nixos/modules/services/monitoring/prometheus/unifi-exporter.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / monitoring / prometheus / unifi-exporter.nix
at 17.09-beta 2.9 kB view raw
  1{ config, pkgs, lib, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.prometheus.unifiExporter;
  7in {
  8  options = {
  9    services.prometheus.unifiExporter = {
 10      enable = mkEnableOption "prometheus unifi exporter";
 11
 12      port = mkOption {
 13        type = types.int;
 14        default = 9130;
 15        description = ''
 16          Port to listen on.
 17        '';
 18      };
 19
 20      unifiAddress = mkOption {
 21        type = types.str;
 22        example = "https://10.0.0.1:8443";
 23        description = ''
 24          URL of the UniFi Controller API.
 25        '';
 26      };
 27
 28      unifiInsecure = mkOption {
 29        type = types.bool;
 30        default = false;
 31        description = ''
 32          If enabled skip the verification of the TLS certificate of the UniFi Controller API.
 33          Use with caution.
 34        '';
 35      };
 36      
 37      unifiUsername = mkOption {
 38        type = types.str;
 39        example = "ReadOnlyUser";
 40        description = ''
 41          username for authentication against UniFi Controller API.
 42        '';
 43      };
 44      
 45      unifiPassword = mkOption {
 46        type = types.str;
 47        description = ''
 48          Password for authentication against UniFi Controller API.
 49        '';
 50      };
 51      
 52      unifiTimeout = mkOption {
 53        type = types.str;
 54        default = "5s";
 55        example = "2m";
 56        description = ''
 57          Timeout including unit for UniFi Controller API requests.
 58        '';
 59      };
 60
 61      extraFlags = mkOption {
 62        type = types.listOf types.str;
 63        default = [];
 64        description = ''
 65          Extra commandline options when launching the unifi exporter.
 66        '';
 67      };
 68
 69      openFirewall = mkOption {
 70        type = types.bool;
 71        default = false;
 72        description = ''
 73          Open port in firewall for incoming connections.
 74        '';
 75      };
 76    };
 77  };
 78
 79  config = mkIf cfg.enable {
 80    networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port;
 81
 82    systemd.services.prometheus-unifi-exporter = {
 83      description = "Prometheus exporter for UniFi Controller metrics";
 84      unitConfig.Documentation = "https://github.com/mdlayher/unifi_exporter";
 85      wantedBy = [ "multi-user.target" ];
 86      after = optional config.services.unifi.enable "unifi.service";
 87      serviceConfig = {
 88        User = "nobody";
 89        Restart = "always";
 90        PrivateTmp = true;
 91        WorkingDirectory = /tmp;
 92        ExecStart = ''
 93          ${pkgs.prometheus-unifi-exporter}/bin/unifi_exporter \
 94            -telemetry.addr :${toString cfg.port} \
 95            -unifi.addr ${cfg.unifiAddress} \
 96            -unifi.username ${cfg.unifiUsername} \
 97            -unifi.password ${cfg.unifiPassword} \
 98            -unifi.timeout ${cfg.unifiTimeout} \
 99            ${optionalString cfg.unifiInsecure "-unifi.insecure" } \
100            ${concatStringsSep " \\\n  " cfg.extraFlags}
101        '';
102      };
103    };
104  };
105}