nixos/prometheus-exporters/wireguard: add support for `-s` switch

Since version 3.0 all allowed IPs and subnets are exposed by the
exporter. With `-s` set on the CLI, instead of a comma-separated list,
each allowed IP and subnet will be in a single field with the schema
`allowed_ip_<index>`.

1 files changed, 12 insertions, 0 deletions

diff --git a/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix b/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix
index c5b84e574b8d..eae7a61297d1 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix
@@ -23,12 +23,24 @@ in {
         to set the peers up.
       '';
     };
+
+    singleSubnetPerField = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        By default, all allowed IPs and subnets are comma-separated in the
+        <literal>allowed_ips</literal> field. With this option enabled,
+        a single IP and subnet will be listed in fields like <literal>allowed_ip_0</literal>,
+        <literal>allowed_ip_1</literal> and so on.
+      '';
+    };
   };
   serviceOpts = {
     script = ''
       ${pkgs.prometheus-wireguard-exporter}/bin/prometheus_wireguard_exporter \
         -p ${toString cfg.port} \
         ${optionalString cfg.verbose "-v"} \
+        ${optionalString cfg.singleSubnetPerField "-s"} \
         ${optionalString (cfg.wireguardConfig != null) "-n ${cfg.wireguardConfig}"}
     '';