nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

{ config, lib, pkgs, options }:

with lib;

let
  logPrefix = "services.prometheus.exporter.blackbox";
  cfg = config.services.prometheus.exporters.blackbox;

  # This ensures that we can deal with string paths, path types and
  # store-path strings with context.
  coerceConfigFile = file:
    if (builtins.isPath file) || (lib.isStorePath file) then
      file
    else
      (lib.warn ''
        ${logPrefix}: configuration file "${file}" is being copied to the nix-store.
        If you would like to avoid that, please set enableConfigCheck to false.
      '' /. + file);
  checkConfigLocation = file:
    if lib.hasPrefix "/tmp/" file then
      throw
      "${logPrefix}: configuration file must not reside within /tmp - it won't be visible to the systemd service."
    else
      file;
  checkConfig = file:
    pkgs.runCommand "checked-blackbox-exporter.conf" {
      preferLocalBuild = true;
      nativeBuildInputs = [ pkgs.buildPackages.prometheus-blackbox-exporter ];
    } ''
      ln -s ${coerceConfigFile file} $out
      blackbox_exporter --config.check --config.file $out
    '';
in {
  port = 9115;
  extraOpts = {
    configFile = mkOption {
      type = types.path;
      description = lib.mdDoc ''
        Path to configuration file.
      '';
    };
    enableConfigCheck = mkOption {
      type = types.bool;
      default = true;
      description = lib.mdDoc ''
        Whether to run a correctness check for the configuration file. This depends
        on the configuration file residing in the nix-store. Paths passed as string will
        be copied to the store.
      '';
    };
  };

  serviceOpts = let
    adjustedConfigFile = if cfg.enableConfigCheck then
      checkConfig cfg.configFile
    else
      checkConfigLocation cfg.configFile;
  in {
    serviceConfig = {
      AmbientCapabilities = [ "CAP_NET_RAW" ]; # for ping probes
      ExecStart = ''
        ${pkgs.prometheus-blackbox-exporter}/bin/blackbox_exporter \
          --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
          --config.file ${escapeShellArg adjustedConfigFile} \
          ${concatStringsSep " \\\n  " cfg.extraFlags}
      '';
      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
    };
  };
}