blob: 2f4444a96c694b8d5fc55674a0998046482c7352 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
{ config
, lib
, pkgs
, options
, ...
}:
with lib;
let
cfg = config.services.prometheus.exporters.unbound;
in
{
imports = [
(mkRemovedOptionModule [ "controlInterface" ] "This option was removed, use the `unbound.host` option instead.")
(mkRemovedOptionModule [ "fetchType" ] "This option was removed, use the `unbound.host` option instead.")
({ options.warnings = options.warnings; options.assertions = options.assertions; })
];
port = 9167;
extraOpts = {
telemetryPath = mkOption {
type = types.str;
default = "/metrics";
description = lib.mdDoc ''
Path under which to expose metrics.
'';
};
unbound = {
ca = mkOption {
type = types.nullOr types.path;
default = "/var/lib/unbound/unbound_server.pem";
example = null;
description = ''
Path to the Unbound server certificate authority
'';
};
certificate = mkOption {
type = types.nullOr types.path;
default = "/var/lib/unbound/unbound_control.pem";
example = null;
description = ''
Path to the Unbound control socket certificate
'';
};
key = mkOption {
type = types.nullOr types.path;
default = "/var/lib/unbound/unbound_control.key";
example = null;
description = ''
Path to the Unbound control socket key.
'';
};
host = mkOption {
type = types.str;
default = "tcp://127.0.0.1:8953";
example = "unix:///run/unbound/unbound.socket";
description = lib.mdDoc ''
Path to the unbound control socket. Supports unix domain sockets, as well as the TCP interface.
'';
};
};
};
serviceOpts = mkMerge ([{
serviceConfig = {
User = "unbound"; # to access the unbound_control.key
ExecStart = ''
${pkgs.prometheus-unbound-exporter}/bin/unbound_exporter \
--unbound.host "${cfg.unbound.host}" \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
--web.telemetry-path ${cfg.telemetryPath} \
${optionalString (cfg.unbound.ca != null) "--unbound.ca ${cfg.unbound.ca}"} \
${optionalString (cfg.unbound.certificate != null) "--unbound.cert ${cfg.unbound.certificate}"} \
${optionalString (cfg.unbound.key != null) "--unbound.key ${cfg.unbound.key}"} \
${toString cfg.extraFlags}
'';
RestrictAddressFamilies = [
"AF_UNIX"
"AF_INET"
"AF_INET6"
];
} // optionalAttrs (!config.services.unbound.enable) {
DynamicUser = true;
};
}] ++ [
(mkIf config.services.unbound.enable {
after = [ "unbound.service" ];
requires = [ "unbound.service" ];
})
]);
}
|