diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix')
| -rw-r--r-- | nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix | 37 |
1 files changed, 13 insertions, 24 deletions
diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix index 8906c25d5037..50e1321a1e9c 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix @@ -4,16 +4,12 @@ with lib; let cfg = config.services.prometheus.exporters.smartctl; - format = pkgs.formats.yaml {}; - configFile = format.generate "smartctl-exporter.yml" { - smartctl_exporter = { - bind_to = "${cfg.listenAddress}:${toString cfg.port}"; - url_path = "/metrics"; - smartctl_location = "${pkgs.smartmontools}/bin/smartctl"; - collect_not_more_than_period = cfg.maxInterval; - devices = cfg.devices; - }; - }; + args = lib.escapeShellArgs ([ + "--web.listen-address=${cfg.listenAddress}:${toString cfg.port}" + "--smartctl.path=${pkgs.smartmontools}/bin/smartctl" + "--smartctl.interval=${cfg.maxInterval}" + ] ++ map (device: "--smartctl.device=${device}") cfg.devices + ++ cfg.extraFlags); in { port = 9633; @@ -50,26 +46,19 @@ in { "CAP_SYS_ADMIN" ]; DevicePolicy = "closed"; - DeviceAllow = lib.mkOverride 100 ( - if cfg.devices != [] then - cfg.devices - else [ - "block-blkext rw" - "block-sd rw" - "char-nvme rw" - ] - ); + DeviceAllow = lib.mkOverride 50 [ + "block-blkext rw" + "block-sd rw" + "char-nvme rw" + ]; ExecStart = '' - ${pkgs.prometheus-smartctl-exporter}/bin/smartctl_exporter -config ${configFile} + ${pkgs.prometheus-smartctl-exporter}/bin/smartctl_exporter ${args} ''; PrivateDevices = lib.mkForce false; ProtectProc = "invisible"; ProcSubset = "pid"; SupplementaryGroups = [ "disk" ]; - SystemCallFilter = [ - "@system-service" - "~@privileged @resources" - ]; + SystemCallFilter = [ "@system-service" "~@privileged" ]; }; }; } |