pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / monitoring / prometheus / exporters / node.nix
at 23.11-beta 1.9 kB view raw
1{ config, lib, pkgs, options }: 2 3with lib; 4 5let 6 cfg = config.services.prometheus.exporters.node; 7 collectorIsEnabled = final: any (collector: (final == collector)) cfg.enabledCollectors; 8 collectorIsDisabled = final: any (collector: (final == collector)) cfg.disabledCollectors; 9in 10{ 11 port = 9100; 12 extraOpts = { 13 enabledCollectors = mkOption { 14 type = types.listOf types.str; 15 default = []; 16 example = [ "systemd" ]; 17 description = lib.mdDoc '' 18 Collectors to enable. The collectors listed here are enabled in addition to the default ones. 19 ''; 20 }; 21 disabledCollectors = mkOption { 22 type = types.listOf types.str; 23 default = []; 24 example = [ "timex" ]; 25 description = lib.mdDoc '' 26 Collectors to disable which are enabled by default. 27 ''; 28 }; 29 }; 30 serviceOpts = { 31 serviceConfig = { 32 DynamicUser = false; 33 RuntimeDirectory = "prometheus-node-exporter"; 34 ExecStart = '' 35 ${pkgs.prometheus-node-exporter}/bin/node_exporter \ 36 ${concatMapStringsSep " " (x: "--collector." + x) cfg.enabledCollectors} \ 37 ${concatMapStringsSep " " (x: "--no-collector." + x) cfg.disabledCollectors} \ 38 --web.listen-address ${cfg.listenAddress}:${toString cfg.port} ${concatStringsSep " " cfg.extraFlags} 39 ''; 40 RestrictAddressFamilies = optionals (collectorIsEnabled "logind" || collectorIsEnabled "systemd") [ 41 # needs access to dbus via unix sockets (logind/systemd) 42 "AF_UNIX" 43 ] ++ optionals (collectorIsEnabled "network_route" || collectorIsEnabled "wifi" || ! collectorIsDisabled "netdev") [ 44 # needs netlink sockets for wireless collector 45 "AF_NETLINK" 46 ]; 47 # The timex collector needs to access clock APIs 48 ProtectClock = collectorIsDisabled "timex"; 49 # Allow space monitoring under /home 50 ProtectHome = true; 51 }; 52 }; 53}