From c1a41863db154dee6d1aa6f98fbebf4eefb20d18 Mon Sep 17 00:00:00 2001 From: Moraxyc Date: Mon, 1 Apr 2024 03:32:54 +0800 Subject: [PATCH] nixos/nezha-agent: init module --- nixos/modules/module-list.nix | 1 + .../services/monitoring/nezha-agent.nix | 103 ++++++++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 nixos/modules/services/monitoring/nezha-agent.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 0a15360f6ea5..4596ac714b84 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -840,6 +840,7 @@ ./services/monitoring/munin.nix ./services/monitoring/nagios.nix ./services/monitoring/netdata.nix + ./services/monitoring/nezha-agent.nix ./services/monitoring/ocsinventory-agent.nix ./services/monitoring/opentelemetry-collector.nix ./services/monitoring/osquery.nix diff --git a/nixos/modules/services/monitoring/nezha-agent.nix b/nixos/modules/services/monitoring/nezha-agent.nix new file mode 100644 index 000000000000..ef6878798f37 --- /dev/null +++ b/nixos/modules/services/monitoring/nezha-agent.nix @@ -0,0 +1,103 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.services.nezha-agent; +in +{ + meta = { + maintainers = with lib.maintainers; [ moraxyc ]; + }; + options = { + services.nezha-agent = { + enable = lib.mkEnableOption (lib.mdDoc "Agent of Nezha Monitoring"); + + package = lib.mkPackageOption pkgs "nezha-agent" { }; + debug = lib.mkEnableOption (lib.mdDoc "verbose log"); + tls = lib.mkOption { + type = lib.types.bool; + default = false; + description = lib.mdDoc '' + Enable SSL/TLS encryption. + ''; + }; + disableCommandExecute = lib.mkOption { + type = lib.types.bool; + default = true; + description = lib.mdDoc '' + Disable executing the command from dashboard. + ''; + }; + skipConnection = lib.mkOption { + type = lib.types.bool; + default = false; + description = lib.mdDoc '' + Do not monitor the number of connections. + ''; + }; + skipProcess = lib.mkOption { + type = lib.types.bool; + default = false; + description = lib.mdDoc '' + Do not monitor the number of processes. + ''; + }; + reportDelay = lib.mkOption { + type = lib.types.enum [ 1 2 3 4 ]; + default = 1; + description = lib.mdDoc '' + The interval between system status reportings. + The value must be an integer from 1 to 4 + ''; + }; + passwordFile = lib.mkOption { + type = with lib.types; nullOr str; + default = null; + description = lib.mdDoc '' + Path to the file contained the password from dashboard. + ''; + }; + server = lib.mkOption { + type = lib.types.str; + description = lib.mdDoc '' + Address to the dashboard + ''; + }; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.packages = [ cfg.package ]; + + systemd.services.nezha-agent = { + serviceConfig = { + ProtectSystem = "full"; + PrivateDevices = "yes"; + PrivateTmp = "yes"; + NoNewPrivileges = true; + }; + path = [ cfg.package ]; + startLimitIntervalSec = 10; + startLimitBurst = 3; + script = lib.concatStringsSep " " ( + [ + "${cfg.package}/bin/agent" + "--disable-auto-update" + "--disable-force-update" + "--password $(cat ${cfg.passwordFile})" + ] + ++ lib.optional cfg.debug "--debug" + ++ lib.optional cfg.disableCommandExecute "--disable-command-execute" + ++ lib.optional (cfg.reportDelay != null) "--report-delay ${toString cfg.reportDelay}" + ++ lib.optional (cfg.server != null) "--server ${cfg.server}" + ++ lib.optional cfg.skipConnection "--skip-conn" + ++ lib.optional cfg.skipProcess "--skip-procs" + ++ lib.optional cfg.tls "--tls" + ); + wantedBy = [ "multi-user.target" ]; + }; + }; +}