nixos/modules/services/monitoring/vmagent.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / monitoring / vmagent.nix
at master 4.6 kB view raw
  1{
  2  config,
  3  pkgs,
  4  lib,
  5  ...
  6}:
  7
  8let
  9  cfg = config.services.vmagent;
 10  settingsFormat = pkgs.formats.yaml { };
 11
 12  startCLIList = [
 13    "${cfg.package}/bin/vmagent"
 14  ]
 15  ++ lib.optionals (cfg.remoteWrite.url != null) [
 16    "-remoteWrite.url=${cfg.remoteWrite.url}"
 17    "-remoteWrite.tmpDataPath=%C/vmagent/remote_write_tmp"
 18  ]
 19  ++ lib.optional (
 20    cfg.remoteWrite.basicAuthUsername != null
 21  ) "-remoteWrite.basicAuth.username=${cfg.remoteWrite.basicAuthUsername}"
 22  ++ lib.optional (
 23    cfg.remoteWrite.basicAuthPasswordFile != null
 24  ) "-remoteWrite.basicAuth.passwordFile=\${CREDENTIALS_DIRECTORY}/remote_write_basic_auth_password"
 25  ++ cfg.extraArgs;
 26  prometheusConfigYml = checkedConfig (
 27    settingsFormat.generate "prometheusConfig.yaml" cfg.prometheusConfig
 28  );
 29
 30  checkedConfig =
 31    file:
 32    if cfg.checkConfig then
 33      pkgs.runCommand "checked-config" { nativeBuildInputs = [ cfg.package ]; } ''
 34        ln -s ${file} $out
 35        ${lib.escapeShellArgs startCLIList} -promscrape.config=${file} -dryRun
 36      ''
 37    else
 38      file;
 39in
 40{
 41  imports = [
 42    (lib.mkRemovedOptionModule [
 43      "services"
 44      "vmagent"
 45      "dataDir"
 46    ] "dataDir has been deprecated in favor of systemd provided CacheDirectory")
 47    (lib.mkRemovedOptionModule [
 48      "services"
 49      "vmagent"
 50      "user"
 51    ] "user has been deprecated in favor of systemd DynamicUser")
 52    (lib.mkRemovedOptionModule [
 53      "services"
 54      "vmagent"
 55      "group"
 56    ] "group has been deprecated in favor of systemd DynamicUser")
 57    (lib.mkRenamedOptionModule
 58      [ "services" "vmagent" "remoteWriteUrl" ]
 59      [ "services" "vmagent" "remoteWrite" "url" ]
 60    )
 61  ];
 62
 63  options.services.vmagent = {
 64    enable = lib.mkOption {
 65      type = lib.types.bool;
 66      default = false;
 67      description = ''
 68        Whether to enable VictoriaMetrics's `vmagent`.
 69
 70        `vmagent` efficiently scrape metrics from Prometheus-compatible exporters
 71      '';
 72    };
 73
 74    package = lib.mkPackageOption pkgs "vmagent" { };
 75
 76    remoteWrite = {
 77      url = lib.mkOption {
 78        default = null;
 79        type = lib.types.nullOr lib.types.str;
 80        description = ''
 81          Endpoint for prometheus compatible remote_write
 82        '';
 83      };
 84      basicAuthUsername = lib.mkOption {
 85        default = null;
 86        type = lib.types.nullOr lib.types.str;
 87        description = ''
 88          Basic Auth username used to connect to remote_write endpoint
 89        '';
 90      };
 91      basicAuthPasswordFile = lib.mkOption {
 92        default = null;
 93        type = lib.types.nullOr lib.types.str;
 94        description = ''
 95          File that contains the Basic Auth password used to connect to remote_write endpoint
 96        '';
 97      };
 98    };
 99
100    prometheusConfig = lib.mkOption {
101      type = lib.types.submodule { freeformType = settingsFormat.type; };
102      description = ''
103        Config for prometheus style metrics
104      '';
105    };
106
107    openFirewall = lib.mkOption {
108      type = lib.types.bool;
109      default = false;
110      description = ''
111        Whether to open the firewall for the default ports.
112      '';
113    };
114
115    extraArgs = lib.mkOption {
116      type = lib.types.listOf lib.types.str;
117      default = [ ];
118      description = ''
119        Extra args to pass to `vmagent`. See the docs:
120        <https://docs.victoriametrics.com/vmagent.html#advanced-usage>
121        or {command}`vmagent -help` for more information.
122      '';
123    };
124
125    checkConfig = lib.mkOption {
126      type = lib.types.bool;
127      default = true;
128      description = ''
129        Check configuration.
130
131        If you use credentials stored in external files (`environmentFile`, etc),
132        they will not be visible  and it will report errors, despite a correct configuration.
133      '';
134    };
135  };
136
137  config = lib.mkIf cfg.enable {
138    networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ 8429 ];
139
140    systemd.services.vmagent = {
141      wantedBy = [ "multi-user.target" ];
142      after = [ "network.target" ];
143      description = "vmagent system service";
144      serviceConfig = {
145        DynamicUser = true;
146        User = "vmagent";
147        Group = "vmagent";
148        Type = "simple";
149        Restart = "on-failure";
150        CacheDirectory = "vmagent";
151        ExecStart = lib.escapeShellArgs (
152          startCLIList
153          ++ lib.optionals (cfg.prometheusConfig != { }) [ "-promscrape.config=${prometheusConfigYml}" ]
154        );
155        LoadCredential = lib.optional (cfg.remoteWrite.basicAuthPasswordFile != null) [
156          "remote_write_basic_auth_password:${cfg.remoteWrite.basicAuthPasswordFile}"
157        ];
158      };
159    };
160  };
161}