Merge pull request #263335 from anthonyroussel/nixos-goss

- [pgBouncer](https://www.pgbouncer.org), a PostgreSQL connection pooler. Available as [services.pgbouncer](#opt-services.pgbouncer.enable).

- [Goss](https://goss.rocks/), a YAML based serverspec alternative tool for validating a server's configuration. Available as [services.goss](#opt-services.goss.enable).

- [trust-dns](https://trust-dns.org/), a Rust based DNS server built to be safe and secure from the ground up. Available as [services.trust-dns](#opt-services.trust-dns.enable).

- [osquery](https://www.osquery.io/), a SQL powered operating system instrumentation, monitoring, and analytics.

  ./services/monitoring/datadog-agent.nix

  ./services/monitoring/do-agent.nix

  ./services/monitoring/fusion-inventory.nix

  ./services/monitoring/goss.nix

  ./services/monitoring/grafana-agent.nix

  ./services/monitoring/grafana-image-renderer.nix

  ./services/monitoring/grafana-reporter.nix

# Goss {#module-services-goss}

[goss](https://goss.rocks/) is a YAML based serverspec alternative tool

for validating a server's configuration.

## Basic Usage {#module-services-goss-basic-usage}

A minimal configuration looks like this:

```

{

  services.goss = {

    enable = true;

    environment = {

      GOSS_FMT = "json";

      GOSS_LOGLEVEL = "TRACE";

    };

    settings = {

      addr."tcp://localhost:8080" = {

        reachable = true;

        local-address = "127.0.0.1";

      };

      command."check-goss-version" = {

        exec = "${lib.getExe pkgs.goss} --version";

        exit-status = 0;

      };

      dns.localhost.resolvable = true;

      file."/nix" = {

        filetype = "directory";

        exists = true;

      };

      group.root.exists = true;

      kernel-param."kernel.ostype".value = "Linux";

      service.goss = {

        enabled = true;

        running = true;

      };

      user.root.exists = true;

    };

  };

}

```

{ config, lib, pkgs, ... }:

let

  cfg = config.services.goss;

  settingsFormat = pkgs.formats.yaml { };

  configFile = settingsFormat.generate "goss.yaml" cfg.settings;

in {

  meta = {

    doc = ./goss.md;

    maintainers = [ lib.maintainers.anthonyroussel ];

  };

  options = {

    services.goss = {

      enable = lib.mkEnableOption (lib.mdDoc "Goss daemon");

      package = lib.mkPackageOptionMD pkgs "goss" { };

      environment = lib.mkOption {

        type = lib.types.attrsOf lib.types.str;

        default = { };

        example = {

          GOSS_FMT = "json";

          GOSS_LOGLEVEL = "FATAL";

          GOSS_LISTEN = ":8080";

        };

        description = lib.mdDoc ''

          Environment variables to set for the goss service.

          See <https://github.com/goss-org/goss/blob/master/docs/manual.md>

        '';

      };

      settings = lib.mkOption {

        type = lib.types.submodule { freeformType = settingsFormat.type; };

        default = { };

        example = {

          addr."tcp://localhost:8080" = {

            reachable = true;

            local-address = "127.0.0.1";

          };

          service.goss = {

            enabled = true;

            running = true;

          };

        };

        description = lib.mdDoc ''

          The global options in `config` file in yaml format.

          Refer to <https://github.com/goss-org/goss/blob/master/docs/goss-json-schema.yaml> for schema.

        '';

      };

    };

  };

  config = lib.mkIf cfg.enable {

    environment.systemPackages = [ cfg.package ];

    systemd.services.goss = {

      description = "Goss - Quick and Easy server validation";

      unitConfig.Documentation = "https://github.com/goss-org/goss/blob/master/docs/manual.md";

      after = [ "network-online.target" ];

      wantedBy = [ "multi-user.target" ];

      wants = [ "network-online.target" ];

      environment = {

        GOSS_FILE = configFile;

      } // cfg.environment;

      reloadTriggers = [ configFile ];

      serviceConfig = {

        DynamicUser = true;

        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";

        ExecStart = "${cfg.package}/bin/goss serve";

        Group = "goss";

        Restart = "on-failure";

        RestartSec = 5;

        User = "goss";

      };

    };

  };

}

  gollum = handleTest ./gollum.nix {};

  gonic = handleTest ./gonic.nix {};

  google-oslogin = handleTest ./google-oslogin {};

  goss = handleTest ./goss.nix {};

  gotify-server = handleTest ./gotify-server.nix {};

  gotosocial = runTest ./web-apps/gotosocial.nix;

  grafana = handleTest ./grafana {};