pyrox.dev
1{ config, pkgs, lib, ... }:
2
3with lib;
4
5let
6 cfg = config.services.cadvisor;
7
8in {
9 options = {
10 services.cadvisor = {
11 enable = mkEnableOption (lib.mdDoc "Cadvisor service");
12
13 listenAddress = mkOption {
14 default = "127.0.0.1";
15 type = types.str;
16 description = lib.mdDoc "Cadvisor listening host";
17 };
18
19 port = mkOption {
20 default = 8080;
21 type = types.port;
22 description = lib.mdDoc "Cadvisor listening port";
23 };
24
25 storageDriver = mkOption {
26 default = null;
27 type = types.nullOr types.str;
28 example = "influxdb";
29 description = lib.mdDoc "Cadvisor storage driver.";
30 };
31
32 storageDriverHost = mkOption {
33 default = "localhost:8086";
34 type = types.str;
35 description = lib.mdDoc "Cadvisor storage driver host.";
36 };
37
38 storageDriverDb = mkOption {
39 default = "root";
40 type = types.str;
41 description = lib.mdDoc "Cadvisord storage driver database name.";
42 };
43
44 storageDriverUser = mkOption {
45 default = "root";
46 type = types.str;
47 description = lib.mdDoc "Cadvisor storage driver username.";
48 };
49
50 storageDriverPassword = mkOption {
51 default = "root";
52 type = types.str;
53 description = lib.mdDoc ''
54 Cadvisor storage driver password.
55
56 Warning: this password is stored in the world-readable Nix store. It's
57 recommended to use the {option}`storageDriverPasswordFile` option
58 since that gives you control over the security of the password.
59 {option}`storageDriverPasswordFile` also takes precedence over {option}`storageDriverPassword`.
60 '';
61 };
62
63 storageDriverPasswordFile = mkOption {
64 type = types.str;
65 description = lib.mdDoc ''
66 File that contains the cadvisor storage driver password.
67
68 {option}`storageDriverPasswordFile` takes precedence over {option}`storageDriverPassword`
69
70 Warning: when {option}`storageDriverPassword` is non-empty this defaults to a file in the
71 world-readable Nix store that contains the value of {option}`storageDriverPassword`.
72
73 It's recommended to override this with a path not in the Nix store.
74 Tip: use [nixops key management](https://nixos.org/nixops/manual/#idm140737318306400)
75 '';
76 };
77
78 storageDriverSecure = mkOption {
79 default = false;
80 type = types.bool;
81 description = lib.mdDoc "Cadvisor storage driver, enable secure communication.";
82 };
83
84 extraOptions = mkOption {
85 type = types.listOf types.str;
86 default = [];
87 description = lib.mdDoc ''
88 Additional cadvisor options.
89
90 See <https://github.com/google/cadvisor/blob/master/docs/runtime_options.md> for available options.
91 '';
92 };
93 };
94 };
95
96 config = mkMerge [
97 { services.cadvisor.storageDriverPasswordFile = mkIf (cfg.storageDriverPassword != "") (
98 mkDefault (toString (pkgs.writeTextFile {
99 name = "cadvisor-storage-driver-password";
100 text = cfg.storageDriverPassword;
101 }))
102 );
103 }
104
105 (mkIf cfg.enable {
106 systemd.services.cadvisor = {
107 wantedBy = [ "multi-user.target" ];
108 after = [ "network.target" "docker.service" "influxdb.service" ];
109
110 path = optionals config.boot.zfs.enabled [ pkgs.zfs ];
111
112 postStart = mkBefore ''
113 until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do
114 sleep 1;
115 done
116 '';
117
118 script = ''
119 exec ${pkgs.cadvisor}/bin/cadvisor \
120 -logtostderr=true \
121 -listen_ip="${cfg.listenAddress}" \
122 -port="${toString cfg.port}" \
123 ${escapeShellArgs cfg.extraOptions} \
124 ${optionalString (cfg.storageDriver != null) ''
125 -storage_driver "${cfg.storageDriver}" \
126 -storage_driver_host "${cfg.storageDriverHost}" \
127 -storage_driver_db "${cfg.storageDriverDb}" \
128 -storage_driver_user "${cfg.storageDriverUser}" \
129 -storage_driver_password "$(cat "${cfg.storageDriverPasswordFile}")" \
130 ${optionalString cfg.storageDriverSecure "-storage_driver_secure"}
131 ''}
132 '';
133
134 serviceConfig.TimeoutStartSec=300;
135 };
136 })
137 ];
138}