pyrox.dev
1{ config, pkgs, lib, ... }:
2
3with lib;
4
5let
6 cfg = config.services.prometheus.blackboxExporter;
7in {
8 options = {
9 services.prometheus.blackboxExporter = {
10 enable = mkEnableOption "prometheus blackbox exporter";
11
12 configFile = mkOption {
13 type = types.path;
14 description = ''
15 Path to configuration file.
16 '';
17 };
18
19 port = mkOption {
20 type = types.int;
21 default = 9115;
22 description = ''
23 Port to listen on.
24 '';
25 };
26
27 extraFlags = mkOption {
28 type = types.listOf types.str;
29 default = [];
30 description = ''
31 Extra commandline options when launching the blackbox exporter.
32 '';
33 };
34
35 openFirewall = mkOption {
36 type = types.bool;
37 default = false;
38 description = ''
39 Open port in firewall for incoming connections.
40 '';
41 };
42 };
43 };
44
45 config = mkIf cfg.enable {
46 networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port;
47
48 systemd.services.prometheus-blackbox-exporter = {
49 description = "Prometheus exporter for blackbox probes";
50 unitConfig.Documentation = "https://github.com/prometheus/blackbox_exporter";
51 wantedBy = [ "multi-user.target" ];
52 serviceConfig = {
53 User = "nobody";
54 Restart = "always";
55 PrivateTmp = true;
56 WorkingDirectory = /tmp;
57 AmbientCapabilities = [ "CAP_NET_RAW" ]; # for ping probes
58 ExecStart = ''
59 ${pkgs.prometheus-blackbox-exporter}/bin/blackbox_exporter \
60 --web.listen-address :${toString cfg.port} \
61 --config.file ${cfg.configFile} \
62 ${concatStringsSep " \\\n " cfg.extraFlags}
63 '';
64 ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
65 };
66 };
67 };
68}