pyrox.dev
1{ config, pkgs, lib, ... }:
2
3with lib;
4
5let
6 cfg = config.services.cadvisor;
7
8in {
9 options = {
10 services.cadvisor = {
11 enable = mkOption {
12 default = false;
13 type = types.bool;
14 description = "Whether to enable cadvisor service.";
15 };
16
17 listenAddress = mkOption {
18 default = "127.0.0.1";
19 type = types.str;
20 description = "Cadvisor listening host";
21 };
22
23 port = mkOption {
24 default = 8080;
25 type = types.int;
26 description = "Cadvisor listening port";
27 };
28
29 storageDriver = mkOption {
30 default = null;
31 type = types.nullOr types.str;
32 example = "influxdb";
33 description = "Cadvisor storage driver.";
34 };
35
36 storageDriverHost = mkOption {
37 default = "localhost:8086";
38 type = types.str;
39 description = "Cadvisor storage driver host.";
40 };
41
42 storageDriverDb = mkOption {
43 default = "root";
44 type = types.str;
45 description = "Cadvisord storage driver database name.";
46 };
47
48 storageDriverUser = mkOption {
49 default = "root";
50 type = types.str;
51 description = "Cadvisor storage driver username.";
52 };
53
54 storageDriverPassword = mkOption {
55 default = "root";
56 type = types.str;
57 description = ''
58 Cadvisor storage driver password.
59
60 Warning: this password is stored in the world-readable Nix store. It's
61 recommended to use the <option>storageDriverPasswordFile</option> option
62 since that gives you control over the security of the password.
63 <option>storageDriverPasswordFile</option> also takes precedence over <option>storageDriverPassword</option>.
64 '';
65 };
66
67 storageDriverPasswordFile = mkOption {
68 type = types.str;
69 description = ''
70 File that contains the cadvisor storage driver password.
71
72 <option>storageDriverPasswordFile</option> takes precedence over <option>storageDriverPassword</option>
73
74 Warning: when <option>storageDriverPassword</option> is non-empty this defaults to a file in the
75 world-readable Nix store that contains the value of <option>storageDriverPassword</option>.
76
77 It's recommended to override this with a path not in the Nix store.
78 Tip: use <link xlink:href='https://nixos.org/nixops/manual/#idm140737318306400'>nixops key management</link>
79 '';
80 };
81
82 storageDriverSecure = mkOption {
83 default = false;
84 type = types.bool;
85 description = "Cadvisor storage driver, enable secure communication.";
86 };
87
88 extraOptions = mkOption {
89 type = types.listOf types.str;
90 default = [];
91 description = ''
92 Additional cadvisor options.
93
94 See <link xlink:href='https://github.com/google/cadvisor/blob/master/docs/runtime_options.md'/> for available options.
95 '';
96 };
97 };
98 };
99
100 config = mkMerge [
101 { services.cadvisor.storageDriverPasswordFile = mkIf (cfg.storageDriverPassword != "") (
102 mkDefault (toString (pkgs.writeTextFile {
103 name = "cadvisor-storage-driver-password";
104 text = cfg.storageDriverPassword;
105 }))
106 );
107 }
108
109 (mkIf cfg.enable {
110 systemd.services.cadvisor = {
111 wantedBy = [ "multi-user.target" ];
112 after = [ "network.target" "docker.service" "influxdb.service" ];
113
114 path = optionals config.boot.zfs.enabled [ pkgs.zfs ];
115
116 postStart = mkBefore ''
117 until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do
118 sleep 1;
119 done
120 '';
121
122 script = ''
123 exec ${pkgs.cadvisor}/bin/cadvisor \
124 -logtostderr=true \
125 -listen_ip="${cfg.listenAddress}" \
126 -port="${toString cfg.port}" \
127 ${escapeShellArgs cfg.extraOptions} \
128 ${optionalString (cfg.storageDriver != null) ''
129 -storage_driver "${cfg.storageDriver}" \
130 -storage_driver_user "${cfg.storageDriverHost}" \
131 -storage_driver_db "${cfg.storageDriverDb}" \
132 -storage_driver_user "${cfg.storageDriverUser}" \
133 -storage_driver_password "$(cat "${cfg.storageDriverPasswordFile}")" \
134 ${optionalString cfg.storageDriverSecure "-storage_driver_secure"}
135 ''}
136 '';
137
138 serviceConfig.TimeoutStartSec=300;
139 };
140 })
141 ];
142}