feat(netbox-agent): Internalize
Some checks failed
lint / check (push) Successful in 23s
Check meta / check_meta (pull_request) Successful in 17s
Check meta / check_dns (pull_request) Successful in 19s
build configuration / build_and_cache_geo02 (pull_request) Failing after 1m57s
build configuration / build_and_cache_rescue01 (pull_request) Failing after 2m4s
build configuration / build_and_cache_geo01 (pull_request) Failing after 2m5s
build configuration / build_and_cache_vault01 (pull_request) Failing after 56s
build configuration / build_and_cache_storage01 (pull_request) Has been cancelled
build configuration / build_and_cache_web02 (pull_request) Has been cancelled
build configuration / build_and_cache_web01 (pull_request) Has been cancelled
build configuration / build_and_cache_compute01 (pull_request) Has been cancelled
build configuration / build_and_cache_web03 (pull_request) Has been cancelled
build configuration / build_and_cache_bridge01 (pull_request) Has been cancelled
lint / check (pull_request) Has been cancelled
Some checks failed
lint / check (push) Successful in 23s
Check meta / check_meta (pull_request) Successful in 17s
Check meta / check_dns (pull_request) Successful in 19s
build configuration / build_and_cache_geo02 (pull_request) Failing after 1m57s
build configuration / build_and_cache_rescue01 (pull_request) Failing after 2m4s
build configuration / build_and_cache_geo01 (pull_request) Failing after 2m5s
build configuration / build_and_cache_vault01 (pull_request) Failing after 56s
build configuration / build_and_cache_storage01 (pull_request) Has been cancelled
build configuration / build_and_cache_web02 (pull_request) Has been cancelled
build configuration / build_and_cache_web01 (pull_request) Has been cancelled
build configuration / build_and_cache_compute01 (pull_request) Has been cancelled
build configuration / build_and_cache_web03 (pull_request) Has been cancelled
build configuration / build_and_cache_bridge01 (pull_request) Has been cancelled
lint / check (pull_request) Has been cancelled
This commit is contained in:
parent
b5fc554f0f
commit
0276dfa803
6 changed files with 183 additions and 12 deletions
|
@ -7,7 +7,9 @@
|
|||
let
|
||||
inherit (config.networking) hostName domain;
|
||||
in
|
||||
|
||||
{
|
||||
imports = [ ./module.nix ];
|
||||
|
||||
options.dgn-netbox-agent = {
|
||||
enable = lib.mkEnableOption "DGNum netbox agent setup." // {
|
||||
|
@ -51,6 +53,7 @@ in
|
|||
randomizedDelaySec = "3h";
|
||||
environmentFile = config.age.secrets."netbox-agent".path;
|
||||
};
|
||||
age-secrets.sources = [ ./. ];
|
||||
|
||||
age-secrets.sources = [ ./secrets ];
|
||||
};
|
||||
}
|
||||
|
|
116
modules/dgn-netbox-agent/module.nix
Normal file
116
modules/dgn-netbox-agent/module.nix
Normal file
|
@ -0,0 +1,116 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
utils,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (lib)
|
||||
getExe
|
||||
mkEnableOption
|
||||
mkIf
|
||||
mkOption
|
||||
mkPackageOption
|
||||
;
|
||||
|
||||
inherit (lib.types)
|
||||
either
|
||||
listOf
|
||||
nullOr
|
||||
path
|
||||
str
|
||||
;
|
||||
|
||||
settingsFormat = pkgs.formats.yaml { };
|
||||
|
||||
cfg = config.services.netbox-agent;
|
||||
in
|
||||
{
|
||||
options.services.netbox-agent = {
|
||||
enable = mkEnableOption "Netbox-agent";
|
||||
|
||||
package = mkPackageOption pkgs "netbox-agent" { };
|
||||
|
||||
startAt = mkOption {
|
||||
type = either str (listOf str);
|
||||
default = "*-*-* 00:00:00";
|
||||
description = ''
|
||||
Automatically start this unit at the given date/time, which
|
||||
must be in the format described in
|
||||
{manpage}`systemd.time(7)`.
|
||||
'';
|
||||
};
|
||||
|
||||
randomizedDelaySec = mkOption {
|
||||
type = str;
|
||||
default = "0";
|
||||
example = "45min";
|
||||
description = ''
|
||||
Add a randomized delay before each netbox-agent runs.
|
||||
The delay will be chosen between zero and this value.
|
||||
This value must be a time span in the format specified by
|
||||
{manpage}`systemd.time(7)`
|
||||
'';
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
inherit (settingsFormat) type;
|
||||
description = ''
|
||||
Settings to be passed to the netbox agent. Will be converted to a YAML
|
||||
config file
|
||||
'';
|
||||
default = { };
|
||||
};
|
||||
|
||||
environmentFile = mkOption {
|
||||
type = nullOr path;
|
||||
default = null;
|
||||
description = ''
|
||||
Environment file to pass to netbox-agent. See `netbox-agent --help` for
|
||||
possible environment variables
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# Add the netbox-agent package
|
||||
nixpkgs.overlay = [ (self: _: { netbox-agent = self.callPackage ./package.nix { }; }) ];
|
||||
|
||||
systemd.services.netbox-agent = {
|
||||
description = "Netbox-agent service. It generates an existing infrastructure on Netbox and have the ability to update it regularly through this service.";
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
# We could link directly into pkgs.tzdata, but at least timedatectl seems
|
||||
# to expect the symlink to point directly to a file in etc.
|
||||
# Setting the "debian timezone file" to point at /dev/null stops it doing anything.
|
||||
ExecStart = utils.escapeSystemdExecArgs [
|
||||
(getExe cfg.package)
|
||||
"-c"
|
||||
(settingsFormat.generate "config.yaml" cfg.settings)
|
||||
];
|
||||
EnvironmentFile = cfg.environmentFile;
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateTmp = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectSystem = "strict";
|
||||
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
};
|
||||
inherit (cfg) startAt;
|
||||
};
|
||||
|
||||
systemd.timers.netbox-agent.timerConfig.RandomizedDelaySec = cfg.randomizedDelaySec;
|
||||
};
|
||||
}
|
63
modules/dgn-netbox-agent/package.nix
Normal file
63
modules/dgn-netbox-agent/package.nix
Normal file
|
@ -0,0 +1,63 @@
|
|||
{
|
||||
lib,
|
||||
python3,
|
||||
fetchgit,
|
||||
ethtool,
|
||||
dmidecode,
|
||||
ipmitool,
|
||||
lldpd,
|
||||
lshw,
|
||||
}:
|
||||
|
||||
python3.pkgs.buildPythonApplication {
|
||||
pname = "netbox-agent";
|
||||
version = "unstable-2023-03-19";
|
||||
pyproject = true;
|
||||
|
||||
src = fetchgit {
|
||||
url = "https://git.dgnum.eu/DGNum/netbox-agent";
|
||||
rev = "12ceea413cbb87280713de734b5e1b3e88c00178";
|
||||
hash = "sha256-v6H8/yNUcpHERiyzytR2ZADLiDK2QpzSEmxTP5m9BLE=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = with python3.pkgs; [
|
||||
setuptools
|
||||
wheel
|
||||
];
|
||||
|
||||
pythonRelaxDeps = true;
|
||||
|
||||
propagatedBuildInputs = with python3.pkgs; [
|
||||
distro
|
||||
jsonargparse
|
||||
netaddr
|
||||
netifaces
|
||||
packaging
|
||||
pynetbox
|
||||
python-slugify
|
||||
pyyaml
|
||||
];
|
||||
|
||||
postInstall = ''
|
||||
wrapProgram $out/bin/netbox_agent \
|
||||
--prefix PATH ":" ${
|
||||
lib.makeBinPath [
|
||||
ethtool
|
||||
dmidecode
|
||||
ipmitool
|
||||
lldpd
|
||||
lshw
|
||||
]
|
||||
}
|
||||
'';
|
||||
|
||||
pythonImportsCheck = [ "netbox_agent" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Netbox agent to run on your infrastructure's servers";
|
||||
homepage = "https://git.dgnum.eu/DGNum/netbox-agent";
|
||||
license = licenses.asl20;
|
||||
maintainers = [ ];
|
||||
mainProgram = "netbox_agent";
|
||||
};
|
||||
}
|
|
@ -1,10 +1,3 @@
|
|||
let
|
||||
netboxAgent = {
|
||||
id = "244549";
|
||||
hash = "sha256-SePkKEYQGDj6FpuyxZ+1ASeVPA02mCHf0G5i3koMdNw=";
|
||||
};
|
||||
in
|
||||
|
||||
{
|
||||
"nixos-24.05" = [
|
||||
# netbox qrcode plugin
|
||||
|
@ -14,8 +7,6 @@ in
|
|||
hash = "sha256-TooktlqihtULzJJsHvm8EubbUdJZvbDKdIDcYu7Qcig=";
|
||||
}
|
||||
|
||||
netboxAgent
|
||||
|
||||
{
|
||||
id = "275165";
|
||||
hash = "sha256-9a26V3Pi8yLD3N9+mC1kvJoruxRTp/qOHapnt6VX7pw=";
|
||||
|
@ -56,8 +47,6 @@ in
|
|||
];
|
||||
|
||||
"nixos-unstable" = [
|
||||
netboxAgent
|
||||
|
||||
# netbox qrcode plugin
|
||||
{
|
||||
_type = "commit";
|
||||
|
|
Loading…
Reference in a new issue