add pcomon to netbox

2025-01-11 16:35:41 -06:00 · 2025-01-11 16:35:41 -06:00 · 9c1f18278f
commit 9c1f18278f
parent 729527aeb2
6 changed files with 60 additions and 0 deletions
--- a/boxes/netbox/agenix.nix
+++ b/boxes/netbox/agenix.nix
@ -27,5 +27,11 @@
      owner = "nextcloud";
      group = "nextcloud";
    };
+
+    pcomon-secrets-file = {
+      file = ../../secrets/pcomon-secrets-file.age;
+      owner = "pcomon";
+      group = "pcomon";
+    };
  };
 }
--- a/boxes/netbox/default.nix
+++ b/boxes/netbox/default.nix
@ -10,6 +10,7 @@
    ./mail.nix
    ./nextcloud.nix
    ./nginx.nix
+    ./pcomon.nix
    ./radicale.nix
    ./ssh.nix
    ./sslh.nix
--- a/boxes/netbox/pcomon.nix
+++ b/boxes/netbox/pcomon.nix
@ -0,0 +1,27 @@
+{ config, pkgs, ... }:
+
+let
+  pcomon = (pkgs.callPackage ../../builds/pcomon.nix {});
+in {
+  users.users.pcomon = {
+    isSystemUser = true;
+    group = "pcomon";
+  };
+
+  users.groups.pcomon = {};
+
+  systemd.services.pcomon = {
+    serviceConfig.type = "oneshot";
+    script = ''
+      ${pkgs.coreutils}/bin/mkdir -p /run/pcomon
+      ${pkgs.coreutils}/bin/chown -R pcomon:pcomon /run/pcomon
+      ${pcomon}/bin/pcomon ${config.age.secrets.pcomon-secrets-file.path}
+    '';
+  };
+
+  systemd.timers.pcomon = {
+    wantedBy = [ "timers.target" ];
+    partOf = [ "pcomon.service" ];
+    timerConfig.OnCalendar = "*:*:0/30";
+  };
+}
--- a/builds/pcomon.nix
+++ b/builds/pcomon.nix
@ -0,0 +1,13 @@
+{ python3Packages, system-sendmail, fetchgit }:
+with python3Packages;
+buildPythonApplication {
+  pname = "pcomon";
+  version = "1.0.0";
+
+  propagatedBuildInputs = [ requests system-sendmail ];
+
+  src = fetchgit {
+    url = "https://git.beepboop.systems/stupidcomputer/pcomon";
+    hash = "sha256-XxPb1WWq5YQz+UZ7P5dgInPweSD+52R2XVmoVrV0GMQ=";
+  };
+}
--- a/secrets/pcomon-secrets-file.age
+++ b/secrets/pcomon-secrets-file.age
@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 NIIFZw 5sSS8lntUmJQBcYLay7PNt3Lw6kjFhgXQM7CcHthV1w
+J73XMhzBrPWKiVEhDWO2mU04d37QUhd93W/yyY8f8ug
+-> ssh-ed25519 E0Y+lw 2GZvJm18ZCkFoTq7d9f88IvE9vxc/RN2nRj6XOYamEc
+UcPfmSRIMLfRtrRADcneNYKRstLLMuHIZ/zCSwK+4ko
+-> ssh-ed25519 q1rODg C/xVY60gXFGe7R38udjfGxDuhNwAHj3w1YG+SzxHUUg
+XylNlkJFYxSEAa5k6DbN0uJc+lSR3+9tPZI6Y3vETBA
+--- Hxku4chQxW+uldmCokmMJ/zflXG6nC2GMqu4vOB0ahU
+ùî%qþOý÷È—×¸
 òÒª[À~þÎ€
+Ç¦ºÏƒ<EFBFBD>Œ˜¨‰Zh6¯™Õ(p6æÎ&ÛÕew|Íåï°’ Íñ!Ç—öçãmŒ|áj±eäh¬7Ëì
ÖQS¬÷]Ž:´ý%¤Ìwó¬!½Â/ð©™› ˆ 0£‡å·±2™óôJygfCÅ%˜ÒŸÝV¨vpÓ ‚ë•/I`‘geW…CÍ<>ü@ÊÙÓG©òè@¹•r.®`«§Ö2U[•Á;3ÆÃwÿýÝ±FÉÖG`B¸¯<C2B8>ENwéZ“Ý<C2AD>ú|ähÆf—¢
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -22,4 +22,7 @@ in {

  # networkmanager
  "nm-home-net-config.age".publicKeys = with machines; [ copernicus.pubkey aristotle.pubkey ];
+
+  # pcomon
+  "pcomon-secrets-file.age".publicKeys = [ machines.copernicus.pubkey machines.aristotle.pubkey server-netbox ];
 }