pyrox.dev
1{ config, lib, pkgs, ... }:
2
3let
4 inherit (lib) mkEnableOption mkIf mkOption types;
5
6 cfg = config.services.tempo;
7
8 settingsFormat = pkgs.formats.yaml {};
9in {
10 options.services.tempo = {
11 enable = mkEnableOption (lib.mdDoc "Grafana Tempo");
12
13 settings = mkOption {
14 type = settingsFormat.type;
15 default = {};
16 description = lib.mdDoc ''
17 Specify the configuration for Tempo in Nix.
18
19 See https://grafana.com/docs/tempo/latest/configuration/ for available options.
20 '';
21 };
22
23 configFile = mkOption {
24 type = types.nullOr types.path;
25 default = null;
26 description = lib.mdDoc ''
27 Specify a path to a configuration file that Tempo should use.
28 '';
29 };
30 };
31
32 config = mkIf cfg.enable {
33 # for tempo-cli and friends
34 environment.systemPackages = [ pkgs.tempo ];
35
36 assertions = [{
37 assertion = (
38 (cfg.settings == {}) != (cfg.configFile == null)
39 );
40 message = ''
41 Please specify a configuration for Tempo with either
42 'services.tempo.settings' or
43 'services.tempo.configFile'.
44 '';
45 }];
46
47 systemd.services.tempo = {
48 description = "Grafana Tempo Service Daemon";
49 wantedBy = [ "multi-user.target" ];
50
51 serviceConfig = let
52 conf = if cfg.configFile == null
53 then settingsFormat.generate "config.yaml" cfg.settings
54 else cfg.configFile;
55 in
56 {
57 ExecStart = "${pkgs.tempo}/bin/tempo --config.file=${conf}";
58 DynamicUser = true;
59 Restart = "always";
60 ProtectSystem = "full";
61 DevicePolicy = "closed";
62 NoNewPrivileges = true;
63 WorkingDirectory = "/var/lib/tempo";
64 StateDirectory = "tempo";
65 };
66 };
67 };
68}