nixos/modules/services/monitoring/netdata.nix at 18.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / monitoring / netdata.nix
at 18.09-beta 3.2 kB view raw
  1{ config, pkgs, lib, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.netdata;
  7
  8  wrappedPlugins = pkgs.runCommand "wrapped-plugins" {} ''
  9    mkdir -p $out/libexec/netdata/plugins.d
 10    ln -s /run/wrappers/bin/apps.plugin $out/libexec/netdata/plugins.d/apps.plugin
 11  '';
 12
 13  localConfig = {
 14    global = {
 15      "plugins directory" = "${wrappedPlugins}/libexec/netdata/plugins.d ${pkgs.netdata}/libexec/netdata/plugins.d";
 16    };
 17    web = {
 18      "web files owner" = "root";
 19      "web files group" = "root";
 20    };
 21  };
 22  mkConfig = generators.toINI {} (recursiveUpdate localConfig cfg.config);
 23  configFile = pkgs.writeText "netdata.conf" (if cfg.configText != null then cfg.configText else mkConfig);
 24
 25  defaultUser = "netdata";
 26
 27in {
 28  options = {
 29    services.netdata = {
 30      enable = mkEnableOption "netdata";
 31
 32      user = mkOption {
 33        type = types.str;
 34        default = "netdata";
 35        description = "User account under which netdata runs.";
 36      };
 37
 38      group = mkOption {
 39        type = types.str;
 40        default = "netdata";
 41        description = "Group under which netdata runs.";
 42      };
 43
 44      configText = mkOption {
 45        type = types.nullOr types.lines;
 46        description = "Verbatim netdata.conf, cannot be combined with config.";
 47        default = null;
 48        example = ''
 49          [global]
 50          debug log = syslog
 51          access log = syslog
 52          error log = syslog
 53        '';
 54      };
 55
 56      config = mkOption {
 57        type = types.attrsOf types.attrs;
 58        default = {};
 59        description = "netdata.conf configuration as nix attributes. cannot be combined with configText.";
 60        example = literalExample ''
 61          global = {
 62            "debug log" = "syslog";
 63            "access log" = "syslog";
 64            "error log" = "syslog";
 65          };
 66        '';
 67        };
 68      };
 69    };
 70
 71  config = mkIf cfg.enable {
 72    assertions =
 73      [ { assertion = cfg.config != {} -> cfg.configText == null ;
 74          message = "Cannot specify both config and configText";
 75        }
 76      ];
 77    systemd.services.netdata = {
 78      path = with pkgs; [ gawk curl ];
 79      description = "Real time performance monitoring";
 80      after = [ "network.target" ];
 81      wantedBy = [ "multi-user.target" ];
 82      preStart = concatStringsSep "\n" (map (dir: ''
 83        mkdir -vp ${dir}
 84        chmod 750 ${dir}
 85        chown -R ${cfg.user}:${cfg.group} ${dir}
 86        '') [ "/var/cache/netdata"
 87              "/var/log/netdata"
 88              "/var/lib/netdata" ]);
 89      serviceConfig = {
 90        User = cfg.user;
 91        Group = cfg.group;
 92        PermissionsStartOnly = true;
 93        ExecStart = "${pkgs.netdata}/bin/netdata -D -c ${configFile}";
 94        TimeoutStopSec = 60;
 95      };
 96    };
 97
 98    security.wrappers."apps.plugin" = {
 99      source = "${pkgs.netdata}/libexec/netdata/plugins.d/apps.plugin";
100      capabilities = "cap_dac_read_search,cap_sys_ptrace+ep";
101      owner = cfg.user;
102      group = cfg.group;
103      permissions = "u+rx,g+rx,o-rwx";
104    };
105
106
107    users.users = optional (cfg.user == defaultUser) {
108      name = defaultUser;
109    };
110
111    users.groups = optional (cfg.group == defaultUser) {
112      name = defaultUser;
113    };
114
115  };
116}