nixos/modules/services/monitoring/cadvisor.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / monitoring / cadvisor.nix
at 25.11-pre 4.6 kB view raw
  1{
  2  config,
  3  pkgs,
  4  lib,
  5  ...
  6}:
  7let
  8  cfg = config.services.cadvisor;
  9
 10in
 11{
 12  options = {
 13    services.cadvisor = {
 14      enable = lib.mkEnableOption "Cadvisor service";
 15
 16      listenAddress = lib.mkOption {
 17        default = "127.0.0.1";
 18        type = lib.types.str;
 19        description = "Cadvisor listening host";
 20      };
 21
 22      port = lib.mkOption {
 23        default = 8080;
 24        type = lib.types.port;
 25        description = "Cadvisor listening port";
 26      };
 27
 28      storageDriver = lib.mkOption {
 29        default = null;
 30        type = lib.types.nullOr lib.types.str;
 31        example = "influxdb";
 32        description = "Cadvisor storage driver.";
 33      };
 34
 35      storageDriverHost = lib.mkOption {
 36        default = "localhost:8086";
 37        type = lib.types.str;
 38        description = "Cadvisor storage driver host.";
 39      };
 40
 41      storageDriverDb = lib.mkOption {
 42        default = "root";
 43        type = lib.types.str;
 44        description = "Cadvisord storage driver database name.";
 45      };
 46
 47      storageDriverUser = lib.mkOption {
 48        default = "root";
 49        type = lib.types.str;
 50        description = "Cadvisor storage driver username.";
 51      };
 52
 53      storageDriverPassword = lib.mkOption {
 54        default = "root";
 55        type = lib.types.str;
 56        description = ''
 57          Cadvisor storage driver password.
 58
 59          Warning: this password is stored in the world-readable Nix store. It's
 60          recommended to use the {option}`storageDriverPasswordFile` option
 61          since that gives you control over the security of the password.
 62          {option}`storageDriverPasswordFile` also takes precedence over {option}`storageDriverPassword`.
 63        '';
 64      };
 65
 66      storageDriverPasswordFile = lib.mkOption {
 67        type = lib.types.str;
 68        description = ''
 69          File that contains the cadvisor storage driver password.
 70
 71          {option}`storageDriverPasswordFile` takes precedence over {option}`storageDriverPassword`
 72
 73          Warning: when {option}`storageDriverPassword` is non-empty this defaults to a file in the
 74          world-readable Nix store that contains the value of {option}`storageDriverPassword`.
 75
 76          It's recommended to override this with a path not in the Nix store.
 77          Tip: use [nixops key management](https://nixos.org/nixops/manual/#idm140737318306400)
 78        '';
 79      };
 80
 81      storageDriverSecure = lib.mkOption {
 82        default = false;
 83        type = lib.types.bool;
 84        description = "Cadvisor storage driver, enable secure communication.";
 85      };
 86
 87      extraOptions = lib.mkOption {
 88        type = lib.types.listOf lib.types.str;
 89        default = [ ];
 90        description = ''
 91          Additional cadvisor options.
 92
 93          See <https://github.com/google/cadvisor/blob/master/docs/runtime_options.md> for available options.
 94        '';
 95      };
 96    };
 97  };
 98
 99  config = lib.mkMerge [
100    {
101      services.cadvisor.storageDriverPasswordFile = lib.mkIf (cfg.storageDriverPassword != "") (
102        lib.mkDefault (
103          toString (
104            pkgs.writeTextFile {
105              name = "cadvisor-storage-driver-password";
106              text = cfg.storageDriverPassword;
107            }
108          )
109        )
110      );
111    }
112
113    (lib.mkIf cfg.enable {
114      systemd.services.cadvisor = {
115        wantedBy = [ "multi-user.target" ];
116        after = [
117          "network.target"
118          "docker.service"
119          "influxdb.service"
120        ];
121
122        path = lib.optionals config.boot.zfs.enabled [ pkgs.zfs ];
123
124        postStart = lib.mkBefore ''
125          until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do
126            sleep 1;
127          done
128        '';
129
130        script = ''
131          exec ${pkgs.cadvisor}/bin/cadvisor \
132            -logtostderr=true \
133            -listen_ip="${cfg.listenAddress}" \
134            -port="${toString cfg.port}" \
135            ${lib.escapeShellArgs cfg.extraOptions} \
136            ${lib.optionalString (cfg.storageDriver != null) ''
137              -storage_driver "${cfg.storageDriver}" \
138              -storage_driver_host "${cfg.storageDriverHost}" \
139              -storage_driver_db "${cfg.storageDriverDb}" \
140              -storage_driver_user "${cfg.storageDriverUser}" \
141              -storage_driver_password "$(cat "${cfg.storageDriverPasswordFile}")" \
142              ${lib.optionalString cfg.storageDriverSecure "-storage_driver_secure"}
143            ''}
144        '';
145
146        serviceConfig.TimeoutStartSec = 300;
147      };
148    })
149  ];
150}