diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix new file mode 100644 index 000000000000..9d6b51ad140d --- /dev/null +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix @@ -0,0 +1,59 @@ +{ config, lib, pkgs, options, ... }: + +let + cfg = config.services.prometheus.exporters.node; + inherit (lib) + mkOption + types + concatStringsSep + concatMapStringsSep + any + optionals + ; + collectorIsEnabled = final: any (collector: (final == collector)) cfg.enabledCollectors; + collectorIsDisabled = final: any (collector: (final == collector)) cfg.disabledCollectors; +in +{ + port = 9100; + extraOpts = { + enabledCollectors = mkOption { + type = types.listOf types.str; + default = []; + example = [ "systemd" ]; + description = '' + Collectors to enable. The collectors listed here are enabled in addition to the default ones. + ''; + }; + disabledCollectors = mkOption { + type = types.listOf types.str; + default = []; + example = [ "timex" ]; + description = '' + Collectors to disable which are enabled by default. + ''; + }; + }; + serviceOpts = { + serviceConfig = { + DynamicUser = false; + RuntimeDirectory = "prometheus-node-exporter"; + ExecStart = '' + ${pkgs.prometheus-node-exporter}/bin/node_exporter \ + ${concatMapStringsSep " " (x: "--collector." + x) cfg.enabledCollectors} \ + ${concatMapStringsSep " " (x: "--no-collector." + x) cfg.disabledCollectors} \ + --web.listen-address ${cfg.listenAddress}:${toString cfg.port} ${concatStringsSep " " cfg.extraFlags} + ''; + RestrictAddressFamilies = optionals (collectorIsEnabled "logind" || collectorIsEnabled "systemd") [ + # needs access to dbus via unix sockets (logind/systemd) + "AF_UNIX" + ] ++ optionals (collectorIsEnabled "network_route" || collectorIsEnabled "wifi" || ! collectorIsDisabled "netdev") [ + # needs netlink sockets for wireless collector + "AF_NETLINK" + ]; + # The timex collector needs to access clock APIs + ProtectClock = collectorIsDisabled "timex"; + # Allow space monitoring under /home + ProtectHome = true; + }; + }; +} |