feat(package): sentinèlla: add auth

2025-10-03 02:30:24 +00:00
parent 0eb95197bc
commit 7fd3ba46c9
10 changed files with 346 additions and 186 deletions
--- a/nixos/module/hectic/service/sentinèlla.nix
+++ b/nixos/module/hectic/service/sentinèlla.nix
@@ -0,0 +1,106 @@
+{ 
+  inputs,
+  flake,
+  self,
+}:
+{ 
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  system = pkgs.system;
+  cfg = config.hectic.services.server-health;
+  #   URLS="http://..."     # default: none
+  #   VOLUMES="/ /home"     # default: all from df -P
+in {
+  options = {
+    hectic.services."sentinèlla" = {
+      probe = {
+        enable   = lib.mkEnableOption "enable sentinèlla probe services, that provides endpoints for server status check";
+        urls = lib.mkOption {
+          type = lib.types.port;
+          description = ''
+            urls to check
+          '';
+        };
+        volumes = lib.mkOption {
+          type = lib.types.port;
+          description = ''
+            volumes to check
+          '';
+        };
+        port = lib.mkOption {
+          type = lib.types.port;
+          description = ''
+            service's port
+          '';
+        };
+        environmentPath = lib.mkOption {
+          type = lib.types.path;
+	  example = ''
+            config.sops.secrets."name-of-service/environment".path
+	  '';
+	  description = ''
+	    in case when you do not want show configurations in repository
+	    ```
+              VOLUMES=
+              URLS=
+              PORT=
+	    ```
+	  '';
+        };
+      };
+      sentinel = {
+        enable   = lib.mkEnableOption "enable sentinèlla sentinel services, that reported servers statuses based on probe polls";
+        environmentPath = lib.mkOption {
+          type = lib.types.path;
+	  example = ''
+            config.sops.secrets."name-of-service/environment".path
+	  '';
+	  description = ''
+	    in case when you do not want show configurations in repository
+	  '';
+        };
+      };
+    };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf cfg.probe.enable {
+      services.nginx.virtualHosts = {
+      };
+      systemd.services."sentinèlla-probe" = {
+        description = "Hectic server health check";
+        after = [ "network.target" ];
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig = {
+          Type = "simple";
+          ExecStart = "${self.packages.${system}.server-health}/bin/probe";
+          EnvironmentFile = cfg.probe.environmentPath;
+          Environment = (if cfg.probe.urls != null then [
+            "URLS=${cfg.probe.urls}"
+          ] else []) ++ (if cfg.probe.volumes != null then [
+            "VOLUMES=${cfg.volumes}"
+          ] else []) ++ (if cfg.probe.port != null then [
+            "PORT=${builtins.toString cfg.probe.port}"
+          ] else []);
+          Restart = "always";
+          RestartSec = "5s";
+          
+          # Shutdown configuration
+          TimeoutStopSec = "30s";
+          KillSignal = "SIGTERM";
+          KillMode = "mixed";
+          
+          # Security and process management
+          RemainAfterExit = false;
+          StandardOutput = "journal";
+          StandardError = "journal";
+        };
+      };
+    })
+    (lib.mkIf cfg.sentinel.enable {
+      
+    })
+  ];
+}