Skip to content

Commit

Permalink
WIP
Browse files Browse the repository at this point in the history
  • Loading branch information
rhoriguchi committed Nov 29, 2024
1 parent 11b5041 commit 69d6135
Show file tree
Hide file tree
Showing 4 changed files with 126 additions and 0 deletions.
13 changes: 13 additions & 0 deletions configuration/devices/headless/router/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ in {

./adguardhome.nix
./firewall.nix
./librenms.nix
./routing.nix
./web-proxy.nix

Expand Down Expand Up @@ -35,5 +36,17 @@ in {
username = secrets.infomaniak.username;
password = secrets.infomaniak.password;
};

snmpd = {
enable = true;

listenAddress = "127.0.0.1";
configText = ''
rocommunity public
sysLocation Cabinet
sysContact ${config.security.acme.defaults.email}
'';
};
};
}
94 changes: 94 additions & 0 deletions configuration/devices/headless/router/librenms.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
{ pkgs, config, lib, secrets, ... }:
let defaultUser = "admin";
in {
services = {
infomaniak = {
enable = true;

username = secrets.infomaniak.username;
password = secrets.infomaniak.password;
hostnames = [ "librenms.00a.ch" ];
};

# workaround for the nginx attributes since lib.mkMerge fails
nginx.virtualHosts."${config.services.librenms.hostname}".locations."/" = {
basicAuth = secrets.nginx.basicAuth."librenms.00a.ch";

extraConfig = ''
fastcgi_param REMOTE_USER ${defaultUser};
satisfy any;
allow 192.168.1.0/24;
deny all;
'';
};

# TODO vlan are not shown
# TODO arp table are is shown
librenms = {
enable = true;

hostname = "librenms.00a.ch";

settings = {
auth_mechanism = "http-auth";

autodiscovery.nets-exclude = [ ];
nets = [ "127.0.0.1" "192.168.1.0/24" ];

discovery_modules.discovery-arp = true;
};

database = {
createLocally = true;
socket = "/run/mysqld/mysqld.sock";
};

nginx = {
enableACME = true;
forceSSL = true;
};
};
};

systemd.services.librenms-add-admin-user = {
after = [ "librenms-setup.service" ];
wantedBy = [ "multi-user.target" ];

serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = config.services.librenms.user;
Group = config.services.librenms.group;
};

script = let
pkg = builtins.head (builtins.filter (pkg: pkg.name == "lnms") config.environment.systemPackages);
lnms = "${pkg}/bin/lnms";
in ''
${lnms} db:seed --force
${lnms} user:add ${
lib.concatStringsSep " " [
''--email "${config.security.acme.defaults.email}"''
''--password "$(${pkgs.openssl}/bin/openssl rand --hex 16)"''
"--role admin"
"--no-interaction"
]
} ${defaultUser} || true
echo "${
lib.concatStringsSep " " [
"UPDATE ${config.services.librenms.database.database}.users"
"SET auth_type = '${config.services.librenms.settings.auth_mechanism}'"
"WHERE username = '${defaultUser}'"
]
};" | ${pkgs.mariadb}/bin/mysql --socket='${config.services.librenms.database.socket}' || true
'';
};

services.cron.systemCronJobs = [
"27 * * * * ${config.services.librenms.user} ${pkgs.python3}/bin/python /${config.services.librenms.package}/snmp-scan.py >> /dev/null 2>&1"
];
}
19 changes: 19 additions & 0 deletions modules/default/librenms.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# TODO remove when merged https://nixpk.gs/pr-tracker.html?pr=359182

{ modulesPath, ... }:
let
src = let
owner = "NixOS";
repo = "nixpkgs";
rev = "cf4d89e473867d68587cfe098e0725194eddf149";
sha256 = "sha256:0an0xa61wpgympk391kyn6pdmx4jnbiyapcr193kc9qk9r3x3iaz";
in builtins.fetchTarball {
name = "nixpkgs";
url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz";
inherit sha256;
};
in {
disabledModules = [ "${modulesPath}/services/monitoring/librenms.nix" ];

imports = [ "${src}/nixos/modules/services/monitoring/librenms.nix" ];
}
Binary file modified secrets.nix
Binary file not shown.

0 comments on commit 69d6135

Please sign in to comment.