pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / monitoring / vmagent.nix
at 24.11-pre 3.7 kB view raw
1{ config, pkgs, lib, ... }: 2 3let 4 cfg = config.services.vmagent; 5 settingsFormat = pkgs.formats.json { }; 6in { 7 imports = [ 8 (lib.mkRemovedOptionModule [ "services" "vmagent" "dataDir" ] "dataDir has been deprecated in favor of systemd provided CacheDirectory") 9 (lib.mkRemovedOptionModule [ "services" "vmagent" "user" ] "user has been deprecated in favor of systemd DynamicUser") 10 (lib.mkRemovedOptionModule [ "services" "vmagent" "group" ] "group has been deprecated in favor of systemd DynamicUser") 11 (lib.mkRenamedOptionModule [ "services" "vmagent" "remoteWriteUrl" ] [ "services" "vmagent" "remoteWrite" "url" ]) 12 ]; 13 14 options.services.vmagent = { 15 enable = lib.mkEnableOption "vmagent"; 16 17 package = lib.mkPackageOption pkgs "vmagent" { }; 18 19 remoteWrite = { 20 url = lib.mkOption { 21 default = null; 22 type = lib.types.nullOr lib.types.str; 23 description = '' 24 Endpoint for prometheus compatible remote_write 25 ''; 26 }; 27 basicAuthUsername = lib.mkOption { 28 default = null; 29 type = lib.types.nullOr lib.types.str; 30 description = '' 31 Basic Auth username used to connect to remote_write endpoint 32 ''; 33 }; 34 basicAuthPasswordFile = lib.mkOption { 35 default = null; 36 type = lib.types.nullOr lib.types.str; 37 description = '' 38 File that contains the Basic Auth password used to connect to remote_write endpoint 39 ''; 40 }; 41 }; 42 43 prometheusConfig = lib.mkOption { 44 type = lib.types.submodule { freeformType = settingsFormat.type; }; 45 description = '' 46 Config for prometheus style metrics 47 ''; 48 }; 49 50 openFirewall = lib.mkOption { 51 type = lib.types.bool; 52 default = false; 53 description = '' 54 Whether to open the firewall for the default ports. 55 ''; 56 }; 57 58 extraArgs = lib.mkOption { 59 type = lib.types.listOf lib.types.str; 60 default = []; 61 description = '' 62 Extra args to pass to `vmagent`. See the docs: 63 <https://docs.victoriametrics.com/vmagent.html#advanced-usage> 64 or {command}`vmagent -help` for more information. 65 ''; 66 }; 67 }; 68 69 config = lib.mkIf cfg.enable { 70 networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ 8429 ]; 71 72 systemd.services.vmagent = let 73 prometheusConfig = settingsFormat.generate "prometheusConfig.yaml" cfg.prometheusConfig; 74 startCommandLine = lib.concatStringsSep " " ([ 75 "${cfg.package}/bin/vmagent" 76 "-promscrape.config=${prometheusConfig}" 77 ] ++ cfg.extraArgs 78 ++ lib.optionals (cfg.remoteWrite.url != null) [ 79 "-remoteWrite.url=${cfg.remoteWrite.url}" 80 "-remoteWrite.tmpDataPath=%C/vmagent/remote_write_tmp" 81 ] ++ lib.optional (cfg.remoteWrite.basicAuthUsername != null) "-remoteWrite.basicAuth.username=${cfg.remoteWrite.basicAuthUsername}" 82 ++ lib.optional (cfg.remoteWrite.basicAuthPasswordFile != null) "-remoteWrite.basicAuth.passwordFile=\${CREDENTIALS_DIRECTORY}/remote_write_basic_auth_password"); 83 in { 84 wantedBy = [ "multi-user.target" ]; 85 after = [ "network.target" ]; 86 description = "vmagent system service"; 87 serviceConfig = { 88 DynamicUser = true; 89 User = "vmagent"; 90 Group = "vmagent"; 91 Type = "simple"; 92 Restart = "on-failure"; 93 CacheDirectory = "vmagent"; 94 ExecStart = startCommandLine; 95 LoadCredential = lib.optional (cfg.remoteWrite.basicAuthPasswordFile != null) [ 96 "remote_write_basic_auth_password:${cfg.remoteWrite.basicAuthPasswordFile}" 97 ]; 98 }; 99 }; 100 }; 101}