pyrox.dev
1{ config, lib, pkgs, options }:
2
3with lib;
4
5let
6 cfg = config.services.prometheus.exporters.smartctl;
7 args = lib.escapeShellArgs ([
8 "--web.listen-address=${cfg.listenAddress}:${toString cfg.port}"
9 "--smartctl.path=${pkgs.smartmontools}/bin/smartctl"
10 "--smartctl.interval=${cfg.maxInterval}"
11 ] ++ map (device: "--smartctl.device=${device}") cfg.devices
12 ++ cfg.extraFlags);
13in {
14 port = 9633;
15
16 extraOpts = {
17 devices = mkOption {
18 type = types.listOf types.str;
19 default = [];
20 example = literalExpression ''
21 [ "/dev/sda", "/dev/nvme0n1" ];
22 '';
23 description = lib.mdDoc ''
24 Paths to the disks that will be monitored. Will autodiscover
25 all disks if none given.
26 '';
27 };
28 maxInterval = mkOption {
29 type = types.str;
30 default = "60s";
31 example = "2m";
32 description = lib.mdDoc ''
33 Interval that limits how often a disk can be queried.
34 '';
35 };
36 };
37
38 serviceOpts = {
39 serviceConfig = {
40 AmbientCapabilities = [
41 "CAP_SYS_RAWIO"
42 "CAP_SYS_ADMIN"
43 ];
44 CapabilityBoundingSet = [
45 "CAP_SYS_RAWIO"
46 "CAP_SYS_ADMIN"
47 ];
48 DevicePolicy = "closed";
49 DeviceAllow = lib.mkOverride 50 [
50 "block-blkext rw"
51 "block-sd rw"
52 "char-nvme rw"
53 ];
54 ExecStart = ''
55 ${pkgs.prometheus-smartctl-exporter}/bin/smartctl_exporter ${args}
56 '';
57 PrivateDevices = lib.mkForce false;
58 ProtectProc = "invisible";
59 ProcSubset = "pid";
60 SupplementaryGroups = [ "disk" ];
61 SystemCallFilter = [ "@system-service" "~@privileged" ];
62 };
63 };
64}