diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index fb8453f1d53..d25836c2d8d 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -502,6 +502,7 @@ ./services/monitoring/das_watchdog.nix ./services/monitoring/datadog-agent.nix ./services/monitoring/dd-agent/dd-agent.nix + ./services/monitoring/do-agent.nix ./services/monitoring/fusion-inventory.nix ./services/monitoring/grafana.nix ./services/monitoring/grafana-reporter.nix diff --git a/nixos/modules/services/monitoring/do-agent.nix b/nixos/modules/services/monitoring/do-agent.nix new file mode 100644 index 00000000000..a03c3330348 --- /dev/null +++ b/nixos/modules/services/monitoring/do-agent.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.do-agent; +in +{ + options.services.do-agent = { + enable = mkEnableOption "do-agent, the DigitalOcean droplet metrics agent"; + + user = mkOption { + type = types.str; + default = "do-agent"; + description = "User account under which do-agent runs."; + }; + + group = mkOption { + type = types.str; + default = "do-agent"; + description = "Group account under which do-agent runs."; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.do-agent ]; + + systemd.services.do-agent = { + description = "DigitalOcean Droplet Metrics Agent"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${pkgs.do-agent}/bin/do-agent --syslog"; + Restart = "always"; + OOMScoreAdjust = -900; + SyslogIdentifier = "DigitalOceanAgent"; + PrivateTmp = "yes"; + ProtectSystem = "full"; + ProtectHome = "yes"; + NoNewPrivileges = "yes"; + }; + }; + + users.users = optionalAttrs (cfg.user == "do-agent") (singleton + { name = "do-agent"; + group = cfg.group; + }); + + users.groups = optionalAttrs (cfg.group == "do-agent") (singleton + { name = "do-agent"; + }); + }; +}