pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / monitoring / prometheus / exporters / tibber.nix
at 25.11-pre 1.3 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7let 8 cfg = config.services.prometheus.exporters.tibber; 9 inherit (lib) mkOption types concatStringsSep; 10in 11{ 12 port = 9489; 13 extraOpts = { 14 apiTokenPath = mkOption { 15 type = types.path; 16 default = null; 17 description = '' 18 Add here the path to your personal Tibber API Token ('Bearer Token') File. 19 Get your personal Tibber API Token here: https://developer.tibber.com 20 Do not share your personal plaintext Tibber API Token via github. (see: ryantm/agenix, mic92/sops) 21 ''; 22 }; 23 }; 24 serviceOpts = { 25 script = '' 26 export TIBBER_TOKEN="$(cat ${toString cfg.apiTokenPath})" 27 exec ${pkgs.prometheus-tibber-exporter}/bin/tibber-exporter --listen-address ${cfg.listenAddress}:${toString cfg.port} ${concatStringsSep " \\\n " cfg.extraFlags} 28 ''; 29 serviceConfig = { 30 AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; 31 CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; 32 MemoryDenyWriteExecute = true; 33 NoNewPrivileges = true; 34 ProtectSystem = "strict"; 35 Restart = "on-failure"; 36 RestrictAddressFamilies = [ 37 "AF_INET" 38 "AF_INET6" 39 ]; 40 RestrictNamespaces = true; 41 User = "prometheus"; # context needed to runtime access encrypted token and secrets 42 }; 43 }; 44}