nixos/beszel: allow S.M.A.R.T monitoring

[hatch01]

Update to beszel 0.15.5 and allow systemd monitoring following this pr merged : henrygd/beszel#1153
following this comment in the module init : #380731 (comment)

Also allow smart monitoring highly copied from nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix

@Bot-wxt1221
@arunoruto
@BonusPlay

Things done

• Built on platform:
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• Tested, as applicable:
  • NixOS tests in nixos/tests.
  • Package tests at passthru.tests.
  • Tests in lib/tests or pkgs/test for functions and "core" functionality.
• Ran nixpkgs-review on this PR. See nixpkgs-review usage.
• Tested basic functionality of all binary files, usually in ./result/bin/.
• Nixpkgs Release Notes
  • Package update: when the change is major or breaking.
• NixOS Release Notes
  • Module addition: when adding a new NixOS module.
  • Module update: when the change is significant.
• Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

---

Add a 👍 reaction to pull requests you find important.

[hatch01]

Still not tested as the release 0.15.5 is not out for now.

[arunoruto]

15.5 isn't coming out, but 16.0 just released. I am still not sure if it can be built tho due to the version of the go toolchain...

[hatch01]

nixpkgs-review result

Generated using nixpkgs-review-gha

Command: nixpkgs-review pr 460730
Commit: 00771eeba274893dc4e2e208c31b97cccc1f3e7d (subsequent changes)
Merge: bbca80dd0a77b488d0da7bc5715f3a64b9af96c2

Logs: https://github.com/hatch01/nixpkgs-review-gha/actions/runs/19332611268

---

x86_64-linux

⏩ 2 packages blacklisted:

• nixos-install-tools
• tests.nixos-functions.nixos-test

✅ 1 package built:

• beszel

---

aarch64-linux

⏩ 2 packages blacklisted:

• nixos-install-tools
• tests.nixos-functions.nixos-test

✅ 1 package built:

• beszel

---

x86_64-darwin (sandbox = relaxed)

❌ 1 package failed to build:

• beszel

---

Error logs: `x86_64-darwin`

beszel

        server_test.go:176: 
            	Error Trace:	/nix/build/nix-9522-410436637/source/agent/server_test.go:176
            	Error:      	Received unexpected error:
            	            	dial tcp :45987: connect: operation not permitted
            	Test:       	TestStartServer/good_key_still_good
2025/11/13 13:47:19 WARN Data directory not found
2025/11/13 13:47:19 INFO Root disk mountpoint=/ io=disk0
2025/11/13 13:47:19 WARN Data directory not found
2025/11/13 13:47:19 INFO Root disk mountpoint=/ io=disk0
2025/11/13 13:47:19 WARN Data directory not found
2025/11/13 13:47:19 INFO Root disk mountpoint=/ io=disk0
2025/11/13 13:47:19 WARN Data directory not found
2025/11/13 13:47:19 INFO Root disk mountpoint=/ io=disk0
2025/11/13 13:47:19 WARN Data directory not found
2025/11/13 13:47:19 INFO Root disk mountpoint=/ io=disk0
2025/11/13 13:47:19 WARN Data directory not found
2025/11/13 13:47:19 INFO Root disk mountpoint=/ io=disk0
FAIL
FAIL	github.com/henrygd/beszel/agent	2.067s
FAIL

---

aarch64-darwin (sandbox = relaxed)

❌ 1 package failed to build:

• beszel

---

Error logs: `aarch64-darwin`

beszel

        server_test.go:176: 
            	Error Trace:	/nix/build/nix-5370-692541792/source/agent/server_test.go:176
            	Error:      	Received unexpected error:
            	            	dial tcp :45987: connect: operation not permitted
            	Test:       	TestStartServer/good_key_still_good
2025/11/13 13:39:44 WARN Data directory not found
2025/11/13 13:39:44 INFO Root disk mountpoint=/ io=disk0
2025/11/13 13:39:44 WARN Data directory not found
2025/11/13 13:39:44 INFO Root disk mountpoint=/ io=disk0
2025/11/13 13:39:44 WARN Data directory not found
2025/11/13 13:39:44 INFO Root disk mountpoint=/ io=disk0
2025/11/13 13:39:44 WARN Data directory not found
2025/11/13 13:39:44 INFO Root disk mountpoint=/ io=disk0
2025/11/13 13:39:44 WARN Data directory not found
2025/11/13 13:39:44 INFO Root disk mountpoint=/ io=disk0
2025/11/13 13:39:45 WARN Data directory not found
2025/11/13 13:39:45 INFO Root disk mountpoint=/ io=disk0
FAIL
FAIL	github.com/henrygd/beszel/agent	1.371s
FAIL

[hatch01]

I need to wait for go 1.25.3 to be merged in nixos-unstable to test on my server

[hatch01]

May I need to fix the tests on darwin with something like :

  checkFlags = lib.optionals.stdenv.isDarwin [
    # Disable tests that require a running server on darwin
    "-run=^(Test(?!StartServer))"
  ];

Or is this normal ?

[karlprieb]

Just tested it in linux x86_64 and aarch64 and it works.

[karlprieb]

Maybe these should be optional, including the smartmontools package.
For those who are not interested in SMART stats these settings are not needed and the security aspect we had before can be kept.

[arunoruto]

Agreed, adding an option for such a purpose would be ideal or somehow manage it via env variables. I will look into this later.

[hatch01]

Having an option for this is definitely a good idea, but I’m not entirely sure whether it should default to true or false.

Pros of setting it to true by default:

• Improves discoverability of Beszel’s features.
• Prevents potential warnings if Beszel tries to access a disk without the proper permissions.
• Could alert users to disk issues they might not have been aware of.

Pros of setting it to false by default:

• Avoids interfering with users’ drive sleep schedules, which can be important for some setups.

[arunoruto]

Here are a few points:

1. I guess that the update to 16.0 will happen automatically like beszel: 0.14.1 -> 0.15.4 #461038, I am just waiting for 1.25.3 to hit unstable so there isn't one more package that is staling the propagation to the final branches.
2. This means this PR will probably drop the package update, and we can just concentrate to merge the smartmon tools. We need a good way of handling this. Like @karlprieb mentioned, this should be optional and shouldn't be forced to everyone. This can mess up with someones schedule to make drives sleep, so we need to be very careful!
3. With that said, systemd monitoring is a bit beyond the scope of this PR then, especially since we do not know what is needed to make it run correctly on NixOS. I would suggest to postpone this to a separate PR where we can tackle it :)

Points 1. and 3. both need go-1.25.3 (https://nixpk.gs/pr-tracker.html?pr=451802), so lets wait until it hits unstable.

Regarding 2., what would be the main point of this PR (IMHO):
Maybe a custom option services.beszel-agent.smartmon would be appropriate with enable and package options. If there is a better or more elegant way, I am open for suggestions.

[hatch01]

Ok I will split this PR into 3 PR (keeping update to 0.16.0 to be faster than r-ryantm)

[arunoruto]

Ok I will split this PR into 3 PR (keeping update to 0.16.0 to be faster than r-ryantm)

You are right, but r-ryantm can be merged by a package maintainer, your PR has to be merged by someone with a commit bit. But we will see what will happen faster. I think there is a way to enforce a r-ryantm PR, but I will have to look into that :)

[BonusPlay]

Any specific reason for mkForce in PrivateDevices? I think modules should use mkDefault and mkForce should be almost strictly reserved for end user to override config when needed.

[hatch01]

I stole it at :

nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix
67:      PrivateDevices = lib.mkForce false;

But yes, I agree that just using mkDefault should be enough.

[hatch01]

No hint on why this is forced in the PR from Prometheus (#147056), so let's stay with mkDefault.

[BonusPlay]

Note to commiters: this PR is waiting for relevant package update.

[hatch01]

Note to commiters: this PR is waiting for relevant package update.

This is not true anymore; S.M.A.R.T. support is included in Beszel since v0.15.0, and the current Beszel in Nixpkgs (unstable) is 0.15.4.
So this PR is ready for merge I think.

[BonusPlay]

Oh right, I meant the systemd is waiting for 0.16. We can merge this one.

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-ready-for-review/3032/6130

[hatch01]

@arunoruto is this PR good for you, or are there still things to fix?

[arunoruto]

I am not sure about the systemd settings, someone else should take a look at it if its fine. But I have been using the PR for a time now and it has been working. This doesn't mean the security can't be tighten further ;)

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-ready-for-review/3032/6301

[nixpkgs-ci]

Successfully created backport PR for release-25.11:

• [Backport release-25.11] nixos/beszel: allow S.M.A.R.T monitoring #487703