pyrox.dev
1{
2 config,
3 lib,
4 pkgs,
5 options,
6 ...
7}:
8
9let
10 cfg = config.services.prometheus.exporters.node;
11 inherit (lib)
12 mkOption
13 types
14 concatStringsSep
15 concatMapStringsSep
16 any
17 optionals
18 ;
19 collectorIsEnabled = final: any (collector: (final == collector)) cfg.enabledCollectors;
20 collectorIsDisabled = final: any (collector: (final == collector)) cfg.disabledCollectors;
21in
22{
23 port = 9100;
24 extraOpts = {
25 enabledCollectors = mkOption {
26 type = types.listOf types.str;
27 default = [ ];
28 example = [ "systemd" ];
29 description = ''
30 Collectors to enable. The collectors listed here are enabled in addition to the default ones.
31 '';
32 };
33 disabledCollectors = mkOption {
34 type = types.listOf types.str;
35 default = [ ];
36 example = [ "timex" ];
37 description = ''
38 Collectors to disable which are enabled by default.
39 '';
40 };
41 };
42 serviceOpts = {
43 serviceConfig = {
44 DynamicUser = false;
45 RuntimeDirectory = "prometheus-node-exporter";
46 ExecStart = ''
47 ${pkgs.prometheus-node-exporter}/bin/node_exporter \
48 ${concatMapStringsSep " " (x: "--collector." + x) cfg.enabledCollectors} \
49 ${concatMapStringsSep " " (x: "--no-collector." + x) cfg.disabledCollectors} \
50 --web.listen-address ${cfg.listenAddress}:${toString cfg.port} ${concatStringsSep " " cfg.extraFlags}
51 '';
52 RestrictAddressFamilies =
53 optionals (collectorIsEnabled "logind" || collectorIsEnabled "systemd") [
54 # needs access to dbus via unix sockets (logind/systemd)
55 "AF_UNIX"
56 ]
57 ++
58 optionals
59 (collectorIsEnabled "network_route" || collectorIsEnabled "wifi" || !collectorIsDisabled "netdev")
60 [
61 # needs netlink sockets for wireless collector
62 "AF_NETLINK"
63 ];
64 # The timex collector needs to access clock APIs
65 ProtectClock = collectorIsDisabled "timex";
66 # Allow space monitoring under /home
67 ProtectHome = true;
68 };
69 };
70}