pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / monitoring / cadvisor.nix
at 17.09-beta 4.1 kB view raw
1{ config, pkgs, lib, ... }: 2 3with lib; 4 5let 6 cfg = config.services.cadvisor; 7 8in { 9 options = { 10 services.cadvisor = { 11 enable = mkOption { 12 default = false; 13 type = types.bool; 14 description = "Whether to enable cadvisor service."; 15 }; 16 17 listenAddress = mkOption { 18 default = "127.0.0.1"; 19 type = types.str; 20 description = "Cadvisor listening host"; 21 }; 22 23 port = mkOption { 24 default = 8080; 25 type = types.int; 26 description = "Cadvisor listening port"; 27 }; 28 29 storageDriver = mkOption { 30 default = null; 31 type = types.nullOr types.str; 32 example = "influxdb"; 33 description = "Cadvisor storage driver."; 34 }; 35 36 storageDriverHost = mkOption { 37 default = "localhost:8086"; 38 type = types.str; 39 description = "Cadvisor storage driver host."; 40 }; 41 42 storageDriverDb = mkOption { 43 default = "root"; 44 type = types.str; 45 description = "Cadvisord storage driver database name."; 46 }; 47 48 storageDriverUser = mkOption { 49 default = "root"; 50 type = types.str; 51 description = "Cadvisor storage driver username."; 52 }; 53 54 storageDriverPassword = mkOption { 55 default = "root"; 56 type = types.str; 57 description = '' 58 Cadvisor storage driver password. 59 60 Warning: this password is stored in the world-readable Nix store. It's 61 recommended to use the <option>storageDriverPasswordFile</option> option 62 since that gives you control over the security of the password. 63 <option>storageDriverPasswordFile</option> also takes precedence over <option>storageDriverPassword</option>. 64 ''; 65 }; 66 67 storageDriverPasswordFile = mkOption { 68 type = types.str; 69 description = '' 70 File that contains the cadvisor storage driver password. 71 72 <option>storageDriverPasswordFile</option> takes precedence over <option>storageDriverPassword</option> 73 74 Warning: when <option>storageDriverPassword</option> is non-empty this defaults to a file in the 75 world-readable Nix store that contains the value of <option>storageDriverPassword</option>. 76 77 It's recommended to override this with a path not in the Nix store. 78 Tip: use <link xlink:href='https://nixos.org/nixops/manual/#idm140737318306400'>nixops key management</link> 79 ''; 80 }; 81 82 storageDriverSecure = mkOption { 83 default = false; 84 type = types.bool; 85 description = "Cadvisor storage driver, enable secure communication."; 86 }; 87 }; 88 }; 89 90 config = mkMerge [ 91 { services.cadvisor.storageDriverPasswordFile = mkIf (cfg.storageDriverPassword != "") ( 92 mkDefault (toString (pkgs.writeTextFile { 93 name = "cadvisor-storage-driver-password"; 94 text = cfg.storageDriverPassword; 95 })) 96 ); 97 } 98 99 (mkIf cfg.enable { 100 systemd.services.cadvisor = { 101 wantedBy = [ "multi-user.target" ]; 102 after = [ "network.target" "docker.service" "influxdb.service" ]; 103 104 postStart = mkBefore '' 105 until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do 106 sleep 1; 107 done 108 ''; 109 110 script = '' 111 exec ${pkgs.cadvisor}/bin/cadvisor \ 112 -logtostderr=true \ 113 -listen_ip="${cfg.listenAddress}" \ 114 -port="${toString cfg.port}" \ 115 ${optionalString (cfg.storageDriver != null) '' 116 -storage_driver "${cfg.storageDriver}" \ 117 -storage_driver_user "${cfg.storageDriverHost}" \ 118 -storage_driver_db "${cfg.storageDriverDb}" \ 119 -storage_driver_user "${cfg.storageDriverUser}" \ 120 -storage_driver_password "$(cat "${cfg.storageDriverPasswordFile}")" \ 121 ${optionalString cfg.storageDriverSecure "-storage_driver_secure"} 122 ''} 123 ''; 124 125 serviceConfig.TimeoutStartSec=300; 126 }; 127 virtualisation.docker.enable = mkDefault true; 128 }) 129 ]; 130}