diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/monitoring/prometheus')
6 files changed, 166 insertions, 50 deletions
diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix index 4fd630015f35..bb426d8b7beb 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix @@ -174,6 +174,7 @@ in { systemd.services.alertmanager = { wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ]; after = [ "network-online.target" ]; preStart = '' ${lib.getBin pkgs.envsubst}/bin/envsubst -o "/tmp/alert-manager-substituted.yaml" \ diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix index 35db8a7376b1..6be6ba7edf72 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -60,7 +60,6 @@ let "node" "nut" "openldap" - "openvpn" "pgbouncer" "php-fpm" "pihole" @@ -71,6 +70,7 @@ let "pve" "py-air-control" "redis" + "restic" "rspamd" "rtl_433" "sabnzbd" diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/openvpn.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/openvpn.nix deleted file mode 100644 index 5b54dad99805..000000000000 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/openvpn.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; - -let - cfg = config.services.prometheus.exporters.openvpn; -in { - port = 9176; - extraOpts = { - statusPaths = mkOption { - type = types.listOf types.str; - description = lib.mdDoc '' - Paths to OpenVPN status files. Please configure the OpenVPN option - `status` accordingly. - ''; - }; - telemetryPath = mkOption { - type = types.str; - default = "/metrics"; - description = lib.mdDoc '' - Path under which to expose metrics. - ''; - }; - }; - - serviceOpts = { - serviceConfig = { - PrivateDevices = true; - ProtectKernelModules = true; - NoNewPrivileges = true; - ExecStart = '' - ${pkgs.prometheus-openvpn-exporter}/bin/openvpn_exporter \ - -openvpn.status_paths "${concatStringsSep "," cfg.statusPaths}" \ - -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ - -web.telemetry-path ${cfg.telemetryPath} - ''; - }; - }; -} diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pve.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pve.nix index 20ee2e4b3238..83e740320df2 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pve.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pve.nix @@ -21,7 +21,7 @@ in type = with types; nullOr path; default = null; example = "/etc/prometheus-pve-exporter/pve.env"; - description = lib.mdDoc '' + description = '' Path to the service's environment file. This path can either be a computed path in /nix/store or a path in the local filesystem. The environment file should NOT be stored in /nix/store as it contains passwords and/or keys in plain text. @@ -34,7 +34,7 @@ in type = with types; nullOr path; default = null; example = "/etc/prometheus-pve-exporter/pve.yml"; - description = lib.mdDoc '' + description = '' Path to the service's config file. This path can either be a computed path in /nix/store or a path in the local filesystem. The config file should NOT be stored in /nix/store as it will contain passwords and/or keys in plain text. @@ -45,46 +45,66 @@ in ''; }; + server = { + keyFile = mkOption { + type = with types; nullOr path; + default = null; + example = "/var/lib/prometheus-pve-exporter/privkey.key"; + description = '' + Path to a SSL private key file for the server + ''; + }; + + certFile = mkOption { + type = with types; nullOr path; + default = null; + example = "/var/lib/prometheus-pve-exporter/full-chain.pem"; + description = '' + Path to a SSL certificate file for the server + ''; + }; + }; + collectors = { status = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Collect Node/VM/CT status ''; }; version = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Collect PVE version info ''; }; node = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Collect PVE node info ''; }; cluster = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Collect PVE cluster info ''; }; resources = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Collect PVE resources info ''; }; config = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Collect PVE onboot status ''; }; @@ -102,8 +122,10 @@ in --${optionalString (!cfg.collectors.cluster) "no-"}collector.cluster \ --${optionalString (!cfg.collectors.resources) "no-"}collector.resources \ --${optionalString (!cfg.collectors.config) "no-"}collector.config \ - %d/configFile \ - ${toString cfg.port} ${cfg.listenAddress} + ${optionalString (cfg.server.keyFile != null) "--server.keyfile ${cfg.server.keyFile}"} \ + ${optionalString (cfg.server.certFile != null) "--server.certfile ${cfg.server.certFile}"} \ + --config.file %d/configFile \ + --web.listen-address ${cfg.listenAddress}:${toString cfg.port} ''; } // optionalAttrs (cfg.environmentFile != null) { EnvironmentFile = cfg.environmentFile; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/restic.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/restic.nix new file mode 100644 index 000000000000..5b32c93a666d --- /dev/null +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/restic.nix @@ -0,0 +1,131 @@ +{ config, lib, pkgs, options }: + +with lib; + +let + cfg = config.services.prometheus.exporters.restic; +in +{ + port = 9753; + extraOpts = { + repository = mkOption { + type = types.str; + description = lib.mdDoc '' + URI pointing to the repository to monitor. + ''; + example = "sftp:backup@192.168.1.100:/backups/example"; + }; + + passwordFile = mkOption { + type = types.path; + description = lib.mdDoc '' + File containing the password to the repository. + ''; + example = "/etc/nixos/restic-password"; + }; + + environmentFile = mkOption { + type = with types; nullOr path; + default = null; + description = lib.mdDoc '' + File containing the credentials to access the repository, in the + format of an EnvironmentFile as described by systemd.exec(5) + ''; + }; + + refreshInterval = mkOption { + type = types.ints.unsigned; + default = 60; + description = lib.mdDoc '' + Refresh interval for the metrics in seconds. + Computing the metrics is an expensive task, keep this value as high as possible. + ''; + }; + + rcloneOptions = mkOption { + type = with types; attrsOf (oneOf [ str bool ]); + default = { }; + description = lib.mdDoc '' + Options to pass to rclone to control its behavior. + See <https://rclone.org/docs/#options> for + available options. When specifying option names, strip the + leading `--`. To set a flag such as + `--drive-use-trash`, which does not take a value, + set the value to the Boolean `true`. + ''; + }; + + rcloneConfig = mkOption { + type = with types; attrsOf (oneOf [ str bool ]); + default = { }; + description = lib.mdDoc '' + Configuration for the rclone remote being used for backup. + See the remote's specific options under rclone's docs at + <https://rclone.org/docs/>. When specifying + option names, use the "config" name specified in the docs. + For example, to set `--b2-hard-delete` for a B2 + remote, use `hard_delete = true` in the + attribute set. + + ::: {.warning} + Secrets set in here will be world-readable in the Nix + store! Consider using the {option}`rcloneConfigFile` + option instead to specify secret values separately. Note that + options set here will override those set in the config file. + ::: + ''; + }; + + rcloneConfigFile = mkOption { + type = with types; nullOr path; + default = null; + description = lib.mdDoc '' + Path to the file containing rclone configuration. This file + must contain configuration for the remote specified in this backup + set and also must be readable by root. + + ::: {.caution} + Options set in `rcloneConfig` will override those set in this + file. + ::: + ''; + }; + }; + + serviceOpts = { + serviceConfig = { + ExecStart = '' + ${pkgs.prometheus-restic-exporter}/bin/restic-exporter.py \ + ${concatStringsSep " \\\n " cfg.extraFlags} + ''; + EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile; + }; + environment = + let + rcloneRemoteName = builtins.elemAt (splitString ":" cfg.repository) 1; + rcloneAttrToOpt = v: "RCLONE_" + toUpper (builtins.replaceStrings [ "-" ] [ "_" ] v); + rcloneAttrToConf = v: "RCLONE_CONFIG_" + toUpper (rcloneRemoteName + "_" + v); + toRcloneVal = v: if lib.isBool v then lib.boolToString v else v; + in + { + RESTIC_REPO_URL = cfg.repository; + RESTIC_REPO_PASSWORD_FILE = cfg.passwordFile; + LISTEN_ADDRESS = cfg.listenAddress; + LISTEN_PORT = toString cfg.port; + REFRESH_INTERVAL = toString cfg.refreshInterval; + } + // (mapAttrs' + (name: value: + nameValuePair (rcloneAttrToOpt name) (toRcloneVal value) + ) + cfg.rcloneOptions) + // optionalAttrs (cfg.rcloneConfigFile != null) { + RCLONE_CONFIG = cfg.rcloneConfigFile; + } + // (mapAttrs' + (name: value: + nameValuePair (rcloneAttrToConf name) (toRcloneVal value) + ) + cfg.rcloneConfig); + }; +} diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix index 840ce493ee81..452cb154bcf6 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix @@ -3,6 +3,7 @@ with lib; let + logPrefix = "services.prometheus.exporters.snmp"; cfg = config.services.prometheus.exporters.snmp; # This ensures that we can deal with string paths, path types and |