nrpe-service.nix

{ lib, pkgs, config, ... }@args:

with lib;
let
  cfg = config.services.nrpe;
  nrpe = pkgs.callPackage ./nrpe.nix { };
  nrpeState = "/var/lib/nrpe";
  nrpeLogDir = "/var/log/nrpe";
  nrpeCfgFile =
    let
      default = {
        log_file = "${nrpeLogDir}/nrpe.log";
        debug = "0";
        nrpe_user = "nrpe";
        nrpe_group = "nrpe";
        dont_blame_nrpe = "0";
        allow_bash_command_substitution = "0";
        command_timeout = "60";
        connection_timeout = "300";
      };
      lines = mapAttrsToList (key: value: "${key}=${value}") (default // cfg.extraConfig);
      content = concatStringsSep "\n" lines;
    in
    pkgs.writeText "nagios.cfg" content;
in
{
  options = {
    services.nrpe = {
      enable = mkEnableOption ''[Nagios Remote Plugin Executor](https://github.com/NagiosEnterprises/nrpe/) to monitor your system or network.'';
      plugins = mkOption {
        type = types.listOf types.package;
        default = with pkgs; [ monitoring-plugins ];
        defaultText = literalExpression "[pkgs.monitoring-plugins]";
        description = ''
          Packages to be added to the NRPE {env}`PATH`.
          Typically used to add plugins, but can be anything.
        '';
      };
      extraConfig = mkOption {
        type = types.attrsOf types.str;
        example = {
          debug = "0";
        };
        default = { };
        description = "Configuration to add to /etc/nrpe.cfg";
      };
    };
  };
  config = mkIf cfg.enable {

    users.users.nrpe = {
      description = "NRPE user";
      isSystemUser = true;
      home = nrpeState;
      group = "nrpe";
    };

    users.groups.nrpe = { };

    environment.systemPackages = [ nrpe ];

    environment.etc."nrpe.cfg".source = nrpeCfgFile;

    networking = {
      firewall.allowedTCPPorts = [ 5666 ];
    };

    systemd.services.nrpe = {
      description = "NRPE daemon";
      path = [ nrpe ] ++ cfg.plugins;
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];
      restartTriggers = [ nrpeCfgFile ];

      serviceConfig = {
        User = "nrpe";
        Group = "nrpe";
        Restart = "always";
        RestartSec = 2;
        LogsDirectory = "nrpe";
        StateDirectory = "nrpe";
        ExecStart = "${nrpe}/bin/nrpe -c /etc/nrpe.cfg -f";
      };
    };
  };
}