commit afd0dc17d6bbb9d5ee88e3bec56ec02e9a94c6f8 · pyrox.dev/nixpkgs

+7 -3

nixos/modules/services/monitoring/prometheus/exporters.nix

···

       127
        
         );

     

       128
        
       

     

       129
        
         mkExporterConf = { name, conf, serviceOpts }:

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       130
        
           mkIf conf.enable {

     

       131
        
             warnings = conf.warnings or [];

     

       132
       -
             users.users = (mkIf (conf.user == "${name}-exporter") {

     

       133
        
               "${name}-exporter" = {

     

       134
        
                 description = ''

     

       135
        
                   Prometheus ${name} exporter service user

     
···

       138
        
                 inherit (conf) group;

     

       139
        
               };

     

       140
        
             });

     

       141
       -
             users.groups = (mkIf (conf.group == "${name}-exporter") {

     

       142
        
               "${name}-exporter" = {};

     

       143
        
             });

     

       144
        
             networking.firewall.extraCommands = mkIf conf.openFirewall (concatStrings [

     
···

       151
        
               serviceConfig.Restart = mkDefault "always";

     

       152
        
               serviceConfig.PrivateTmp = mkDefault true;

     

       153
        
               serviceConfig.WorkingDirectory = mkDefault /tmp;

     

       154
       -
             } serviceOpts ] ++ optional (!(serviceOpts.serviceConfig.DynamicUser or false)) {

     

       0
        
       
     

       155
        
               serviceConfig.User = conf.user;

     

       156
        
               serviceConfig.Group = conf.group;

     

       157
        
             });

···

       127
        
         );

     

       128
        
       

     

       129
        
         mkExporterConf = { name, conf, serviceOpts }:

     

       130
       +
           let

     

       131
       +
             enableDynamicUser = serviceOpts.serviceConfig.DynamicUser or true;

     

       132
       +
           in

     

       133
        
           mkIf conf.enable {

     

       134
        
             warnings = conf.warnings or [];

     

       135
       +
             users.users = (mkIf (conf.user == "${name}-exporter" && !enableDynamicUser) {

     

       136
        
               "${name}-exporter" = {

     

       137
        
                 description = ''

     

       138
        
                   Prometheus ${name} exporter service user

     
···

       141
        
                 inherit (conf) group;

     

       142
        
               };

     

       143
        
             });

     

       144
       +
             users.groups = (mkIf (conf.group == "${name}-exporter" && !enableDynamicUser) {

     

       145
        
               "${name}-exporter" = {};

     

       146
        
             });

     

       147
        
             networking.firewall.extraCommands = mkIf conf.openFirewall (concatStrings [

     
···

       154
        
               serviceConfig.Restart = mkDefault "always";

     

       155
        
               serviceConfig.PrivateTmp = mkDefault true;

     

       156
        
               serviceConfig.WorkingDirectory = mkDefault /tmp;

     

       157
       +
               serviceConfig.DynamicUser = mkDefault enableDynamicUser;

     

       158
       +
             } serviceOpts ] ++ optional (!enableDynamicUser) {

     

       159
        
               serviceConfig.User = conf.user;

     

       160
        
               serviceConfig.Group = conf.group;

     

       161
        
             });

-1

nixos/modules/services/monitoring/prometheus/exporters/bind.nix

···

       39
        
         };

     

       40
        
         serviceOpts = {

     

       41
        
           serviceConfig = {

     

       42
       -
             DynamicUser = true;

     

       43
        
             ExecStart = ''

     

       44
        
               ${pkgs.prometheus-bind-exporter}/bin/bind_exporter \

     

       45
        
                 -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \

···

       39
        
         };

     

       40
        
         serviceOpts = {

     

       41
        
           serviceConfig = {

     

       0
        
       
     

       42
        
             ExecStart = ''

     

       43
        
               ${pkgs.prometheus-bind-exporter}/bin/bind_exporter \

     

       44
        
                 -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \

-1

nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix

···

       18
        
         serviceOpts = {

     

       19
        
           serviceConfig = {

     

       20
        
             AmbientCapabilities = [ "CAP_NET_RAW" ]; # for ping probes

     

       21
       -
             DynamicUser = true;

     

       22
        
             ExecStart = ''

     

       23
        
               ${pkgs.prometheus-blackbox-exporter}/bin/blackbox_exporter \

     

       24
        
                 --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \

···

       18
        
         serviceOpts = {

     

       19
        
           serviceConfig = {

     

       20
        
             AmbientCapabilities = [ "CAP_NET_RAW" ]; # for ping probes

     

       0
        
       
     

       21
        
             ExecStart = ''

     

       22
        
               ${pkgs.prometheus-blackbox-exporter}/bin/blackbox_exporter \

     

       23
        
                 --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \

-1

nixos/modules/services/monitoring/prometheus/exporters/collectd.nix

···

       64
        
           '' else "";

     

       65
        
         in {

     

       66
        
           serviceConfig = {

     

       67
       -
             DynamicUser = true;

     

       68
        
             ExecStart = ''

     

       69
        
               ${pkgs.prometheus-collectd-exporter}/bin/collectd_exporter \

     

       70
        
                 -log.format ${cfg.logFormat} \

···

       64
        
           '' else "";

     

       65
        
         in {

     

       66
        
           serviceConfig = {

     

       0
        
       
     

       67
        
             ExecStart = ''

     

       68
        
               ${pkgs.prometheus-collectd-exporter}/bin/collectd_exporter \

     

       69
        
                 -log.format ${cfg.logFormat} \

-1

nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix

···

       26
        
         };

     

       27
        
         serviceOpts = {

     

       28
        
           serviceConfig = {

     

       29
       -
             DynamicUser = true;

     

       30
        
             ExecStart = ''

     

       31
        
               ${pkgs.prometheus-dnsmasq-exporter}/bin/dnsmasq_exporter \

     

       32
        
                 --listen ${cfg.listenAddress}:${toString cfg.port} \

···

       26
        
         };

     

       27
        
         serviceOpts = {

     

       28
        
           serviceConfig = {

     

       0
        
       
     

       29
        
             ExecStart = ''

     

       30
        
               ${pkgs.prometheus-dnsmasq-exporter}/bin/dnsmasq_exporter \

     

       31
        
                 --listen ${cfg.listenAddress}:${toString cfg.port} \

+1

nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix

···

       59
        
         };

     

       60
        
         serviceOpts = {

     

       61
        
           serviceConfig = {

     

       0
        
       
     

       62
        
             ExecStart = ''

     

       63
        
               ${pkgs.prometheus-dovecot-exporter}/bin/dovecot_exporter \

     

       64
        
                 --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \

···

       59
        
         };

     

       60
        
         serviceOpts = {

     

       61
        
           serviceConfig = {

     

       62
       +
             DynamicUser = false;

     

       63
        
             ExecStart = ''

     

       64
        
               ${pkgs.prometheus-dovecot-exporter}/bin/dovecot_exporter \

     

       65
        
                 --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \

-1

nixos/modules/services/monitoring/prometheus/exporters/fritzbox.nix

···

       26
        
         };

     

       27
        
         serviceOpts = {

     

       28
        
           serviceConfig = {

     

       29
       -
             DynamicUser = true;

     

       30
        
             ExecStart = ''

     

       31
        
               ${pkgs.prometheus-fritzbox-exporter}/bin/exporter \

     

       32
        
                 -listen-address ${cfg.listenAddress}:${toString cfg.port} \

···

       26
        
         };

     

       27
        
         serviceOpts = {

     

       28
        
           serviceConfig = {

     

       0
        
       
     

       29
        
             ExecStart = ''

     

       30
        
               ${pkgs.prometheus-fritzbox-exporter}/bin/exporter \

     

       31
        
                 -listen-address ${cfg.listenAddress}:${toString cfg.port} \

-1

nixos/modules/services/monitoring/prometheus/exporters/json.nix

···

       24
        
         };

     

       25
        
         serviceOpts = {

     

       26
        
           serviceConfig = {

     

       27
       -
             DynamicUser = true;

     

       28
        
             ExecStart = ''

     

       29
        
               ${pkgs.prometheus-json-exporter}/bin/prometheus-json-exporter \

     

       30
        
                 --port ${toString cfg.port} \

···

       24
        
         };

     

       25
        
         serviceOpts = {

     

       26
        
           serviceConfig = {

     

       0
        
       
     

       27
        
             ExecStart = ''

     

       28
        
               ${pkgs.prometheus-json-exporter}/bin/prometheus-json-exporter \

     

       29
        
                 --port ${toString cfg.port} \

+1

nixos/modules/services/monitoring/prometheus/exporters/mail.nix

···

       143
        
         };

     

       144
        
         serviceOpts = {

     

       145
        
           serviceConfig = {

     

       0
        
       
     

       146
        
             ExecStart = ''

     

       147
        
               ${pkgs.prometheus-mail-exporter}/bin/mailexporter \

     

       148
        
                 --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \

···

       143
        
         };

     

       144
        
         serviceOpts = {

     

       145
        
           serviceConfig = {

     

       146
       +
             DynamicUser = false;

     

       147
        
             ExecStart = ''

     

       148
        
               ${pkgs.prometheus-mail-exporter}/bin/mailexporter \

     

       149
        
                 --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \

-1

nixos/modules/services/monitoring/prometheus/exporters/minio.nix

···

       50
        
         };

     

       51
        
         serviceOpts = {

     

       52
        
           serviceConfig = {

     

       53
       -
             DynamicUser = true;

     

       54
        
             ExecStart = ''

     

       55
        
               ${pkgs.prometheus-minio-exporter}/bin/minio-exporter \

     

       56
        
                 -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \

···

       50
        
         };

     

       51
        
         serviceOpts = {

     

       52
        
           serviceConfig = {

     

       0
        
       
     

       53
        
             ExecStart = ''

     

       54
        
               ${pkgs.prometheus-minio-exporter}/bin/minio-exporter \

     

       55
        
                 -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \

-1

nixos/modules/services/monitoring/prometheus/exporters/nginx.nix

···

       34
        
         };

     

       35
        
         serviceOpts = {

     

       36
        
           serviceConfig = {

     

       37
       -
             DynamicUser = true;

     

       38
        
             ExecStart = ''

     

       39
        
               ${pkgs.prometheus-nginx-exporter}/bin/nginx-prometheus-exporter \

     

       40
        
                 --nginx.scrape-uri '${cfg.scrapeUri}' \

···

       34
        
         };

     

       35
        
         serviceOpts = {

     

       36
        
           serviceConfig = {

     

       0
        
       
     

       37
        
             ExecStart = ''

     

       38
        
               ${pkgs.prometheus-nginx-exporter}/bin/nginx-prometheus-exporter \

     

       39
        
                 --nginx.scrape-uri '${cfg.scrapeUri}' \

+1

nixos/modules/services/monitoring/prometheus/exporters/node.nix

···

       27
        
         };

     

       28
        
         serviceOpts = {

     

       29
        
           serviceConfig = {

     

       0
        
       
     

       30
        
             RuntimeDirectory = "prometheus-node-exporter";

     

       31
        
             ExecStart = ''

     

       32
        
               ${pkgs.prometheus-node-exporter}/bin/node_exporter \

···

       27
        
         };

     

       28
        
         serviceOpts = {

     

       29
        
           serviceConfig = {

     

       30
       +
             DynamicUser = false;

     

       31
        
             RuntimeDirectory = "prometheus-node-exporter";

     

       32
        
             ExecStart = ''

     

       33
        
               ${pkgs.prometheus-node-exporter}/bin/node_exporter \

+1

nixos/modules/services/monitoring/prometheus/exporters/postfix.nix

···

       62
        
         };

     

       63
        
         serviceOpts = {

     

       64
        
           serviceConfig = {

     

       0
        
       
     

       65
        
             ExecStart = ''

     

       66
        
               ${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \

     

       67
        
                 --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \

···

       62
        
         };

     

       63
        
         serviceOpts = {

     

       64
        
           serviceConfig = {

     

       65
       +
             DynamicUser = false;

     

       66
        
             ExecStart = ''

     

       67
        
               ${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \

     

       68
        
                 --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \

+1

nixos/modules/services/monitoring/prometheus/exporters/postgres.nix

···

       34
        
         serviceOpts = {

     

       35
        
           environment.DATA_SOURCE_NAME = cfg.dataSourceName;

     

       36
        
           serviceConfig = {

     

       0
        
       
     

       37
        
             User = mkIf cfg.runAsLocalSuperUser (mkForce "postgres");

     

       38
        
             ExecStart = ''

     

       39
        
               ${pkgs.prometheus-postgres-exporter}/bin/postgres_exporter \

···

       34
        
         serviceOpts = {

     

       35
        
           environment.DATA_SOURCE_NAME = cfg.dataSourceName;

     

       36
        
           serviceConfig = {

     

       37
       +
             DynamicUser = false;

     

       38
        
             User = mkIf cfg.runAsLocalSuperUser (mkForce "postgres");

     

       39
        
             ExecStart = ''

     

       40
        
               ${pkgs.prometheus-postgres-exporter}/bin/postgres_exporter \

-1

nixos/modules/services/monitoring/prometheus/exporters/snmp.nix

···

       57
        
                        else "${pkgs.writeText "snmp-eporter-conf.yml" (builtins.toJSON cfg.configuration)}";

     

       58
        
           in {

     

       59
        
           serviceConfig = {

     

       60
       -
             DynamicUser = true;

     

       61
        
             ExecStart = ''

     

       62
        
               ${pkgs.prometheus-snmp-exporter.bin}/bin/snmp_exporter \

     

       63
        
                 --config.file=${configFile} \

···

       57
        
                        else "${pkgs.writeText "snmp-eporter-conf.yml" (builtins.toJSON cfg.configuration)}";

     

       58
        
           in {

     

       59
        
           serviceConfig = {

     

       0
        
       
     

       60
        
             ExecStart = ''

     

       61
        
               ${pkgs.prometheus-snmp-exporter.bin}/bin/snmp_exporter \

     

       62
        
                 --config.file=${configFile} \

-1

nixos/modules/services/monitoring/prometheus/exporters/surfboard.nix

···

       20
        
           description = "Prometheus exporter for surfboard cable modem";

     

       21
        
           unitConfig.Documentation = "https://github.com/ipstatic/surfboard_exporter";

     

       22
        
           serviceConfig = {

     

       23
       -
             DynamicUser = true;

     

       24
        
             ExecStart = ''

     

       25
        
               ${pkgs.prometheus-surfboard-exporter}/bin/surfboard_exporter \

     

       26
        
                 --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \

···

       20
        
           description = "Prometheus exporter for surfboard cable modem";

     

       21
        
           unitConfig.Documentation = "https://github.com/ipstatic/surfboard_exporter";

     

       22
        
           serviceConfig = {

     

       0
        
       
     

       23
        
             ExecStart = ''

     

       24
        
               ${pkgs.prometheus-surfboard-exporter}/bin/surfboard_exporter \

     

       25
        
                 --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \

-1

nixos/modules/services/monitoring/prometheus/exporters/tor.nix

···

       26
        
         };

     

       27
        
         serviceOpts = {

     

       28
        
           serviceConfig = {

     

       29
       -
             DynamicUser = true;

     

       30
        
             ExecStart = ''

     

       31
        
               ${pkgs.prometheus-tor-exporter}/bin/prometheus-tor-exporter \

     

       32
        
                 -b ${cfg.listenAddress} \

···

       26
        
         };

     

       27
        
         serviceOpts = {

     

       28
        
           serviceConfig = {

     

       0
        
       
     

       29
        
             ExecStart = ''

     

       30
        
               ${pkgs.prometheus-tor-exporter}/bin/prometheus-tor-exporter \

     

       31
        
                 -b ${cfg.listenAddress} \

-1

nixos/modules/services/monitoring/prometheus/exporters/unifi.nix

···

       51
        
         };

     

       52
        
         serviceOpts = {

     

       53
        
           serviceConfig = {

     

       54
       -
             DynamicUser = true;

     

       55
        
             ExecStart = ''

     

       56
        
               ${pkgs.prometheus-unifi-exporter}/bin/unifi_exporter \

     

       57
        
                 -telemetry.addr ${cfg.listenAddress}:${toString cfg.port} \

···

       51
        
         };

     

       52
        
         serviceOpts = {

     

       53
        
           serviceConfig = {

     

       0
        
       
     

       54
        
             ExecStart = ''

     

       55
        
               ${pkgs.prometheus-unifi-exporter}/bin/unifi_exporter \

     

       56
        
                 -telemetry.addr ${cfg.listenAddress}:${toString cfg.port} \

+1

nixos/modules/services/monitoring/prometheus/exporters/varnish.nix

···

       69
        
           path = [ pkgs.varnish ];

     

       70
        
           serviceConfig = {

     

       71
        
             RestartSec = mkDefault 1;

     

       0
        
       
     

       72
        
             ExecStart = ''

     

       73
        
               ${pkgs.prometheus-varnish-exporter}/bin/prometheus_varnish_exporter \

     

       74
        
                 --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \

···

       69
        
           path = [ pkgs.varnish ];

     

       70
        
           serviceConfig = {

     

       71
        
             RestartSec = mkDefault 1;

     

       72
       +
             DynamicUser = false;

     

       73
        
             ExecStart = ''

     

       74
        
               ${pkgs.prometheus-varnish-exporter}/bin/prometheus_varnish_exporter \

     

       75
        
                 --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \

-1

nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix

···

       47
        
           path = [ pkgs.wireguard-tools ];

     

       48
        
       

     

       49
        
           serviceConfig = {

     

       50
       -
             DynamicUser = true;

     

       51
        
             AmbientCapabilities = [ "CAP_NET_ADMIN" ];

     

       52
        
           };

     

       53
        
         };

···

       47
        
           path = [ pkgs.wireguard-tools ];

     

       48
        
       

     

       49
        
           serviceConfig = {

     

       0
        
       
     

       50
        
             AmbientCapabilities = [ "CAP_NET_ADMIN" ];

     

       51
        
           };

     

       52
        
         };

+4 -5

nixos/tests/prometheus-exporters.nix

···

       191
        
           mail = {

     

       192
        
             exporterConfig = {

     

       193
        
               enable = true;

     

       194
       -
               user = "mailexporter";

     

       195
        
               configuration = {

     

       196
        
                 monitoringInterval = "2s";

     

       197
        
                 mailCheckTimeout = "10s";

     
···

       199
        
                   name = "testserver";

     

       200
        
                   server = "localhost";

     

       201
        
                   port = 25;

     

       202
       -
                   from = "mailexporter@localhost";

     

       203
       -
                   to = "mailexporter@localhost";

     

       204
       -
                   detectionDir = "/var/spool/mail/mailexporter/new";

     

       205
        
                 } ];

     

       206
        
               };

     

       207
        
             };

     
···

       211
        
                 after = [ "postfix.service" ];

     

       212
        
                 requires = [ "postfix.service" ];

     

       213
        
                 preStart = ''

     

       214
       -
                   mkdir -p 0600 mailexporter/new

     

       215
        
                 '';

     

       216
        
                 serviceConfig = {

     

       217
        
                   ProtectHome = true;

···

       191
        
           mail = {

     

       192
        
             exporterConfig = {

     

       193
        
               enable = true;

     

       0
        
       
     

       194
        
               configuration = {

     

       195
        
                 monitoringInterval = "2s";

     

       196
        
                 mailCheckTimeout = "10s";

     
···

       198
        
                   name = "testserver";

     

       199
        
                   server = "localhost";

     

       200
        
                   port = 25;

     

       201
       +
                   from = "mail-exporter@localhost";

     

       202
       +
                   to = "mail-exporter@localhost";

     

       203
       +
                   detectionDir = "/var/spool/mail/mail-exporter/new";

     

       204
        
                 } ];

     

       205
        
               };

     

       206
        
             };

     
···

       210
        
                 after = [ "postfix.service" ];

     

       211
        
                 requires = [ "postfix.service" ];

     

       212
        
                 preStart = ''

     

       213
       +
                   mkdir -p 0600 mail-exporter/new

     

       214
        
                 '';

     

       215
        
                 serviceConfig = {

     

       216
        
                   ProtectHome = true;