feat(treewide): Set up Beszel Hub and Agent for monitoring

data.nix

@@ -37,6 +37,11 @@
       file = ./secrets/server-main-elis/nextcloud-admin-password.age;
       owner = "nextcloud";
     };
+    beszel-ssh-ec = {
+      file = ./secrets/server-main-elis/beszel-ssh-ec.age;
+      path = "/data/var/lib/beszel-hub/beszel_data/id_ed25519";
+      owner = "root";
+    };
     syncoid-server-main-elis-ssh-ec = {
       file = ./secrets/server-main-elis/syncoid-ssh-ec.age;
       path = "/var/lib/syncoid/.ssh/id_ed25519";

hosts/server-main-elis/configuration.nix

@@ -140,6 +140,38 @@
 
       "root@vps06:zroot/safe/data".target = "zroot/backups/current/vps06/data";
     };
+
+    # Allow beszel to monitor this system
+    services.beszel-agent.enable = true;
+    services.beszel-agent.extraFilesystems = [
+      "/boot"
+      "/boot-fallback"
+      "/data"
+      "/data/home"
+      "/data/local"
+      "/media/zstorage"
+      "/nix"
+    ];
+
+    # Enable monitoring hub of systems
+    services.beszel-hub.enable = true;
+    services.beszel-hub.settings = [
+      {
+        name = "server-main-elis";
+        host = "server-main-elis";
+        port = 45876;
+      }
+      {
+        name = "vps06";
+        host = "vps06";
+        port = 45876;
+      }
+      {
+        name = "server-sparv";
+        host = "server-sparv";
+        port = 45876;
+      }
+    ];
   };
 
   # Add a user for concate

hosts/server-main-elis/services/homepage.nix

@@ -12,7 +12,16 @@
     environmentFile = config.age.secrets.homepage-dashboard-environment.path;
     bookmarks = [
       {
-        Media = [
+        Bookmarks = [
+          {
+            Beszel = [
+              {
+                icon = "beszel.svg";
+                href = "http://server-main-elis:6432";
+                description = "Beszel";
+              }
+            ];
+          }
           {
             Bazarr = [
               {

hosts/server-sparv/configuration.nix

@@ -52,6 +52,18 @@
     user.extraRootAuthorizedKeys = myData.pubkeys.etu.github-actions;
 
     services.netdata.enable = true;
+
+    # Allow beszel to monitor this system
+    services.beszel-agent.enable = true;
+    services.beszel-agent.extraFilesystems = [
+      "/boot"
+      "/boot-fallback"
+      "/data"
+      "/data/local"
+      "/home"
+      "/media/zstorage"
+      "/nix"
+    ];
   };
 
   # Disable documentation to make the system smaller.

hosts/vps06/configuration.nix

@@ -52,6 +52,15 @@
       "zroot/safe/data".use_template = ["data"];
     };
     services.netdata.enable = true;
+
+    # Allow beszel to monitor this system
+    services.beszel-agent.enable = true;
+    services.beszel-agent.extraFilesystems = [
+      "/boot"
+      "/data"
+      "/data/local"
+      "/nix"
+    ];
   };
 
   # Disable documentation to make the system smaller.

modules/services/beszel/default.nix

@@ -0,0 +1,98 @@
+{
+  config,
+  myData,
+  pkgs,
+  lib,
+  ...
+}: let
+  beszelConfigFile = pkgs.writeTextFile {
+    name = "beszel-config.yml";
+    text = lib.generators.toYAML {} config.etu.services.beszel-hub.settings;
+  };
+in {
+  options.etu.services.beszel-hub = {
+    enable = lib.mkEnableOption "Enable beszel-hub service";
+    settings = lib.mkOption {
+      type = lib.types.listOf (lib.types.submodule {
+        options = {
+          name = lib.mkOption {
+            type = lib.types.str;
+          };
+          host = lib.mkOption {
+            type = lib.types.str;
+          };
+          port = lib.mkOption {
+            type = lib.types.port;
+          };
+        };
+      });
+      default = [];
+      description = "Configuration of bezsel hub";
+    };
+  };
+
+  options.etu.services.beszel-agent = {
+    enable = lib.mkEnableOption "Enable beszel-agent service";
+    extraFilesystems = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [];
+      description = "Extra filesystems to monitor";
+    };
+  };
+
+  config = lib.mkIf (config.etu.services.beszel-hub.enable || config.etu.services.beszel-agent.enable) {
+    # Include private ssh key as secret
+    age.secrets = lib.mkIf config.etu.services.beszel-hub.enable {
+      inherit (myData.ageModules) beszel-ssh-ec;
+    };
+
+    # Make sure the bezsel hub home directory exists
+    systemd.tmpfiles.rules = lib.mkIf config.etu.services.beszel-hub.enable [
+      "d /data/var/lib/beszel-hub/beszel_data 0700 root root -"
+    ];
+
+    # Bind mount for persistent beszel hub state
+    etu.base.zfs.system.directories = [
+      "/var/lib/beszel-hub"
+    ];
+
+    # Enable the beszel hub
+    systemd.services.beszel-hub = lib.mkIf config.etu.services.beszel-hub.enable {
+      description = "Beszel Hub";
+      after = ["network.target"];
+      wantedBy = ["multi-user.target"];
+      restartTriggers = [
+        "/var/lib/beszel-hub/beszel_data/config.yml"
+        config.age.secrets.beszel-ssh-ec.path
+      ];
+      serviceConfig = {
+        Type = "simple";
+        Restart = "always";
+        RestartSec = "3";
+        User = "root";
+        WorkingDirectory = "/var/lib/beszel-hub";
+        ExecStartPre = "${pkgs.coreutils}/bin/ln -sf ${beszelConfigFile} /var/lib/beszel-hub/beszel_data/config.yml";
+        ExecStart = "${pkgs.beszel}/bin/beszel-hub serve --http 0.0.0.0:6432";
+      };
+    };
+
+    # Enable the beszel agent
+    systemd.services.beszel-agent = lib.mkIf config.etu.services.beszel-agent.enable {
+      description = "Beszel Agent";
+      after = ["network.target"];
+      wantedBy = ["multi-user.target"];
+      environment = {
+        PORT = "45876";
+        KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQNjvl2OsSmdglE7WHsU8CmEsGWJUx2uHfMOZ14ONFi";
+        EXTRA_FILESYSTEMS = lib.concatStringsSep "," config.etu.services.beszel-agent.extraFilesystems;
+      };
+      serviceConfig = {
+        Type = "simple";
+        Restart = "always";
+        RestartSec = "3";
+        User = "root";
+        ExecStart = "${pkgs.beszel}/bin/beszel-agent";
+      };
+    };
+  };
+}

modules/services/default.nix

@@ -1,5 +1,6 @@
 {...}: {
   imports = [
+    ./beszel
     ./freshrss
     ./jellyfin
     ./netdata

secrets.nix

@@ -40,6 +40,7 @@ in {
   "secrets/server-main-elis/initrd-sshd-ec.age".publicKeys = etu ++ hosts.server-main-elis;
   "secrets/server-main-elis/nextcloud-admin-password.age".publicKeys = etu ++ hosts.server-main-elis;
   "secrets/server-main-elis/syncoid-ssh-ec.age".publicKeys = etu ++ hosts.server-main-elis;
+  "secrets/server-main-elis/beszel-ssh-ec.age".publicKeys = etu ++ hosts.server-main-elis;
   "secrets/server-sparv/valheim-server-env.age".publicKeys = etu ++ hosts.server-sparv;
   "secrets/workstations/syncoid-ssh-ec.age".publicKeys = etu ++ hosts.desktop-elis ++ hosts.laptop-private-elis ++ hosts.laptop-work-elis;
 }