diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/monitoring')
5 files changed, 151 insertions, 31 deletions
diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix index f5b97c51186a..8bb017894ee2 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -50,6 +50,7 @@ let "mikrotik" "minio" "modemmanager" + "mysqld" "nextcloud" "nginx" "nginxlog" @@ -297,6 +298,12 @@ in or 'services.prometheus.exporters.mail.configFile'. ''; } { + assertion = cfg.mysqld.runAsLocalSuperUser -> config.services.mysql.enable; + message = '' + The exporter is configured to run as 'services.mysql.user', but + 'services.mysql.enable' is set to false. + ''; + } { assertion = cfg.sql.enable -> ( (cfg.sql.configFile == null) != (cfg.sql.configuration == null) ); diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mysqld.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mysqld.nix new file mode 100644 index 000000000000..849c514de681 --- /dev/null +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mysqld.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, options }: +let + cfg = config.services.prometheus.exporters.mysqld; + inherit (lib) types mkOption mdDoc mkIf mkForce cli concatStringsSep optionalString escapeShellArgs; +in { + port = 9104; + extraOpts = { + telemetryPath = mkOption { + type = types.str; + default = "/metrics"; + description = mdDoc '' + Path under which to expose metrics. + ''; + }; + + runAsLocalSuperUser = mkOption { + type = types.bool; + default = false; + description = mdDoc '' + Whether to run the exporter as {option}`services.mysql.user`. + ''; + }; + + configFile = mkOption { + type = types.path; + example = "/var/lib/prometheus-mysqld-exporter.cnf"; + description = mdDoc '' + Path to the services config file. + + See <https://github.com/prometheus/mysqld_exporter#running> for more information about + the available options. + + ::: {.warn} + Please do not store this file in the nix store if you choose to include any credentials here, + as it would be world-readable. + ::: + ''; + }; + }; + + serviceOpts = { + serviceConfig = { + DynamicUser = !cfg.runAsLocalSuperUser; + User = mkIf cfg.runAsLocalSuperUser (mkForce config.services.mysql.user); + LoadCredential = mkIf (cfg.configFile != null) (mkForce ("config:" + cfg.configFile)); + ExecStart = concatStringsSep " " [ + "${pkgs.prometheus-mysqld-exporter}/bin/mysqld_exporter" + "--web.listen-address=${cfg.listenAddress}:${toString cfg.port}" + "--web.telemetry-path=${cfg.telemetryPath}" + (optionalString (cfg.configFile != null) ''--config.my-cnf=''${CREDENTIALS_DIRECTORY}/config'') + (escapeShellArgs cfg.extraFlags) + ]; + RestrictAddressFamilies = [ + # The exporter can be configured to talk to a local mysql server via a unix socket. + "AF_UNIX" + ]; + }; + }; +} + diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix index 7808c8861a76..28add020f5cc 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix @@ -33,6 +33,15 @@ in Make sure that this file is readable by the exporter user. ''; }; + tokenFile = mkOption { + type = types.path; + example = "/path/to/token-file"; + default = ""; + description = lib.mdDoc '' + File containing the token for connecting to Nextcloud. + Make sure that this file is readable by the exporter user. + ''; + }; timeout = mkOption { type = types.str; default = "5s"; @@ -47,12 +56,14 @@ in ExecStart = '' ${pkgs.prometheus-nextcloud-exporter}/bin/nextcloud-exporter \ --addr ${cfg.listenAddress}:${toString cfg.port} \ - --username ${cfg.username} \ --timeout ${cfg.timeout} \ --server ${cfg.url} \ - --password ${escapeShellArg "@${cfg.passwordFile}"} \ - ${concatStringsSep " \\\n " cfg.extraFlags} - ''; + ${if cfg.tokenFile == "" then '' + --username ${cfg.username} \ + --password ${escapeShellArg "@${cfg.passwordFile}"} \ + '' else '' + --auth-token ${escapeShellArg "@${cfg.tokenFile}"} \ + ''} ${concatStringsSep " \\\n " cfg.extraFlags}''; }; }; } diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unbound.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unbound.nix index f52d92a73d5d..f2336429d42f 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unbound.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unbound.nix @@ -1,4 +1,8 @@ -{ config, lib, pkgs, options }: +{ config +, lib +, pkgs +, options +}: with lib; @@ -6,17 +10,14 @@ let cfg = config.services.prometheus.exporters.unbound; in { + imports = [ + (mkRemovedOptionModule [ "controlInterface" ] "This option was removed, use the `unbound.host` option instead.") + (mkRemovedOptionModule [ "fetchType" ] "This option was removed, use the `unbound.host` option instead.") + ({ options.warnings = options.warnings; options.assertions = options.assertions; }) + ]; + port = 9167; extraOpts = { - fetchType = mkOption { - # TODO: add shm when upstream implemented it - type = types.enum [ "tcp" "uds" ]; - default = "uds"; - description = lib.mdDoc '' - Which methods the exporter uses to get the information from unbound. - ''; - }; - telemetryPath = mkOption { type = types.str; default = "/metrics"; @@ -25,34 +26,65 @@ in ''; }; - controlInterface = mkOption { - type = types.nullOr types.str; - default = null; - example = "/run/unbound/unbound.socket"; - description = lib.mdDoc '' - Path to the unbound socket for uds mode or the control interface port for tcp mode. + unbound = { + ca = mkOption { + type = types.nullOr types.path; + default = "/var/lib/unbound/unbound_server.pem"; + example = null; + description = '' + Path to the Unbound server certificate authority + ''; + }; - Example: - uds-mode: /run/unbound/unbound.socket - tcp-mode: 127.0.0.1:8953 - ''; + certificate = mkOption { + type = types.nullOr types.path; + default = "/var/lib/unbound/unbound_control.pem"; + example = null; + description = '' + Path to the Unbound control socket certificate + ''; + }; + + key = mkOption { + type = types.nullOr types.path; + default = "/var/lib/unbound/unbound_control.key"; + example = null; + description = '' + Path to the Unbound control socket key. + ''; + }; + + host = mkOption { + type = types.str; + default = "tcp://127.0.0.1:8953"; + example = "unix:///run/unbound/unbound.socket"; + description = lib.mdDoc '' + Path to the unbound control socket. Supports unix domain sockets, as well as the TCP interface. + ''; + }; }; }; serviceOpts = mkMerge ([{ serviceConfig = { + User = "unbound"; # to access the unbound_control.key ExecStart = '' - ${pkgs.prometheus-unbound-exporter}/bin/unbound-telemetry \ - ${cfg.fetchType} \ - --bind ${cfg.listenAddress}:${toString cfg.port} \ - --path ${cfg.telemetryPath} \ - ${optionalString (cfg.controlInterface != null) "--control-interface ${cfg.controlInterface}"} \ + ${pkgs.prometheus-unbound-exporter}/bin/unbound_exporter \ + --unbound.host "${cfg.unbound.host}" \ + --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ + --web.telemetry-path ${cfg.telemetryPath} \ + ${optionalString (cfg.unbound.ca != null) "--unbound.ca ${cfg.unbound.ca}"} \ + ${optionalString (cfg.unbound.certificate != null) "--unbound.cert ${cfg.unbound.certificate}"} \ + ${optionalString (cfg.unbound.key != null) "--unbound.key ${cfg.unbound.key}"} \ ${toString cfg.extraFlags} ''; RestrictAddressFamilies = [ - # Need AF_UNIX to collect data "AF_UNIX" + "AF_INET" + "AF_INET6" ]; + } // optionalAttrs (!config.services.unbound.enable) { + DynamicUser = true; }; }] ++ [ (mkIf config.services.unbound.enable { diff --git a/nixpkgs/nixos/modules/services/monitoring/vmagent.nix b/nixpkgs/nixos/modules/services/monitoring/vmagent.nix index c793bb073199..0e2ffb31c57c 100644 --- a/nixpkgs/nixos/modules/services/monitoring/vmagent.nix +++ b/nixpkgs/nixos/modules/services/monitoring/vmagent.nix @@ -62,6 +62,16 @@ in { Whether to open the firewall for the default ports. ''; }; + + extraArgs = mkOption { + type = types.listOf types.str; + default = []; + description = lib.mdDoc '' + Extra args to pass to `vmagent`. See the docs: + <https://docs.victoriametrics.com/vmagent.html#advanced-usage> + or {command}`vmagent -help` for more information. + ''; + }; }; config = mkIf cfg.enable { @@ -90,7 +100,7 @@ in { Type = "simple"; Restart = "on-failure"; WorkingDirectory = cfg.dataDir; - ExecStart = "${cfg.package}/bin/vmagent -remoteWrite.url=${cfg.remoteWriteUrl} -promscrape.config=${prometheusConfig}"; + ExecStart = "${cfg.package}/bin/vmagent -remoteWrite.url=${cfg.remoteWriteUrl} -promscrape.config=${prometheusConfig} ${escapeShellArgs cfg.extraArgs}"; }; }; |