pyrox.dev
1{ config, lib, pkgs, options }:
2let
3 cfg = config.services.prometheus.exporters.mysqld;
4 inherit (lib) types mkOption mdDoc mkIf mkForce cli concatStringsSep optionalString escapeShellArgs;
5in {
6 port = 9104;
7 extraOpts = {
8 telemetryPath = mkOption {
9 type = types.str;
10 default = "/metrics";
11 description = mdDoc ''
12 Path under which to expose metrics.
13 '';
14 };
15
16 runAsLocalSuperUser = mkOption {
17 type = types.bool;
18 default = false;
19 description = mdDoc ''
20 Whether to run the exporter as {option}`services.mysql.user`.
21 '';
22 };
23
24 configFile = mkOption {
25 type = types.path;
26 example = "/var/lib/prometheus-mysqld-exporter.cnf";
27 description = mdDoc ''
28 Path to the services config file.
29
30 See <https://github.com/prometheus/mysqld_exporter#running> for more information about
31 the available options.
32
33 ::: {.warn}
34 Please do not store this file in the nix store if you choose to include any credentials here,
35 as it would be world-readable.
36 :::
37 '';
38 };
39 };
40
41 serviceOpts = {
42 serviceConfig = {
43 DynamicUser = !cfg.runAsLocalSuperUser;
44 User = mkIf cfg.runAsLocalSuperUser (mkForce config.services.mysql.user);
45 LoadCredential = mkIf (cfg.configFile != null) (mkForce ("config:" + cfg.configFile));
46 ExecStart = concatStringsSep " " [
47 "${pkgs.prometheus-mysqld-exporter}/bin/mysqld_exporter"
48 "--web.listen-address=${cfg.listenAddress}:${toString cfg.port}"
49 "--web.telemetry-path=${cfg.telemetryPath}"
50 (optionalString (cfg.configFile != null) ''--config.my-cnf=''${CREDENTIALS_DIRECTORY}/config'')
51 (escapeShellArgs cfg.extraFlags)
52 ];
53 RestrictAddressFamilies = [
54 # The exporter can be configured to talk to a local mysql server via a unix socket.
55 "AF_UNIX"
56 ];
57 };
58 };
59}
60