From f0346a3c3818f75bd90ff66ce3a881a1872bee55 Mon Sep 17 00:00:00 2001
From: eyjhb <eyjhbb@gmail.com>
Date: Fri, 14 Mar 2025 17:09:21 +0100
Subject: [PATCH] monitoring: added nextcloud as well

---
 machines/gerd/services/monitoring/default.nix |   1 +
 .../services/monitoring/mon-nextcloud.nix     |  45 ++++++++++++++++++
 secrets/default.nix                           |   1 +
 secrets/nextcloud/serverinfo-token.age        | Bin 0 -> 595 bytes
 secrets/secrets.nix                           |   1 +
 5 files changed, 48 insertions(+)
 create mode 100644 machines/gerd/services/monitoring/mon-nextcloud.nix
 create mode 100644 secrets/nextcloud/serverinfo-token.age

diff --git a/machines/gerd/services/monitoring/default.nix b/machines/gerd/services/monitoring/default.nix
index bfa3f65..9704826 100644
--- a/machines/gerd/services/monitoring/default.nix
+++ b/machines/gerd/services/monitoring/default.nix
@@ -13,5 +13,6 @@
     ./mon-forgejo.nix
     ./mon-uptime-kuma.nix
     ./mon-searx.nix
+    ./mon-nextcloud.nix
   ];
 }
diff --git a/machines/gerd/services/monitoring/mon-nextcloud.nix b/machines/gerd/services/monitoring/mon-nextcloud.nix
new file mode 100644
index 0000000..823f4fb
--- /dev/null
+++ b/machines/gerd/services/monitoring/mon-nextcloud.nix
@@ -0,0 +1,45 @@
+{ config, lib, pkgs, ... }:
+
+let
+  # occ bin
+  occ = config.services.nextcloud.occ + "/bin/nextcloud-occ";
+
+  nextcloudSetupServerinfoToken = pkgs.writeShellScript "nextcloud-setup-serverinfo-token.sh" ''
+    # set serverinfo_token
+    SERVERINFO_TOKEN="$(cat $CREDENTIALS_DIRECTORY/nextcloud-serverinfo-token)"
+    ${occ} config:app:set serverinfo token --value "$SERVERINFO_TOKEN" > /dev/null 2>&1 
+  '';
+in {
+  systemd.services.nextcloud-setup = {
+    # runs this after all the main nextcloud-setup stuff
+    script = lib.mkAfter ''
+      ${nextcloudSetupServerinfoToken}
+    '';
+
+    # setup credentials for service
+    serviceConfig.LoadCredential = [
+      "nextcloud-serverinfo-token:${config.age.secrets.nextcloud-serverinfo-token.path}"
+    ];
+  };
+
+  services.prometheus.exporters.nextcloud = {
+    enable = true;
+    listenAddress = "localhost";
+    tokenFile = config.age.secrets.nextcloud-serverinfo-token.path;
+    url = let
+      scheme = if config.services.nextcloud.https then "https" else "http";
+    in "${scheme}://${config.services.nextcloud.hostName}";
+  };
+
+  # setup permissions
+  age.secrets.nextcloud-serverinfo-token.owner = config.services.prometheus.exporters.nextcloud.user;
+
+  services.prometheus.scrapeConfigs = [
+    {
+      job_name = "nextcloud";
+      static_configs = [{
+        targets = [ "localhost:${builtins.toString config.services.prometheus.exporters.nextcloud.port}" ];
+      }];
+    }
+  ];
+}
diff --git a/secrets/default.nix b/secrets/default.nix
index 795e8d4..23e56f8 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -34,6 +34,7 @@
     nextcloud-admin-pass.file = ./nextcloud/admin-pass.age;
     nextcloud-secrets.file = ./nextcloud/secrets.age;
     nextcloud-smtp-pass.file = ./nextcloud/smtp-pass.age;
+    nextcloud-serverinfo-token.file = ./nextcloud/serverinfo-token.age;
 
     # stalwart
     stalwart-admin-fallback-password.file = ./stalwart/admin-fallback-password.age;
diff --git a/secrets/nextcloud/serverinfo-token.age b/secrets/nextcloud/serverinfo-token.age
new file mode 100644
index 0000000000000000000000000000000000000000..c1da5c49c05f6a3f303e7cb8d06a85a3174ce70a
GIT binary patch
literal 595
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+40eeqOjmHX4D~2Z
zD$Xj?4-0qo)Aur~C@8i}s&J~RC{A<B3k*z4@k!2ci8Re{3gk+54as!%H%alz3pFk_
z2`ck3D9trb&aAAe3=PXIE%vLZaxyeB_w-G1_XOD%0kNng*~`%=BgHQ@*|Q|gBE+@W
z%QeqEJ<P+k&?C{)x60Q`->Ep%uu|WzqL?ei#VE2O*(cS}E63C@D$hU5t2jF&In6zz
z(mf*3yUNuoML)f~G_A_QBOhb~vVZa{@+@5f6(T(fN}VILLkmI*jFJM)DhiU5DwCrE
zeWN@)@(mL$-BOcNvkW5*DwFd}xU%xy6N|hf!u*`|BT@^hyp7X6f&;P)0;__Yt8$CO
zOd>5K+}%?3Q-Vq((QR`IDKHClR4A>83<}W>4vNgq@XZQKj7UlkGEK}VFN$>WG!6=}
ztjaVGH7yD=baKxM<kAl`u1HNXEpm1@at_MyNlv#Y2ntWj({|A>iz<(dtjefJboVKV
z@T%|*<kHpERq)R(4NI;}FAVSrb}|jL%+IL^u?)*DPxtjIG7d1PaLG*xH7T!5)izBv
z;F8p=Ykz03ckcBms}eOl1ea}!=}w;OEc5?{=q4pEZ{~<U2ReBKYqUF_y*n)!a;J0N
z^X1}B(cXqvEm?S+pWkj^HZ`gFet*XV2F|8E@~2+S%3M@-aLuQu&PxtzsGhG?2-y`6
E0JrbYrvLx|

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index e18b798..06414b1 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -44,6 +44,7 @@ in
   "nextcloud/admin-pass.age".publicKeys = defaultAccess;
   "nextcloud/secrets.age".publicKeys = defaultAccess;
   "nextcloud/smtp-pass.age".publicKeys = defaultAccess;
+  "nextcloud/serverinfo-token.age".publicKeys = defaultAccess;
 
   # mailserver/stalwart
   "stalwart/admin-fallback-password.age".publicKeys = defaultAccess;