modules: add tsvnstat start using it in various places

2022-11-17 16:09:05 -07:00 · 2022-11-17 16:09:05 -07:00 · 06593a97fa
commit 06593a97fa
parent 194ce0caab
3 changed files with 115 additions and 27 deletions
--- a/hosts/h/default.nix
+++ b/hosts/h/default.nix
@ -1,4 +1,4 @@
-{ config, pkgs, lib, isUnstable, ... }:
+{ config, pkgs, lib, isUnstable, inputs, ... }:
 with pkgs;
 let
  restic = pkgs.writeScriptBin "restic"
@ -26,6 +26,7 @@ in {
    ./hardware-configuration.nix
    ../../modules/gotosocial.nix
    ../../modules/yarr.nix
+    ../../modules/tsvnstat.nix
  ];

  boot.loader.grub.enable = true;
@ -77,6 +78,11 @@ in {
      mode = "400";
      sopsFile = config.xin-secrets.h.services;
    };
+    # TODO: rename
+    router_stats_ts_key = {
+      sopsFile = config.xin-secrets.h.services;
+      owner = config.users.users.tsvnstat.name;
+    };
    wireguard_private_key = { sopsFile = config.xin-secrets.h.services; };
  };

@ -181,7 +187,10 @@ in {
  };

  services = {
-    vnstat.enable = true;
+    tsvnstat = {
+      enable = true;
+      keyPath = "${config.sops.secrets.router_stats_ts_key.path}";
+    };
    yarr.enable = true;
    gotosocial = {
      enable = true;
--- a/hosts/router/default.nix
+++ b/hosts/router/default.nix
@ -9,7 +9,6 @@ let
  userBase = {
    openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
  };
-  inherit (inputs.tsvnstat.packages.${pkgs.system}) tsvnstat;

  wan = "enp5s0f0";
  trunk = "enp5s0f1";
@ -272,7 +271,7 @@ let
  };
 in {
  _module.args.isUnstable = false;
-  imports = [ ./hardware-configuration.nix ];
+  imports = [ ./hardware-configuration.nix ../../modules/tsvnstat.nix ];

  boot.kernel.sysctl = {
    "net.ipv4.conf.all.forwarding" = true;
@ -284,6 +283,10 @@ in {
    wireguard_private_key = {
      sopsFile = config.xin-secrets.router.networking;
    };
+    router_stats_ts_key = {
+      sopsFile = config.xin-secrets.router.networking;
+      owner = config.users.users.tsvnstat.name;
+    };
  };

  networking = {
@ -403,7 +406,10 @@ in {
  };

  services = {
-    vnstat.enable = true;
+    tsvnstat = {
+      enable = true;
+      keyPath = "${config.sops.secrets.router_stats_ts_key.path}";
+    };
    atftpd = {
      enable = true;
      extraOptions = [
@ -444,28 +450,7 @@ in {
    };
  };

-  environment.systemPackages = with pkgs; [ bmon termshark tcpdump tsvnstat ];
-
-  users.groups.tsvnstat = { };
-
-  users.users.tsvnstat = {
-    createHome = true;
-    isSystemUser = true;
-    home = "/var/lib/tsvnstat";
-    group = "tsvnstat";
-  };
-
-  systemd.services.tsvnstat = {
-    wantedBy = [ "network.target" ];
-    serviceConfig = {
-      User = "tsvnstat";
-      Group = "tsvnstat";
-      Restart = "always";
-      WorkingDirectory = "/var/lib/tsvnstat";
-      ExecStart =
-        "${tsvnstat}/bin/tsvnstat -name ${config.networking.hostName}-stats";
-    };
-  };
+  environment.systemPackages = with pkgs; [ bmon termshark tcpdump ];

  users.users.root = userBase;
  users.users.qbit = userBase;
--- a/modules/tsvnstat.nix
+++ b/modules/tsvnstat.nix
@ -0,0 +1,94 @@
+{ config, lib, pkgs, inputs, ... }:
+with pkgs;
+let
+  cfg = config.services.tsvnstat;
+  inherit (inputs.tsvnstat.packages.${pkgs.system}) tsvnstat;
+in {
+  options = with lib; {
+    services.tsvnstat = {
+      enable = mkEnableOption "Enable tsvnstat";
+
+      user = mkOption {
+        type = with types; oneOf [ str int ];
+        default = "tsvnstat";
+        description = ''
+          The user the service will use.
+        '';
+      };
+
+      keyPath = mkOption {
+        type = types.path;
+        default = "";
+        description = ''
+          Path to the TS API key file
+        '';
+      };
+
+      nodeName = mkOption {
+        type = types.str;
+        default = "${config.networking.hostName}-stats";
+        description = ''
+          The name of the TS node.
+        '';
+      };
+
+      group = mkOption {
+        type = with types; oneOf [ str int ];
+        default = "tsvnstat";
+        description = ''
+          The user the service will use.
+        '';
+      };
+      package = mkOption {
+        type = types.package;
+        default = tsvnstat;
+        defaultText = literalExpression "pkgs.tsvnstat";
+        description = "The package to use for tsvnstat";
+      };
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    users.groups.${cfg.group} = { };
+    users.users.${cfg.user} = {
+      description = "tsvnstat service user";
+      isSystemUser = true;
+      home = "/var/lib/tsvnstat";
+      createHome = true;
+      group = "${cfg.group}";
+    };
+
+    services.vnstat.enable = true;
+
+    systemd.services.tsvnstat = {
+      enable = true;
+      description = "tsvnstat server";
+      wantedBy = [ "network-online.target" ];
+      after = [ "network-online.target" ];
+
+      path = [
+        pkgs.vnstat
+        pkgs.coreutils
+        pkgs.bash
+      ];
+
+      environment = {
+        HOME = "/var/lib/tsvnstat";
+        HOSTNAME = config.networking.hostName;
+      };
+
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+
+        RuntimeDirectory = "tsvnstat";
+        StateDirectory = "tsvnstat";
+        StateDirectoryMode = "0755";
+        CacheDirectory="tsvnstat";
+        CacheDirectoryMode = "0755";
+
+        ExecStart =
+          "${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} -key ${cfg.keyPath}";
+      };
+    };
+  };
+}