monitoring: added nextcloud as well

2025-03-14 17:09:21 +01:00 · 2025-03-14 17:09:21 +01:00 · f0346a3c38
commit f0346a3c38
parent cb121c5369
5 changed files with 48 additions and 0 deletions
--- a/machines/gerd/services/monitoring/default.nix
+++ b/machines/gerd/services/monitoring/default.nix
@ -13,5 +13,6 @@
    ./mon-forgejo.nix
    ./mon-uptime-kuma.nix
    ./mon-searx.nix
+    ./mon-nextcloud.nix
  ];
 }
--- a/machines/gerd/services/monitoring/mon-nextcloud.nix
+++ b/machines/gerd/services/monitoring/mon-nextcloud.nix
@ -0,0 +1,45 @@
+{ config, lib, pkgs, ... }:
+
+let
+  # occ bin
+  occ = config.services.nextcloud.occ + "/bin/nextcloud-occ";
+
+  nextcloudSetupServerinfoToken = pkgs.writeShellScript "nextcloud-setup-serverinfo-token.sh" ''
+    # set serverinfo_token
+    SERVERINFO_TOKEN="$(cat $CREDENTIALS_DIRECTORY/nextcloud-serverinfo-token)"
+    ${occ} config:app:set serverinfo token --value "$SERVERINFO_TOKEN" > /dev/null 2>&1 
+  '';
+in {
+  systemd.services.nextcloud-setup = {
+    # runs this after all the main nextcloud-setup stuff
+    script = lib.mkAfter ''
+      ${nextcloudSetupServerinfoToken}
+    '';
+
+    # setup credentials for service
+    serviceConfig.LoadCredential = [
+      "nextcloud-serverinfo-token:${config.age.secrets.nextcloud-serverinfo-token.path}"
+    ];
+  };
+
+  services.prometheus.exporters.nextcloud = {
+    enable = true;
+    listenAddress = "localhost";
+    tokenFile = config.age.secrets.nextcloud-serverinfo-token.path;
+    url = let
+      scheme = if config.services.nextcloud.https then "https" else "http";
+    in "${scheme}://${config.services.nextcloud.hostName}";
+  };
+
+  # setup permissions
+  age.secrets.nextcloud-serverinfo-token.owner = config.services.prometheus.exporters.nextcloud.user;
+
+  services.prometheus.scrapeConfigs = [
+    {
+      job_name = "nextcloud";
+      static_configs = [{
+        targets = [ "localhost:${builtins.toString config.services.prometheus.exporters.nextcloud.port}" ];
+      }];
+    }
+  ];
+}
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -34,6 +34,7 @@
    nextcloud-admin-pass.file = ./nextcloud/admin-pass.age;
    nextcloud-secrets.file = ./nextcloud/secrets.age;
    nextcloud-smtp-pass.file = ./nextcloud/smtp-pass.age;
+    nextcloud-serverinfo-token.file = ./nextcloud/serverinfo-token.age;

    # stalwart
    stalwart-admin-fallback-password.file = ./stalwart/admin-fallback-password.age;
--- a/secrets/nextcloud/serverinfo-token.age
+++ b/secrets/nextcloud/serverinfo-token.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -44,6 +44,7 @@ in
  "nextcloud/admin-pass.age".publicKeys = defaultAccess;
  "nextcloud/secrets.age".publicKeys = defaultAccess;
  "nextcloud/smtp-pass.age".publicKeys = defaultAccess;
+  "nextcloud/serverinfo-token.age".publicKeys = defaultAccess;

  # mailserver/stalwart
  "stalwart/admin-fallback-password.age".publicKeys = defaultAccess;