diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-02-22 10:43:06 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-03-11 16:17:56 +0000 |
commit | ca1aada113c0ebda1ab8667199f6453f8e01c4fc (patch) | |
tree | 55e402280096f62eb0bc8bcad5ce6050c5a0aec7 /nixpkgs/nixos/modules/services/networking/mtr-exporter.nix | |
parent | e4df5a52a6a6531f32626f57205356a773ac2975 (diff) | |
parent | 93883402a445ad467320925a0a5dbe43a949f25b (diff) | |
download | nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.gz nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.bz2 nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.lz nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.xz nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.zst nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.zip |
Merge commit '93883402a445ad467320925a0a5dbe43a949f25b'
Conflicts: nixpkgs/nixos/modules/programs/ssh.nix nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix nixpkgs/pkgs/data/fonts/noto-fonts/default.nix nixpkgs/pkgs/development/go-modules/generic/default.nix nixpkgs/pkgs/development/interpreters/ruby/default.nix nixpkgs/pkgs/development/libraries/mesa/default.nix
Diffstat (limited to 'nixpkgs/nixos/modules/services/networking/mtr-exporter.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/networking/mtr-exporter.nix | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/services/networking/mtr-exporter.nix b/nixpkgs/nixos/modules/services/networking/mtr-exporter.nix new file mode 100644 index 000000000000..ca261074ebde --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/mtr-exporter.nix @@ -0,0 +1,87 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) + maintainers types mkEnableOption mkOption mkIf + literalExpression escapeShellArg escapeShellArgs; + cfg = config.services.mtr-exporter; +in { + options = { + services = { + mtr-exporter = { + enable = mkEnableOption "a Prometheus exporter for MTR"; + + target = mkOption { + type = types.str; + example = "example.org"; + description = "Target to check using MTR."; + }; + + interval = mkOption { + type = types.int; + default = 60; + description = "Interval between MTR checks in seconds."; + }; + + port = mkOption { + type = types.port; + default = 8080; + description = "Listen port for MTR exporter."; + }; + + address = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Listen address for MTR exporter."; + }; + + mtrFlags = mkOption { + type = with types; listOf str; + default = []; + example = ["-G1"]; + description = "Additional flags to pass to MTR."; + }; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.mtr-exporter = { + script = '' + exec ${pkgs.mtr-exporter}/bin/mtr-exporter \ + -mtr ${pkgs.mtr}/bin/mtr \ + -schedule '@every ${toString cfg.interval}s' \ + -bind ${escapeShellArg cfg.address}:${toString cfg.port} \ + -- \ + ${escapeShellArgs (cfg.mtrFlags ++ [ cfg.target ])} + ''; + wantedBy = [ "multi-user.target" ]; + requires = [ "network.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Restart = "on-failure"; + # Hardening + CapabilityBoundingSet = [ "" ]; + DynamicUser = true; + LockPersonality = true; + ProcSubset = "pid"; + PrivateDevices = true; + PrivateUsers = true; + PrivateTmp = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProtectSystem = "strict"; + RestrictNamespaces = true; + RestrictRealtime = true; + }; + }; + }; + + meta.maintainers = with maintainers; [ jakubgs ]; +} |