From 22c6bd6e6c0ec264f3a782f80b307353104adaf7 Mon Sep 17 00:00:00 2001 From: liberodark Date: Wed, 4 Dec 2024 14:39:54 +0100 Subject: [PATCH] nixos/glpi-agent: init --- .../services/monitoring/glpi-agent.nix | 129 ++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 nixos/modules/services/monitoring/glpi-agent.nix diff --git a/nixos/modules/services/monitoring/glpi-agent.nix b/nixos/modules/services/monitoring/glpi-agent.nix new file mode 100644 index 00000000000000..9bc6b102151e4c --- /dev/null +++ b/nixos/modules/services/monitoring/glpi-agent.nix @@ -0,0 +1,129 @@ +# GLPI Agent daemon. +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.services.glpiAgent; + + configFile = pkgs.writeText "agent.cfg" '' + # Server configuration + server = ${lib.concatStringsSep ", " cfg.servers} + + # Configuration + ${cfg.extraConfig} + ''; + +in +{ + options = { + services.glpiAgent = { + enable = lib.mkEnableOption "GLPI Agent"; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.callPackage ./package.nix { }; + description = "The GLPI agent package to use."; + }; + + servers = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = '' + The URLs of the GLPI servers to connect to. + ''; + example = [ "http://glpi.example.com/inventory" ]; + }; + + extraConfig = lib.mkOption { + type = lib.types.lines; + default = ""; + description = '' + Configuration options that will be written to the configuration file. + ''; + example = '' + delaytime = 3600 + timeout = 180 + tag = mytag + logger = stderr + # etc... + ''; + }; + }; + }; + + config = lib.mkIf cfg.enable { + # User and group + users.users.glpi-agent = { + description = "GLPI Agent user"; + isSystemUser = true; + group = "glpi-agent"; + home = "/var/lib/glpi-agent"; + createHome = true; + }; + + users.groups.glpi-agent = { }; + + # Create directories and manage configuration file + systemd.tmpfiles.rules = [ + "d /var/lib/glpi-agent 0755 glpi-agent glpi-agent -" + "d /var/lib/glpi-agent/var 0755 glpi-agent glpi-agent -" + "d /etc/glpi-agent 0755 glpi-agent glpi-agent -" + "C /etc/glpi-agent/agent.cfg 0644 glpi-agent glpi-agent - ${configFile}" + ]; + + # Sudo rules for inventory commands + security.sudo.extraRules = [ + { + users = [ "glpi-agent" ]; + commands = [ + { + command = "${pkgs.dmidecode}/bin/dmidecode"; + options = [ "NOPASSWD" ]; + } + { + command = "${pkgs.pciutils}/bin/lspci"; + options = [ "NOPASSWD" ]; + } + { + command = "${pkgs.usbutils}/bin/lsusb"; + options = [ "NOPASSWD" ]; + } + { + command = "${pkgs.iproute2}/bin/ip"; + options = [ "NOPASSWD" ]; + } + { + command = "${pkgs.nettools}/bin/netstat"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + + # Service + systemd.services.glpi-agent = { + description = "GLPI Agent"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${cfg.package}/bin/glpi-agent --conf-file /etc/glpi-agent/agent.cfg --vardir /var/lib/glpi-agent/var --daemon --no-fork"; + User = "glpi-agent"; + Group = "glpi-agent"; + Restart = "on-failure"; + RestartSec = "60s"; + StateDirectory = "glpi-agent"; + ConfigurationDirectory = "glpi-agent"; + RuntimeDirectory = "glpi-agent"; + WorkingDirectory = "/var/lib/glpi-agent"; + SupplementaryGroups = [ + "proc" + "disk" + ]; + }; + }; + }; +}