diff options
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/backup/borgbackup.nix | 3 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/nezha-agent.nix | 103 |
2 files changed, 106 insertions, 0 deletions
diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix index 6f4455d3be605..ad6194f8262ae 100644 --- a/nixos/modules/services/backup/borgbackup.nix +++ b/nixos/modules/services/backup/borgbackup.nix @@ -147,6 +147,9 @@ let let settings = { inherit (cfg) user group; }; in lib.nameValuePair "borgbackup-job-${name}" ({ + # Create parent dirs separately, to ensure correct ownership. + "${config.users.users."${cfg.user}".home}/.config".d = settings; + "${config.users.users."${cfg.user}".home}/.cache".d = settings; "${config.users.users."${cfg.user}".home}/.config/borg".d = settings; "${config.users.users."${cfg.user}".home}/.cache/borg".d = settings; } // optionalAttrs (isLocalPath cfg.repo && !cfg.removableDevice) { diff --git a/nixos/modules/services/monitoring/nezha-agent.nix b/nixos/modules/services/monitoring/nezha-agent.nix new file mode 100644 index 0000000000000..ef6878798f377 --- /dev/null +++ b/nixos/modules/services/monitoring/nezha-agent.nix @@ -0,0 +1,103 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.services.nezha-agent; +in +{ + meta = { + maintainers = with lib.maintainers; [ moraxyc ]; + }; + options = { + services.nezha-agent = { + enable = lib.mkEnableOption (lib.mdDoc "Agent of Nezha Monitoring"); + + package = lib.mkPackageOption pkgs "nezha-agent" { }; + debug = lib.mkEnableOption (lib.mdDoc "verbose log"); + tls = lib.mkOption { + type = lib.types.bool; + default = false; + description = lib.mdDoc '' + Enable SSL/TLS encryption. + ''; + }; + disableCommandExecute = lib.mkOption { + type = lib.types.bool; + default = true; + description = lib.mdDoc '' + Disable executing the command from dashboard. + ''; + }; + skipConnection = lib.mkOption { + type = lib.types.bool; + default = false; + description = lib.mdDoc '' + Do not monitor the number of connections. + ''; + }; + skipProcess = lib.mkOption { + type = lib.types.bool; + default = false; + description = lib.mdDoc '' + Do not monitor the number of processes. + ''; + }; + reportDelay = lib.mkOption { + type = lib.types.enum [ 1 2 3 4 ]; + default = 1; + description = lib.mdDoc '' + The interval between system status reportings. + The value must be an integer from 1 to 4 + ''; + }; + passwordFile = lib.mkOption { + type = with lib.types; nullOr str; + default = null; + description = lib.mdDoc '' + Path to the file contained the password from dashboard. + ''; + }; + server = lib.mkOption { + type = lib.types.str; + description = lib.mdDoc '' + Address to the dashboard + ''; + }; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.packages = [ cfg.package ]; + + systemd.services.nezha-agent = { + serviceConfig = { + ProtectSystem = "full"; + PrivateDevices = "yes"; + PrivateTmp = "yes"; + NoNewPrivileges = true; + }; + path = [ cfg.package ]; + startLimitIntervalSec = 10; + startLimitBurst = 3; + script = lib.concatStringsSep " " ( + [ + "${cfg.package}/bin/agent" + "--disable-auto-update" + "--disable-force-update" + "--password $(cat ${cfg.passwordFile})" + ] + ++ lib.optional cfg.debug "--debug" + ++ lib.optional cfg.disableCommandExecute "--disable-command-execute" + ++ lib.optional (cfg.reportDelay != null) "--report-delay ${toString cfg.reportDelay}" + ++ lib.optional (cfg.server != null) "--server ${cfg.server}" + ++ lib.optional cfg.skipConnection "--skip-conn" + ++ lib.optional cfg.skipProcess "--skip-procs" + ++ lib.optional cfg.tls "--tls" + ); + wantedBy = [ "multi-user.target" ]; + }; + }; +} |