diff --git a/hosts/caddy/default.nix b/hosts/caddy/default.nix index e33b1da..e69612b 100644 --- a/hosts/caddy/default.nix +++ b/hosts/caddy/default.nix @@ -127,6 +127,12 @@ in domain = p.domains.public; host = p.hosts.portainer; }; + + librenms.proxy = { + enable = true; + domain = p.domains.public; + host = p.hosts.librenms; + }; }; networking = { diff --git a/hosts/hosts.nix b/hosts/hosts.nix index b285d84..dd73b05 100644 --- a/hosts/hosts.nix +++ b/hosts/hosts.nix @@ -195,6 +195,15 @@ ]; }; + librenms = { + module = ./librenms; + tags = [ + "lxc" + "bacco" + "librenms" + ]; + }; + # Special hosts (non-LXC or local deployment) # deadbeef = { # module = ./deadbeef; diff --git a/hosts/librenms/default.nix b/hosts/librenms/default.nix new file mode 100644 index 0000000..f94eaac --- /dev/null +++ b/hosts/librenms/default.nix @@ -0,0 +1,33 @@ +{ + config, + pkgs, + lib, + ... +}: +let + p = import ../parameters.nix; +in +{ + my = { + utils = { + commons.enable = true; + lxc-standard.enable = true; + }; + + monitoring.librenms = { + enable = true; + hostname = p.hosts.librenms; + settings = { + "snmp.community" = [ "public" "homelab" ]; + + }; + }; + + virtualisation.proxmox.enable = true; + }; + + # Extra packages + environment.systemPackages = with pkgs; [ ]; + + system.stateVersion = "25.11"; +} diff --git a/hosts/parameters.nix b/hosts/parameters.nix index 16150e0..87949e5 100644 --- a/hosts/parameters.nix +++ b/hosts/parameters.nix @@ -32,6 +32,7 @@ in forgejo-runner = "forgejo-runner.${private-domain}"; n8n = "n8n.${private-domain}"; ilpost-podcast = "ilpost-podcast.${private-domain}"; + librenms = "librenms.${private-domain}"; }; email = "davide@${public-domain}"; } diff --git a/modules/monitoring/default.nix b/modules/monitoring/default.nix index 3e2e1d1..2353576 100644 --- a/modules/monitoring/default.nix +++ b/modules/monitoring/default.nix @@ -1,6 +1,7 @@ { imports = [ ./grafana.nix + ./librenms.nix ./loki.nix ./prometheus.nix ./uptime-kuma.nix diff --git a/modules/monitoring/librenms.nix b/modules/monitoring/librenms.nix new file mode 100644 index 0000000..b14c40d --- /dev/null +++ b/modules/monitoring/librenms.nix @@ -0,0 +1,89 @@ +{ + lib, + config, + pkgs, + ... +}: +let + cfg = config.my.monitoring.librenms; +in +{ + + options.my.monitoring.librenms = { + enable = lib.mkEnableOption "Enable LibreNMS module"; + + hostname = lib.mkOption { + default = "librenms.home"; + type = lib.types.str; + description = '' + The hostname for LibreNMS + ''; + }; + + settings = lib.mkOption { + type = lib.types.submodule { + freeformType = (pkgs.formats.json { }).type; + }; + default = { }; + description = '' + LibreNMS configuration settings (maps to config.php) + ''; + }; + + proxy = { + enable = lib.mkEnableOption "Set the proxy entry for this service"; + + domain = lib.mkOption { + default = "example.com"; + type = lib.types.str; + description = '' + The domain where Caddy is reachable + ''; + }; + + subdomain = lib.mkOption { + default = "librenms"; + type = lib.types.str; + description = '' + The subdomain where LibreNMS is reachable + ''; + }; + + host = lib.mkOption { + default = "localhost"; + type = lib.types.str; + description = '' + Host name where the service is running + ''; + }; + + }; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + + services.librenms = { + enable = true; + hostname = cfg.hostname; + database = { + createLocally = true; + socket = "/run/mysqld/mysqld.sock"; + }; + settings = cfg.settings; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + + }) + + (lib.mkIf cfg.proxy.enable { + services.caddy = with cfg.proxy; { + virtualHosts."${subdomain}.${domain}".extraConfig = '' + reverse_proxy http://${host}:80 + import cloudflare_${domain} + ''; + }; + }) + ]; +} diff --git a/modules/utils/lxc-standard.nix b/modules/utils/lxc-standard.nix index a4f0384..d256adb 100644 --- a/modules/utils/lxc-standard.nix +++ b/modules/utils/lxc-standard.nix @@ -9,6 +9,8 @@ in config = lib.mkIf cfg.enable { + age.secrets.snmpd-config.file = ../../secrets/snmpd-config.age; + # Enable SSH services.openssh = { enable = true; @@ -30,6 +32,13 @@ in }; }; + # SNMP + services.snmpd = { + enable = true; + openFirewall = true; + configFile = config.age.secrets.snmpd-config.path; + }; + networking.nameservers = [ "192.168.1.2" ]; }; diff --git a/secrets.nix b/secrets.nix index 826e165..9518d43 100644 --- a/secrets.nix +++ b/secrets.nix @@ -31,6 +31,7 @@ let machines.firefly-iii ]; forgejo-runner-token = [ machines.forgejo-runner ]; + snmpd-config = builtins.attrValues machines; }; in builtins.listToAttrs ( diff --git a/secrets/snmpd-config.age b/secrets/snmpd-config.age new file mode 100644 index 0000000..b9d877d Binary files /dev/null and b/secrets/snmpd-config.age differ diff --git a/ssh-keys.nix b/ssh-keys.nix index 5850fda..deeca45 100644 --- a/ssh-keys.nix +++ b/ssh-keys.nix @@ -24,6 +24,7 @@ rec { forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO0MTOCgMoAFjYDEq1gU+XBSUNNcJenoHXagOgFuP1ZN"; forgejo-runner = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR3nkxurUTV2BYv+gLmgyCywPeVaWQxAIHomTNp3R85"; n8n = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP18IdsIxK7EdIOLSONJ4NA6AfLnM/3NkR3+OCDvJWXJ"; + librenms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/dmfOVzj37ZYwLTs+jjQUQYRIgvW3NrtBDsr8rllss"; }; # Machines able to provisioning other machines @@ -43,6 +44,7 @@ rec { machines.arr machines.auth machines.caddy + machines.librenms machines.metrics machines.shadowsocks ];