bb36182f",
+        "rev": "dcd08ecab2efc069b0a3326415f740a927a1f023",
         "type": "github"
       },
       "original": {

flake.nix

@@ -48,9 +48,12 @@
         flake.nixosConfigurations = let
           inherit (inputs.nixpkgs.lib) nixosSystem;
           common = [
+            { _module.args.inputs = inputs; }
             inputs.sops-nix.nixosModules.sops
             inputs.srvos.nixosModules.common
-            { _module.args.inputs = inputs; }
+
+            inputs.srvos.nixosModules.telegraf
+            { networking.firewall.allowedTCPPorts = [ 9273 ]; }
           ];
         in {
           "build01.nix-community.org" = nixosSystem {

roles/common.nix

@@ -6,7 +6,6 @@
     ./nix-daemon.nix
     ./security.nix
     ./sops-nix.nix
-    ./telegraf.nix
     ./users.nix
   ];
 

roles/telegraf.nix

@@ -1,128 +0,0 @@
-{ pkgs, lib, config, ... }:
-let
-  isVM = lib.any (mod: mod == "xen-blkfront" || mod == "virtio_console") config.boot.initrd.kernelModules;
-in
-{
-  networking.firewall.allowedTCPPorts = [ 9273 ];
-  systemd.services.telegraf.path = [ pkgs.nvme-cli ];
-
-  services.telegraf = {
-    enable = true;
-    extraConfig = {
-      agent.interval = "60s";
-      inputs = {
-        #syslog.server = "unixgram:///run/systemd/journal/syslog";
-        #syslog.best_effort = true;
-        #syslog.syslog_standard = "RFC3164";
-        prometheus.urls = lib.mkIf (config.services.promtail.enable) [
-          # default promtail port
-          "http://localhost:9080/metrics"
-        ];
-        prometheus.metric_version = 2;
-        kernel_vmstat = { };
-        smart = lib.mkIf (!isVM) {
-          path = pkgs.writeShellScript "smartctl" ''
-            exec /run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl "$@"
-          '';
-        };
-        mdstat = { };
-        system = { };
-        mem = { };
-        file = [{
-          data_format = "influx";
-          file_tag = "name";
-          files = [ "/var/log/telegraf/*" ];
-        }] ++ lib.optional (lib.any (fs: fs == "ext4") config.boot.supportedFilesystems) {
-          name_override = "ext4_errors";
-          files = [ "/sys/fs/ext4/*/errors_count" ];
-          data_format = "value";
-        };
-        exec = [{
-          ## Commands array
-          commands = (lib.optional (lib.any (fs: fs == "zfs") config.boot.supportedFilesystems)
-            (pkgs.writeScript "zpool-health" ''
-              #!${pkgs.gawk}/bin/awk -f
-              BEGIN {
-                while ("${pkgs.zfs}/bin/zpool status" | getline) {
-                  if ($1 ~ /pool:/) { printf "zpool_status,name=%s ", $2 }
-                  if ($1 ~ /state:/) { printf " state=\"%s\",", $2 }
-                  if ($1 ~ /errors:/) {
-                      if (index($2, "No")) printf "errors=0i\n"; else printf "errors=%di\n", $2
-                  }
-                }
-              }
-            '')
-          ) ++ (
-            let
-              collectHosts = shares: fs:
-                if builtins.elem fs.fsType [ "nfs" "nfs3" "nfs4" ] then
-                  shares // (
-                    let
-                      # also match ipv6 addresses
-                      group = builtins.match "\\[?([^\]]+)]?:([^:]+)$" fs.device;
-                      host = builtins.head group;
-                      path = builtins.elemAt group 1;
-                    in
-                    {
-                      ${host} = (shares.${host} or [ ]) ++ [ path ];
-                    }
-                  )
-                else
-                  shares;
-              nfsHosts = lib.foldl collectHosts { } (builtins.attrValues config.fileSystems);
-            in
-            lib.mapAttrsToList
-              (host: args:
-                (pkgs.writeScript "zpool-health" ''
-                  #!${pkgs.gawk}/bin/awk -f
-                  BEGIN {
-                    for (i = 2; i < ARGC; i++) {
-                        mounts[ARGV[i]] = 1
-                    }
-                    while ("${pkgs.nfs-utils}/bin/showmount -e " ARGV[1] | getline) {
-                      if (NR == 1) { continue }
-                      if (mounts[$1] == 1) {
-                          printf "nfs_export,host=%s,path=%s present=1\n", ARGV[1], $1
-                      }
-                      delete mounts[$1]
-                    }
-                    for (mount in mounts) {
-                        printf "nfs_export,host=%s,path=%s present=0\n", ARGV[1], $1
-                    }
-                  }
-                '') + " ${host} ${builtins.concatStringsSep " " args}"
-              )
-              nfsHosts
-          );
-          data_format = "influx";
-        }];
-        systemd_units = { };
-        swap = { };
-        disk.tagdrop = {
-          fstype = [ "tmpfs" "ramfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs" ];
-          device = [ "rpc_pipefs" "lxcfs" "nsfs" "borgfs" ];
-        };
-        diskio = { };
-      };
-      outputs.prometheus_client = {
-        listen = ":9273";
-        metric_version = 2;
-      };
-    };
-  };
-  security.sudo.extraRules = lib.mkIf (!isVM) [{
-    users = [ "telegraf" ];
-    commands = [{
-      command = "${pkgs.smartmontools}/bin/smartctl";
-      options = [ "NOPASSWD" ];
-    }];
-  }];
-  # avoid logging sudo use
-  security.sudo.configFile = ''
-    Defaults:telegraf !syslog,!pam_session
-  '';
-  # create dummy file to avoid telegraf errors
-  systemd.tmpfiles.rules = [
-    "f /var/log/telegraf/dummy 0444 root root - -"
-  ];
-}