monitoring: stream children to klingon

automagically.

more security will be nice for IP allowlists using their exact IPv4 in the future.

Signed-off-by: Ryan Lahfa <federez-infra@lahfa.xyz>

hive.nix

@@ -11,10 +11,11 @@ in
     nixpkgs = src.nixpkgs;
   };
 
-  defaults = { pkgs, ... }: {
+  defaults = { pkgs, lib, ... }: {
     imports = [
       ./profiles/sysadmin.nix
       ./profiles/glucagon.nix
+      ./profiles/child-netdata.nix
       "${src.agenix}/modules/age.nix"
       (disko.config diskConfig)
     ];
@@ -26,6 +27,9 @@ in
     networking.useDHCP = false;
     services.openssh.enable = true;
 
+    # By default, everyone is a child except klington itself.
+    federez.monitoring.enableChild = lib.mkDefault true;
+
     # Enable system diffs.
     system.activationScripts.system-diff = {
       supportsDryActivation = true; # safe: only outputs to stdout
@@ -47,6 +51,7 @@ in
     deployment.tags = [ "matrix" ];
     deployment.targetHost = "estragon.federez.net";
     networking.hostName = name;
+    federez.monitoring.apiKey = "3411043d-55b5-425e-af43-0932d6147148";
 
     glucagon.networking = {
       nibble = 227;
@@ -66,6 +71,7 @@ in
     deployment.tags = [ "vaultwarden" "pass" "passwords" ];
     deployment.targetHost = "wagon.federez.net";
     networking.hostName = name;
+    federez.monitoring.apiKey = "a8bd7953-dfca-4393-b770-98c5ab11dea5";
 
     glucagon.networking = {
       nibble = 228;
@@ -82,6 +88,7 @@ in
     deployment.tags = [ "keycloak" ];
     deployment.targetHost = "lagon.federez.net";
     networking.hostName = name;
+    federez.monitoring.apiKey = "f85dcb12-970c-4ea1-99b4-01e2fc26bc6c";
 
     glucagon.networking = {
       nibble = 229;