···
"${name}-${replaceStrings [" "] [""] what}-checked"
{ buildInputs = [ cfg.package ]; } ''
41
-
promtool ${what} $out
41
+
promtool ${what} $out
# Pretty-print JSON to a file
writePrettyJSON = name: x:
46
-
pkgs.runCommandLocal name {} ''
46
+
pkgs.runCommandLocal name { } ''
echo '${builtins.toJSON x}' | ${pkgs.jq}/bin/jq . > $out
···
67
-
yml = if cfg.configText != null then
68
-
pkgs.writeText "prometheus.yml" cfg.configText
69
-
else generatedPrometheusYml;
70
-
in promtoolCheck "check config" "prometheus.yml" yml;
69
+
if cfg.configText != null then
70
+
pkgs.writeText "prometheus.yml" cfg.configText
71
+
else generatedPrometheusYml;
73
+
promtoolCheck "check config" "prometheus.yml" yml;
cmdlineArgs = cfg.extraFlags ++ [
"--storage.tsdb.path=${workingDir}/data/"
···
"--alertmanager.notification-queue-capacity=${toString cfg.alertmanagerNotificationQueueCapacity}"
"--alertmanager.timeout=${toString cfg.alertmanagerTimeout}s"
] ++ optional (cfg.webExternalUrl != null) "--web.external-url=${cfg.webExternalUrl}"
83
-
++ optional (cfg.retentionTime != null) "--storage.tsdb.retention.time=${cfg.retentionTime}";
86
+
++ optional (cfg.retentionTime != null) "--storage.tsdb.retention.time=${cfg.retentionTime}";
filterValidPrometheus = filterAttrsListRecursive (n: v: !(n == "_module" || v == null));
filterAttrsListRecursive = pred: x:
90
-
let v = x.${name}; in
91
-
if pred name v then [
92
-
(nameValuePair name (filterAttrsListRecursive pred v))
95
+
let v = x.${name}; in
96
+
if pred name v then [
97
+
(nameValuePair name (filterAttrsListRecursive pred v))
map (filterAttrsListRecursive pred) x
100
-
mkDefOpt = type : defaultStr : description : mkOpt type (description + ''
107
+
# Config types: helper functions
110
+
mkDefOpt = type: defaultStr: description: mkOpt type (description + ''
Defaults to <literal>${defaultStr}</literal> in prometheus
when set to <literal>null</literal>.
106
-
mkOpt = type : description : mkOption {
116
+
mkOpt = type: description: mkOption {
type = types.nullOr type;
122
+
mkSdConfigModule = extraOptions: types.submodule {
124
+
basic_auth = mkOpt promTypes.basic_auth ''
125
+
Optional HTTP basic authentication information.
128
+
authorization = mkOpt
131
+
type = mkDefOpt types.str "Bearer" ''
132
+
Sets the authentication type.
135
+
credentials = mkOpt types.str ''
136
+
Sets the credentials. It is mutually exclusive with `credentials_file`.
139
+
credentials_file = mkOpt types.str ''
140
+
Sets the credentials to the credentials read from the configured file.
141
+
It is mutually exclusive with `credentials`.
145
+
Optional `Authorization` header configuration.
148
+
oauth2 = mkOpt promtypes.oauth2 ''
149
+
Optional OAuth 2.0 configuration.
150
+
Cannot be used at the same time as basic_auth or authorization.
153
+
proxy_url = mkOpt types.str ''
154
+
Optional proxy URL.
157
+
follow_redirects = mkDefOpt types.bool "true" ''
158
+
Configure whether HTTP requests follow HTTP 3xx redirects.
161
+
tls_config = mkOpt promTypes.tls_config ''
168
+
# Config types: general
promTypes.globalConfig = types.submodule {
scrape_interval = mkDefOpt types.str "1m" ''
···
134
-
promTypes.remote_read = types.submodule {
193
+
promTypes.basic_auth = types.submodule {
195
+
username = mkOption {
139
-
ServerName extension to indicate the name of the server.
140
-
http://tools.ietf.org/html/rfc4366#section-3.1
143
-
name = mkOpt types.str ''
144
-
Name of the remote read config, which if specified must be unique among remote read configs.
145
-
The name will be used in metrics and logging in place of a generated value to help users distinguish between
146
-
remote read configs.
201
+
password = mkOpt types.str "HTTP password";
202
+
password_file = mkOpt types.str "HTTP password file";
206
+
promTypes.tls_config = types.submodule {
208
+
ca_file = mkOpt types.str ''
209
+
CA certificate to validate API server certificate with.
148
-
required_matchers = mkOpt (types.attrsOf types.str) ''
149
-
An optional list of equality matchers which have to be
150
-
present in a selector to query the remote read endpoint.
212
+
cert_file = mkOpt types.str ''
213
+
Certificate file for client cert authentication to the server.
152
-
remote_timeout = mkOpt types.str ''
153
-
Timeout for requests to the remote read endpoint.
216
+
key_file = mkOpt types.str ''
217
+
Key file for client cert authentication to the server.
155
-
read_recent = mkOpt types.bool ''
156
-
Whether reads should be made for queries for time ranges that
157
-
the local storage should have complete data for.
220
+
server_name = mkOpt types.str ''
221
+
ServerName extension to indicate the name of the server.
222
+
http://tools.ietf.org/html/rfc4366#section-3.1
159
-
basic_auth = mkOpt (types.submodule {
161
-
username = mkOption {
167
-
password = mkOpt types.str "HTTP password";
168
-
password_file = mkOpt types.str "HTTP password file";
171
-
Sets the `Authorization` header on every remote read request with the
172
-
configured username and password.
173
-
password and password_file are mutually exclusive.
175
-
bearer_token = mkOpt types.str ''
176
-
Sets the `Authorization` header on every remote read request with
177
-
the configured bearer token. It is mutually exclusive with `bearer_token_file`.
225
+
insecure_skip_verify = mkOpt types.bool ''
226
+
Disable validation of the server certificate.
179
-
bearer_token_file = mkOpt types.str ''
180
-
Sets the `Authorization` header on every remote read request with the bearer token
181
-
read from the configured file. It is mutually exclusive with `bearer_token`.
183
-
tls_config = mkOpt promTypes.tls_config ''
184
-
Configures the remote read request's TLS settings.
186
-
proxy_url = mkOpt types.str "Optional Proxy URL.";
190
-
promTypes.remote_write = types.submodule {
231
+
promtypes.oauth2 = types.submodule {
195
-
ServerName extension to indicate the name of the server.
196
-
http://tools.ietf.org/html/rfc4366#section-3.1
199
-
remote_timeout = mkOpt types.str ''
200
-
Timeout for requests to the remote write endpoint.
233
+
client_id = mkOpt types.str ''
202
-
write_relabel_configs = mkOpt (types.listOf promTypes.relabel_config) ''
203
-
List of remote write relabel configurations.
237
+
client_secret = mkOpt types.str ''
238
+
OAuth client secret.
205
-
name = mkOpt types.str ''
206
-
Name of the remote write config, which if specified must be unique among remote write configs.
207
-
The name will be used in metrics and logging in place of a generated value to help users distinguish between
208
-
remote write configs.
241
+
client_secret_file = mkOpt types.str ''
242
+
Read the client secret from a file. It is mutually exclusive with `client_secret`.
210
-
basic_auth = mkOpt (types.submodule {
212
-
username = mkOption {
218
-
password = mkOpt types.str "HTTP password";
219
-
password_file = mkOpt types.str "HTTP password file";
222
-
Sets the `Authorization` header on every remote write request with the
223
-
configured username and password.
224
-
password and password_file are mutually exclusive.
245
+
scopes = mkOpt (types.listOf types.str) ''
246
+
Scopes for the token request.
226
-
bearer_token = mkOpt types.str ''
227
-
Sets the `Authorization` header on every remote write request with
228
-
the configured bearer token. It is mutually exclusive with `bearer_token_file`.
249
+
token_url = mkOpt types.str ''
250
+
The URL to fetch the token from.
230
-
bearer_token_file = mkOpt types.str ''
231
-
Sets the `Authorization` header on every remote write request with the bearer token
232
-
read from the configured file. It is mutually exclusive with `bearer_token`.
234
-
tls_config = mkOpt promTypes.tls_config ''
235
-
Configures the remote write request's TLS settings.
237
-
proxy_url = mkOpt types.str "Optional Proxy URL.";
238
-
queue_config = mkOpt (types.submodule {
240
-
capacity = mkOpt types.int ''
241
-
Number of samples to buffer per shard before we block reading of more
242
-
samples from the WAL. It is recommended to have enough capacity in each
243
-
shard to buffer several requests to keep throughput up while processing
244
-
occasional slow remote requests.
246
-
max_shards = mkOpt types.int ''
247
-
Maximum number of shards, i.e. amount of concurrency.
249
-
min_shards = mkOpt types.int ''
250
-
Minimum number of shards, i.e. amount of concurrency.
252
-
max_samples_per_send = mkOpt types.int ''
253
-
Maximum number of samples per send.
255
-
batch_send_deadline = mkOpt types.str ''
256
-
Maximum time a sample will wait in buffer.
258
-
min_backoff = mkOpt types.str ''
259
-
Initial retry delay. Gets doubled for every retry.
261
-
max_backoff = mkOpt types.str ''
262
-
Maximum retry delay.
266
-
Configures the queue used to write to remote storage.
268
-
metadata_config = mkOpt (types.submodule {
270
-
send = mkOpt types.bool ''
271
-
Whether metric metadata is sent to remote storage or not.
273
-
send_interval = mkOpt types.str ''
274
-
How frequently metric metadata is sent to remote storage.
278
-
Configures the sending of series metadata to remote storage.
279
-
Metadata configuration is subject to change at any point
280
-
or be removed in future releases.
253
+
endpoint_params = mkOpt (types.attrsOf types.str) ''
254
+
Optional parameters to append to the token URL.
···
by the target will be ignored.
338
-
scheme = mkDefOpt (types.enum ["http" "https"]) "http" ''
312
+
scheme = mkDefOpt (types.enum [ "http" "https" ]) "http" ''
The URL scheme with which to fetch metrics from targets.
···
Optional HTTP URL parameters.
346
-
basic_auth = mkOpt (types.submodule {
348
-
username = mkOption {
354
-
password = mkOpt types.str "HTTP password";
355
-
password_file = mkOpt types.str "HTTP password file";
320
+
basic_auth = mkOpt promTypes.basic_auth ''
Sets the `Authorization` header on every scrape request with the
configured username and password.
password and password_file are mutually exclusive.
···
383
-
ec2_sd_configs = mkOpt (types.listOf promTypes.ec2_sd_config) ''
384
-
List of EC2 service discovery configurations.
346
+
azure_sd_configs = mkOpt (types.listOf promTypes.azure_sd_config) ''
347
+
List of Azure service discovery configurations.
350
+
consul_sd_configs = mkOpt (types.listOf promTypes.consul_sd_config) ''
351
+
List of Consul service discovery configurations.
354
+
digitalocean_sd_configs = mkOpt (types.listOf promTypes.digitalocean_sd_config) ''
355
+
List of DigitalOcean service discovery configurations.
358
+
docker_sd_configs = mkOpt (types.listOf promTypes.docker_sd_config) ''
359
+
List of Docker service discovery configurations.
362
+
dockerswarm_sd_configs = mkOpt (types.listOf promTypes.dockerswarm_sd_config) ''
363
+
List of Docker Swarm service discovery configurations.
dns_sd_configs = mkOpt (types.listOf promTypes.dns_sd_config) ''
List of DNS service discovery configurations.
391
-
consul_sd_configs = mkOpt (types.listOf promTypes.consul_sd_config) ''
392
-
List of Consul service discovery configurations.
370
+
ec2_sd_configs = mkOpt (types.listOf promTypes.ec2_sd_config) ''
371
+
List of EC2 service discovery configurations.
374
+
eureka_sd_configs = mkOpt (types.listOf promTypes.eureka_sd_config) ''
375
+
List of Eureka service discovery configurations.
file_sd_configs = mkOpt (types.listOf promTypes.file_sd_config) ''
···
relevant Prometheus configuration docs</link> for more detail.
390
+
hetzner_sd_configs = mkOpt (types.listOf promTypes.hetzner_sd_config) ''
391
+
List of Hetzner service discovery configurations.
394
+
http_sd_configs = mkOpt (types.listOf promTypes.http_sd_config) ''
395
+
List of HTTP service discovery configurations.
398
+
kubernetes_sd_configs = mkOpt (types.listOf promTypes.kubernetes_sd_config) ''
399
+
List of Kubernetes service discovery configurations.
402
+
kuma_sd_configs = mkOpt (types.listOf promTypes.kuma_sd_config) ''
403
+
List of Kuma service discovery configurations.
406
+
lightsail_sd_configs = mkOpt (types.listOf promTypes.lightsail_sd_config) ''
407
+
List of Lightsail service discovery configurations.
410
+
linode_sd_configs = mkOpt (types.listOf promTypes.linode_sd_config) ''
411
+
List of Linode service discovery configurations.
414
+
marathon_sd_configs = mkOpt (types.listOf promTypes.marathon_sd_config) ''
415
+
List of Marathon service discovery configurations.
418
+
nerve_sd_configs = mkOpt (types.listOf promTypes.nerve_sd_config) ''
419
+
List of AirBnB's Nerve service discovery configurations.
422
+
openstack_sd_configs = mkOpt (types.listOf promTypes.openstack_sd_config) ''
423
+
List of OpenStack service discovery configurations.
426
+
puppetdb_sd_configs = mkOpt (types.listOf promTypes.puppetdb_sd_config) ''
427
+
List of PuppetDB service discovery configurations.
430
+
scaleway_sd_configs = mkOpt (types.listOf promTypes.scaleway_sd_config) ''
431
+
List of Scaleway service discovery configurations.
434
+
serverset_sd_configs = mkOpt (types.listOf promTypes.serverset_sd_config) ''
435
+
List of Zookeeper Serverset service discovery configurations.
438
+
triton_sd_configs = mkOpt (types.listOf promTypes.triton_sd_config) ''
439
+
List of Triton Serverset service discovery configurations.
442
+
uyuni_sd_configs = mkOpt (types.listOf promTypes.uyuni_sd_config) ''
443
+
List of Uyuni Serverset service discovery configurations.
static_configs = mkOpt (types.listOf promTypes.static_config) ''
List of labeled target groups for this job.
···
List of metric relabel configurations.
458
+
body_size_limit = mkDefOpt types.str "0" ''
459
+
An uncompressed response body larger than this many bytes will cause the
460
+
scrape to fail. 0 means no limit. Example: 100MB.
461
+
This is an experimental feature, this behaviour could
462
+
change or be removed in the future.
sample_limit = mkDefOpt types.int "0" ''
Per-scrape limit on number of scraped samples that will be accepted.
If more than this number of samples are present after metric relabelling
the entire scrape will be treated as failed. 0 means no limit.
471
+
label_limit = mkDefOpt types.int "0" ''
472
+
Per-scrape limit on number of labels that will be accepted for a sample. If
473
+
more than this number of labels are present post metric-relabeling, the
474
+
entire scrape will be treated as failed. 0 means no limit.
477
+
label_name_length_limit = mkDefOpt types.int "0" ''
478
+
Per-scrape limit on length of labels name that will be accepted for a sample.
479
+
If a label name is longer than this number post metric-relabeling, the entire
480
+
scrape will be treated as failed. 0 means no limit.
483
+
label_value_length_limit = mkDefOpt types.int "0" ''
484
+
Per-scrape limit on length of labels value that will be accepted for a sample.
485
+
If a label value is longer than this number post metric-relabeling, the
486
+
entire scrape will be treated as failed. 0 means no limit.
489
+
target_limit = mkDefOpt types.int "0" ''
490
+
Per-scrape config limit on number of unique targets that will be
491
+
accepted. If more than this number of targets are present after target
492
+
relabeling, Prometheus will mark the targets as failed without scraping them.
493
+
0 means no limit. This is an experimental feature, this behaviour could
494
+
change in the future.
427
-
promTypes.static_config = types.submodule {
500
+
# Config types: service discovery
503
+
# For this one, the docs actually define all types needed to use mkSdConfigModule, but a bunch
504
+
# of them are marked with 'currently not support by Azure' so we don't bother adding them in
506
+
promTypes.azure_sd_config = types.submodule {
429
-
targets = mkOption {
430
-
type = types.listOf types.str;
508
+
environment = mkDefOpt types.str "AzurePublicCloud" ''
509
+
The Azure environment.
512
+
authentication_method = mkDefOpt (types.enum [ "OAuth" "ManagedIdentity" ]) "OAuth" ''
513
+
The authentication method, either OAuth or ManagedIdentity.
514
+
See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
517
+
subscription_id = mkOption {
432
-
The targets specified by the target group.
520
+
The subscription ID.
435
-
labels = mkOption {
436
-
type = types.attrsOf types.str;
524
+
tenant_id = mkOpt types.str ''
525
+
Optional tenant ID. Only required with authentication_method OAuth.
528
+
client_id = mkOpt types.str ''
529
+
Optional client ID. Only required with authentication_method OAuth.
532
+
client_secret = mkOpt types.str ''
533
+
Optional client secret. Only required with authentication_method OAuth.
536
+
refresh_interval = mkDefOpt types.str "300s" ''
537
+
Refresh interval to re-read the instance list.
540
+
port = mkDefOpt types.int "80" ''
541
+
The port to scrape metrics from. If using the public IP
542
+
address, this must instead be specified in the relabeling
546
+
proxy_url = mkOpt types.str ''
547
+
Optional proxy URL.
550
+
follow_redirects = mkDefOpt types.bool "true" ''
551
+
Configure whether HTTP requests follow HTTP 3xx redirects.
554
+
tls_config = mkOpt promTypes.tls_config ''
560
+
promTypes.consul_sd_config = mkSdConfigModule {
561
+
server = mkDefOpt types.str "localhost:8500" ''
562
+
Consul server to query.
565
+
token = mkOpt types.str "Consul token";
567
+
datacenter = mkOpt types.str "Consul datacenter";
569
+
scheme = mkDefOpt types.str "http" "Consul scheme";
571
+
username = mkOpt types.str "Consul username";
573
+
password = mkOpt types.str "Consul password";
575
+
tls_config = mkOpt promTypes.tls_config ''
576
+
Configures the Consul request's TLS settings.
579
+
services = mkOpt (types.listOf types.str) ''
580
+
A list of services for which targets are retrieved.
583
+
tags = mkOpt (types.listOf types.str) ''
584
+
An optional list of tags used to filter nodes for a given
585
+
service. Services must contain all tags in the list.
588
+
node_meta = mkOpt (types.attrsOf types.str) ''
589
+
Node metadata used to filter nodes for a given service.
592
+
tag_separator = mkDefOpt types.str "," ''
593
+
The string by which Consul tags are joined into the tag label.
596
+
allow_stale = mkOpt types.bool ''
597
+
Allow stale Consul results
598
+
(see <link xlink:href="https://www.consul.io/api/index.html#consistency-modes"/>).
600
+
Will reduce load on Consul.
603
+
refresh_interval = mkDefOpt types.str "30s" ''
604
+
The time after which the provided names are refreshed.
606
+
On large setup it might be a good idea to increase this value
607
+
because the catalog will change all the time.
611
+
promTypes.digitalocean_sd_config = mkSdConfigModule {
612
+
port = mkDefOpt types.int "80" ''
613
+
The port to scrape metrics from.
616
+
refresh_interval = mkDefOpt types.str "60s" ''
617
+
The time after which the droplets are refreshed.
621
+
mkDockerSdConfigModule = extraOptions: mkSdConfigModule ({
625
+
Address of the Docker daemon.
629
+
port = mkDefOpt types.int "80" ''
630
+
The port to scrape metrics from, when `role` is nodes, and for discovered
631
+
tasks and services that don't have published ports.
635
+
(types.listOf (types.submodule {
640
+
Name of the filter. The available filters are listed in the upstream documentation:
641
+
Services: <link xlink:href="https://docs.docker.com/engine/api/v1.40/#operation/ServiceList"/>
642
+
Tasks: <link xlink:href="https://docs.docker.com/engine/api/v1.40/#operation/TaskList"/>
643
+
Nodes: <link xlink:href="https://docs.docker.com/engine/api/v1.40/#operation/NodeList"/>
646
+
values = mkOption {
649
+
Value for the filter.
654
+
Optional filters to limit the discovery process to a subset of available resources.
657
+
refresh_interval = mkDefOpt types.str "60s" ''
658
+
The time after which the containers are refreshed.
660
+
} // extraOptions);
662
+
promTypes.docker_sd_config = mkDockerSdConfigModule {
663
+
host_networking_host = mkDefOpt types.str "localhost" ''
664
+
The host to use if the container is in host networking mode.
668
+
promTypes.dockerswarm_sd_config = mkDockerSdConfigModule {
670
+
type = types.enum [ "services" "tasks" "nodes" ];
672
+
Role of the targets to retrieve. Must be `services`, `tasks`, or `nodes`.
677
+
promTypes.dns_sd_config = types.submodule {
680
+
type = types.listOf types.str;
439
-
Labels assigned to all metrics scraped from the targets.
682
+
A list of DNS SRV record names to be queried.
686
+
type = mkDefOpt (types.enum [ "SRV" "A" "AAAA" ]) "SRV" ''
687
+
The type of DNS query to perform. One of SRV, A, or AAAA.
690
+
port = mkOpt types.int ''
691
+
The port number used if the query type is not SRV.
694
+
refresh_interval = mkDefOpt types.str "30s" ''
695
+
The time after which the provided names are refreshed.
···
705
+
The AWS Region. If blank, the region from the instance metadata is used.
endpoint = mkOpt types.str ''
···
<literal>AWS_SECRET_ACCESS_KEY</literal> is used.
467
-
profile = mkOpt types.str ''
722
+
profile = mkOpt types.str ''
Named AWS profile used to connect to the API.
···
485
-
filters = mkOpt (types.listOf promTypes.filter) ''
741
+
(types.listOf (types.submodule {
746
+
See <link xlink:href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html">this list</link>
747
+
for the available filters.
751
+
values = mkOption {
752
+
type = types.listOf types.str;
755
+
Value of the filter.
Filters can be used optionally to filter the instance list by other criteria.
491
-
promTypes.filter = types.submodule {
765
+
promTypes.eureka_sd_config = mkSdConfigModule {
766
+
server = mkOption {
769
+
The URL to connect to the Eureka server.
774
+
promTypes.file_sd_config = types.submodule {
777
+
type = types.listOf types.str;
779
+
Patterns for files from which target groups are extracted. Refer
780
+
to the Prometheus documentation for permitted filename patterns
785
+
refresh_interval = mkDefOpt types.str "5m" ''
786
+
Refresh interval to re-read the files.
791
+
promTypes.gce_sd_config = types.submodule {
793
+
# Use `mkOption` instead of `mkOpt` for project and zone because they are
794
+
# required configuration values for `gce_sd_config`.
795
+
project = mkOption {
496
-
See <link xlink:href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html">this list</link>
497
-
for the available filters.
501
-
values = mkOption {
502
-
type = types.listOf types.str;
505
-
Value of the filter.
805
+
The zone of the scrape targets. If you need multiple zones use multiple
810
+
filter = mkOpt types.str ''
811
+
Filter can be used optionally to filter the instance list by other
812
+
criteria Syntax of this filter string is described here in the filter
813
+
query parameter section: <link
814
+
xlink:href="https://cloud.google.com/compute/docs/reference/latest/instances/list"
818
+
refresh_interval = mkDefOpt types.str "60s" ''
819
+
Refresh interval to re-read the cloud instance list.
822
+
port = mkDefOpt types.port "80" ''
823
+
The port to scrape metrics from. If using the public IP address, this
824
+
must instead be specified in the relabeling rule.
827
+
tag_separator = mkDefOpt types.str "," ''
828
+
The tag separator used to separate concatenated GCE instance network tags.
830
+
See the GCP documentation on network tags for more information:
831
+
<link xlink:href="https://cloud.google.com/vpc/docs/add-remove-network-tags" />
511
-
promTypes.dns_sd_config = types.submodule {
836
+
promTypes.hetzner_sd_config = mkSdConfigModule {
838
+
type = types.enum [ "robot" "hcloud" ];
840
+
The Hetzner role of entities that should be discovered.
841
+
One of <literal>robot</literal> or <literal>hcloud</literal>.
845
+
port = mkDefOpt types.int "80" ''
846
+
The port to scrape metrics from.
849
+
refresh_interval = mkDefOpt types.str "60s" ''
850
+
The time after which the servers are refreshed.
854
+
promTypes.http_sd_config = types.submodule {
514
-
type = types.listOf types.str;
516
-
A list of DNS SRV record names to be queried.
859
+
URL from which the targets are fetched.
520
-
refresh_interval = mkDefOpt types.str "30s" ''
521
-
The time after which the provided names are refreshed.
863
+
refresh_interval = mkDefOpt types.str "60s" ''
864
+
Refresh interval to re-query the endpoint.
867
+
basic_auth = mkOpt promTypes.basic_auth ''
868
+
Authentication information used to authenticate to the API server.
869
+
password and password_file are mutually exclusive.
872
+
proxy_url = mkOpt types.str ''
873
+
Optional proxy URL.
876
+
follow_redirects = mkDefOpt types.bool "true" ''
877
+
Configure whether HTTP requests follow HTTP 3xx redirects.
880
+
tls_config = mkOpt promTypes.tls_config ''
881
+
Configures the scrape request's TLS settings.
526
-
promTypes.consul_sd_config = types.submodule {
528
-
server = mkDefOpt types.str "localhost:8500" ''
529
-
Consul server to query.
886
+
promTypes.kubernetes_sd_config = mkSdConfigModule {
887
+
api_server = mkOpt types.str ''
888
+
The API server addresses. If left empty, Prometheus is assumed to run inside
889
+
of the cluster and will discover API servers automatically and use the pod's
890
+
CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
894
+
type = types.enum [ "endpoints" "service" "pod" "node" "ingress" ];
896
+
The Kubernetes role of entities that should be discovered.
897
+
One of endpoints, service, pod, node, or ingress.
532
-
token = mkOpt types.str "Consul token";
901
+
kubeconfig_file = mkOpt types.str ''
902
+
Optional path to a kubeconfig file.
903
+
Note that api_server and kube_config are mutually exclusive.
534
-
datacenter = mkOpt types.str "Consul datacenter";
910
+
names = mkOpt (types.listOf types.str) ''
916
+
Optional namespace discovery. If omitted, all namespaces are used.
536
-
scheme = mkDefOpt types.str "http" "Consul scheme";
538
-
username = mkOpt types.str "Consul username";
931
+
label = mkOpt types.str ''
540
-
password = mkOpt types.str "Consul password";
935
+
field = mkOpt types.str ''
942
+
Optional label and field selectors to limit the discovery process to a subset of available resources.
943
+
See https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors/
944
+
and https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ to learn more about the possible
945
+
filters that can be used. Endpoints role supports pod, service and endpoints selectors, other roles
946
+
only support selectors matching the role itself (e.g. node role can only contain node selectors).
542
-
tls_config = mkOpt promTypes.tls_config ''
543
-
Configures the Consul request's TLS settings.
948
+
Note: When making decision about using field/label selector make sure that this
949
+
is the best approach - it will prevent Prometheus from reusing single list/watch
950
+
for all scrape configs. This might result in a bigger load on the Kubernetes API,
951
+
because per each selector combination there will be additional LIST/WATCH. On the other hand,
952
+
if you just want to monitor small subset of pods in large cluster it's recommended to use selectors.
953
+
Decision, if selectors should be used or not depends on the particular situation.
957
+
promTypes.kuma_sd_config = mkSdConfigModule {
958
+
server = mkOption {
961
+
Address of the Kuma Control Plane's MADS xDS server.
965
+
refresh_interval = mkDefOpt types.str "30s" ''
966
+
The time to wait between polling update requests.
969
+
fetch_timeout = mkDefOpt types.str "2m" ''
970
+
The time after which the monitoring assignments are refreshed.
974
+
promTypes.lightsail_sd_config = types.submodule {
976
+
region = mkOpt types.str ''
977
+
The AWS region. If blank, the region from the instance metadata is used.
546
-
services = mkOpt (types.listOf types.str) ''
547
-
A list of services for which targets are retrieved.
980
+
endpoint = mkOpt types.str ''
981
+
Custom endpoint to be used.
984
+
access_key = mkOpt types.str ''
985
+
The AWS API keys. If blank, the environment variable <literal>AWS_ACCESS_KEY_ID</literal> is used.
550
-
tags = mkOpt (types.listOf types.str) ''
551
-
An optional list of tags used to filter nodes for a given
552
-
service. Services must contain all tags in the list.
988
+
secret_key = mkOpt types.str ''
989
+
The AWS API keys. If blank, the environment variable <literal>AWS_SECRET_ACCESS_KEY</literal> is used.
555
-
node_meta = mkOpt (types.attrsOf types.str) ''
556
-
Node metadata used to filter nodes for a given service.
992
+
profile = mkOpt types.str ''
993
+
Named AWS profile used to connect to the API.
559
-
tag_separator = mkDefOpt types.str "," ''
560
-
The string by which Consul tags are joined into the tag label.
996
+
role_arn = mkOpt types.str ''
997
+
AWS Role ARN, an alternative to using AWS API keys.
563
-
allow_stale = mkOpt types.bool ''
564
-
Allow stale Consul results
565
-
(see <link xlink:href="https://www.consul.io/api/index.html#consistency-modes"/>).
1000
+
refresh_interval = mkDefOpt types.str "60s" ''
1001
+
Refresh interval to re-read the instance list.
567
-
Will reduce load on Consul.
1004
+
port = mkDefOpt types.int "80" ''
1005
+
The port to scrape metrics from. If using the public IP address, this must
1006
+
instead be specified in the relabeling rule.
570
-
refresh_interval = mkDefOpt types.str "30s" ''
571
-
The time after which the provided names are refreshed.
1011
+
promTypes.linode_sd_config = mkSdConfigModule {
1012
+
port = mkDefOpt types.int "80" ''
1013
+
The port to scrape metrics from.
573
-
On large setup it might be a good idea to increase this value
574
-
because the catalog will change all the time.
1016
+
tag_separator = mkDefOpt types.str "," ''
1017
+
The string by which Linode Instance tags are joined into the tag label.
1020
+
refresh_interval = mkDefOpt types.str "60s" ''
1021
+
The time after which the linode instances are refreshed.
1025
+
promTypes.marathon_sd_config = mkSdConfigModule {
1026
+
servers = mkOption {
1027
+
type = types.listOf types.str;
1029
+
List of URLs to be used to contact Marathon servers. You need to provide at least one server URL.
1033
+
refresh_interval = mkDefOpt types.str "30s" ''
1037
+
auth_token = mkOpt types.str ''
1038
+
Optional authentication information for token-based authentication:
1039
+
<link xlink:href="https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token" />
1040
+
It is mutually exclusive with <literal>auth_token_file</literal> and other authentication mechanisms.
1043
+
auth_token_file = mkOpt types.str ''
1044
+
Optional authentication information for token-based authentication:
1045
+
<link xlink:href="https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token" />
1046
+
It is mutually exclusive with <literal>auth_token</literal> and other authentication mechanisms.
579
-
promTypes.file_sd_config = types.submodule {
1050
+
promTypes.nerve_sd_config = types.submodule {
1052
+
servers = mkOption {
1053
+
type = types.listOf types.str;
1055
+
The Zookeeper servers.
1059
+
paths = mkOption {
type = types.listOf types.str;
584
-
Patterns for files from which target groups are extracted. Refer
585
-
to the Prometheus documentation for permitted filename patterns
1062
+
Paths can point to a single service, or the root of a tree of services.
1066
+
timeout = mkDefOpt types.str "10s" ''
1072
+
promTypes.openstack_sd_config = types.submodule {
1075
+
userDescription = ''
1076
+
username is required if using Identity V2 API. Consult with your provider's
1077
+
control panel to discover your account's username. In Identity V3, either
1078
+
userid or a combination of username and domain_id or domain_name are needed.
1081
+
domainDescription = ''
1082
+
At most one of domain_id and domain_name must be provided if using username
1083
+
with Identity V3. Otherwise, either are optional.
1086
+
projectDescription = ''
1087
+
The project_id and project_name fields are optional for the Identity V2 API.
1088
+
Some providers allow you to specify a project_name instead of the project_id.
1089
+
Some require both. Your provider's authentication policies will determine
1090
+
how these fields influence authentication.
1093
+
applicationDescription = ''
1094
+
The application_credential_id or application_credential_name fields are
1095
+
required if using an application credential to authenticate. Some providers
1096
+
allow you to create an application credential to authenticate rather than a
1104
+
The OpenStack role of entities that should be discovered.
1108
+
region = mkOption {
1111
+
The OpenStack Region.
1115
+
identity_endpoint = mkOpt types.str ''
1116
+
identity_endpoint specifies the HTTP endpoint that is required to work with
1117
+
the Identity API of the appropriate version. While it's ultimately needed by
1118
+
all of the identity services, it will often be populated by a provider-level
1122
+
username = mkOpt types.str userDescription;
1123
+
userid = mkOpt types.str userDescription;
1125
+
password = mkOpt types.str ''
1126
+
password for the Identity V2 and V3 APIs. Consult with your provider's
1127
+
control panel to discover your account's preferred method of authentication.
1130
+
domain_name = mkOpt types.str domainDescription;
1131
+
domain_id = mkOpt types.str domainDescription;
1133
+
project_name = mkOpt types.str projectDescription;
1134
+
project_id = mkOpt types.str projectDescription;
1136
+
application_credential_name = mkOpt types.str applicationDescription;
1137
+
application_credential_id = mkOpt types.str applicationDescription;
1139
+
application_credential_secret = mkOpt types.str ''
1140
+
The application_credential_secret field is required if using an application
1141
+
credential to authenticate.
1144
+
all_tenants = mkDefOpt types.bool "false" ''
1145
+
Whether the service discovery should list all instances for all projects.
1146
+
It is only relevant for the 'instance' role and usually requires admin permissions.
1149
+
refresh_interval = mkDefOpt types.str "60s" ''
1150
+
Refresh interval to re-read the instance list.
1153
+
port = mkDefOpt types.int "80" ''
1154
+
The port to scrape metrics from. If using the public IP address, this must
1155
+
instead be specified in the relabeling rule.
1158
+
availability = mkDefOpt (types.enum [ "public" "admin" "internal" ]) "public" ''
1159
+
The availability of the endpoint to connect to. Must be one of public, admin or internal.
1162
+
tls_config = mkOpt promTypes.tls_config ''
1163
+
TLS configuration.
590
-
refresh_interval = mkDefOpt types.str "5m" ''
591
-
Refresh interval to re-read the files.
1168
+
promTypes.puppetdb_sd_config = mkSdConfigModule {
1172
+
The URL of the PuppetDB root query endpoint.
1176
+
query = mkOption {
1179
+
Puppet Query Language (PQL) query. Only resources are supported.
1180
+
https://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html
1184
+
include_parameters = mkDefOpt types.bool "false" ''
1185
+
Whether to include the parameters as meta labels.
1186
+
Due to the differences between parameter types and Prometheus labels,
1187
+
some parameters might not be rendered. The format of the parameters might
1188
+
also change in future releases.
1190
+
Note: Enabling this exposes parameters in the Prometheus UI and API. Make sure
1191
+
that you don't have secrets exposed as parameters if you enable this.
1194
+
refresh_interval = mkDefOpt types.str "60s" ''
1195
+
Refresh interval to re-read the resources list.
1198
+
port = mkDefOpt types.int "80" ''
1199
+
The port to scrape metrics from.
596
-
promTypes.gce_sd_config = types.submodule {
1203
+
promTypes.scaleway_sd_config = types.submodule {
598
-
# Use `mkOption` instead of `mkOpt` for project and zone because they are
599
-
# required configuration values for `gce_sd_config`.
600
-
project = mkOption {
1205
+
access_key = mkOption {
1208
+
Access key to use. https://console.scaleway.com/project/credentials
1212
+
secret_key = mkOpt types.str ''
1213
+
Secret key to use when listing targets. https://console.scaleway.com/project/credentials
1214
+
It is mutually exclusive with `secret_key_file`.
1217
+
secret_key_file = mkOpt types.str ''
1218
+
Sets the secret key with the credentials read from the configured file.
1219
+
It is mutually exclusive with `secret_key`.
1222
+
project_id = mkOption {
610
-
The zone of the scrape targets. If you need multiple zones use multiple
1225
+
Project ID of the targets.
1230
+
type = types.enum [ "instance" "baremetal" ];
1232
+
Role of the targets to retrieve. Must be `instance` or `baremetal`.
615
-
filter = mkOpt types.str ''
616
-
Filter can be used optionally to filter the instance list by other
617
-
criteria Syntax of this filter string is described here in the filter
618
-
query parameter section: <link
619
-
xlink:href="https://cloud.google.com/compute/docs/reference/latest/instances/list"
1236
+
port = mkDefOpt types.int "80" ''
1237
+
The port to scrape metrics from.
1240
+
api_url = mkDefOpt types.str "https://api.scaleway.com" ''
1241
+
API URL to use when doing the server listing requests.
1244
+
zone = mkDefOpt types.str "fr-par-1" ''
1245
+
Zone is the availability zone of your targets (e.g. fr-par-1).
1248
+
name_filter = mkOpt types.str ''
1249
+
Specify a name filter (works as a LIKE) to apply on the server listing request.
1252
+
tags_filter = mkOpt (types.listOf types.str) ''
1253
+
Specify a tag filter (a server needs to have all defined tags to be listed) to apply on the server listing request.
refresh_interval = mkDefOpt types.str "60s" ''
624
-
Refresh interval to re-read the cloud instance list.
1257
+
Refresh interval to re-read the managed targets list.
627
-
port = mkDefOpt types.port "80" ''
628
-
The port to scrape metrics from. If using the public IP address, this
629
-
must instead be specified in the relabeling rule.
1260
+
proxy_url = mkOpt types.str ''
1261
+
Optional proxy URL.
632
-
tag_separator = mkDefOpt types.str "," ''
633
-
The tag separator used to separate concatenated GCE instance network tags.
1264
+
follow_redirects = mkDefOpt types.bool "true" ''
1265
+
Configure whether HTTP requests follow HTTP 3xx redirects.
635
-
See the GCP documentation on network tags for more information: <link
636
-
xlink:href="https://cloud.google.com/vpc/docs/add-remove-network-tags"
1268
+
tls_config = mkOpt promTypes.tls_config ''
1269
+
TLS configuration.
1274
+
# These are exactly the same.
1275
+
promTypes.serverset_sd_config = promTypes.nerve_sd_config;
1277
+
promTypes.triton_sd_config = types.submodule {
1279
+
account = mkOption {
1282
+
The account to use for discovering new targets.
1286
+
role = mkDefOpt (types.enum [ "container" "cn" ]) "container" ''
1287
+
The type of targets to discover, can be set to:
1288
+
- "container" to discover virtual machines (SmartOS zones, lx/KVM/bhyve branded zones) running on Triton
1289
+
- "cn" to discover compute nodes (servers/global zones) making up the Triton infrastructure
1292
+
dns_suffix = mkOption {
1295
+
The DNS suffix which should be applied to target.
1299
+
endpoint = mkOption {
1302
+
The Triton discovery endpoint (e.g. <literal>cmon.us-east-3b.triton.zone</literal>). This is
1303
+
often the same value as dns_suffix.
1307
+
groups = mkOpt (types.listOf types.str) ''
1308
+
A list of groups for which targets are retrieved, only supported when targeting the <literal>container</literal> role.
1309
+
If omitted all containers owned by the requesting account are scraped.
1312
+
port = mkDefOpt types.int "9163" ''
1313
+
The port to use for discovery and metric scraping.
1316
+
refresh_interval = mkDefOpt types.str "60s" ''
1317
+
The interval which should be used for refreshing targets.
1320
+
version = mkDefOpt types.int "1" ''
1321
+
The Triton discovery API version.
1324
+
tls_config = mkOpt promTypes.tls_config ''
1325
+
TLS configuration.
1330
+
promTypes.uyuni_sd_config = mkSdConfigModule {
1331
+
server = mkOption {
1334
+
The URL to connect to the Uyuni server.
1338
+
username = mkOption {
1341
+
Credentials are used to authenticate the requests to Uyuni API.
1345
+
password = mkOption {
1348
+
Credentials are used to authenticate the requests to Uyuni API.
1352
+
entitlement = mkDefOpt types.str "monitoring_entitled" ''
1353
+
The entitlement string to filter eligible systems.
1356
+
separator = mkDefOpt types.str "," ''
1357
+
The string by which Uyuni group names are joined into the groups label
1360
+
refresh_interval = mkDefOpt types.str "60s" ''
1361
+
Refresh interval to re-read the managed targets list.
1365
+
promTypes.static_config = types.submodule {
1367
+
targets = mkOption {
1368
+
type = types.listOf types.str;
1370
+
The targets specified by the target group.
1373
+
labels = mkOption {
1374
+
type = types.attrsOf types.str;
1377
+
Labels assigned to all metrics scraped from the targets.
1384
+
# Config types: relabling
promTypes.relabel_config = types.submodule {
source_labels = mkOpt (types.listOf types.str) ''
···
673
-
mkDefOpt (types.enum ["replace" "keep" "drop" "hashmod" "labelmap" "labeldrop" "labelkeep"]) "replace" ''
674
-
Action to perform based on regex matching.
1418
+
mkDefOpt (types.enum [ "replace" "keep" "drop" "hashmod" "labelmap" "labeldrop" "labelkeep" ]) "replace" ''
1419
+
Action to perform based on regex matching.
1425
+
# Config types : remote read / write
1428
+
promTypes.remote_write = types.submodule {
1433
+
ServerName extension to indicate the name of the server.
1434
+
http://tools.ietf.org/html/rfc4366#section-3.1
1437
+
remote_timeout = mkOpt types.str ''
1438
+
Timeout for requests to the remote write endpoint.
1440
+
write_relabel_configs = mkOpt (types.listOf promTypes.relabel_config) ''
1441
+
List of remote write relabel configurations.
1443
+
name = mkOpt types.str ''
1444
+
Name of the remote write config, which if specified must be unique among remote write configs.
1445
+
The name will be used in metrics and logging in place of a generated value to help users distinguish between
1446
+
remote write configs.
1448
+
basic_auth = mkOpt promTypes.basic_auth ''
1449
+
Sets the `Authorization` header on every remote write request with the
1450
+
configured username and password.
1451
+
password and password_file are mutually exclusive.
1453
+
bearer_token = mkOpt types.str ''
1454
+
Sets the `Authorization` header on every remote write request with
1455
+
the configured bearer token. It is mutually exclusive with `bearer_token_file`.
1457
+
bearer_token_file = mkOpt types.str ''
1458
+
Sets the `Authorization` header on every remote write request with the bearer token
1459
+
read from the configured file. It is mutually exclusive with `bearer_token`.
1461
+
tls_config = mkOpt promTypes.tls_config ''
1462
+
Configures the remote write request's TLS settings.
1464
+
proxy_url = mkOpt types.str "Optional Proxy URL.";
1465
+
queue_config = mkOpt
1466
+
(types.submodule {
1468
+
capacity = mkOpt types.int ''
1469
+
Number of samples to buffer per shard before we block reading of more
1470
+
samples from the WAL. It is recommended to have enough capacity in each
1471
+
shard to buffer several requests to keep throughput up while processing
1472
+
occasional slow remote requests.
1474
+
max_shards = mkOpt types.int ''
1475
+
Maximum number of shards, i.e. amount of concurrency.
1477
+
min_shards = mkOpt types.int ''
1478
+
Minimum number of shards, i.e. amount of concurrency.
1480
+
max_samples_per_send = mkOpt types.int ''
1481
+
Maximum number of samples per send.
1483
+
batch_send_deadline = mkOpt types.str ''
1484
+
Maximum time a sample will wait in buffer.
1486
+
min_backoff = mkOpt types.str ''
1487
+
Initial retry delay. Gets doubled for every retry.
1489
+
max_backoff = mkOpt types.str ''
1490
+
Maximum retry delay.
1494
+
Configures the queue used to write to remote storage.
1496
+
metadata_config = mkOpt
1497
+
(types.submodule {
1499
+
send = mkOpt types.bool ''
1500
+
Whether metric metadata is sent to remote storage or not.
1502
+
send_interval = mkOpt types.str ''
1503
+
How frequently metric metadata is sent to remote storage.
1507
+
Configures the sending of series metadata to remote storage.
1508
+
Metadata configuration is subject to change at any point
1509
+
or be removed in future releases.
679
-
promTypes.tls_config = types.submodule {
1514
+
promTypes.remote_read = types.submodule {
681
-
ca_file = mkOpt types.str ''
682
-
CA certificate to validate API server certificate with.
1519
+
ServerName extension to indicate the name of the server.
1520
+
http://tools.ietf.org/html/rfc4366#section-3.1
1523
+
name = mkOpt types.str ''
1524
+
Name of the remote read config, which if specified must be unique among remote read configs.
1525
+
The name will be used in metrics and logging in place of a generated value to help users distinguish between
1526
+
remote read configs.
685
-
cert_file = mkOpt types.str ''
686
-
Certificate file for client cert authentication to the server.
1528
+
required_matchers = mkOpt (types.attrsOf types.str) ''
1529
+
An optional list of equality matchers which have to be
1530
+
present in a selector to query the remote read endpoint.
689
-
key_file = mkOpt types.str ''
690
-
Key file for client cert authentication to the server.
1532
+
remote_timeout = mkOpt types.str ''
1533
+
Timeout for requests to the remote read endpoint.
693
-
server_name = mkOpt types.str ''
694
-
ServerName extension to indicate the name of the server.
695
-
http://tools.ietf.org/html/rfc4366#section-3.1
1535
+
read_recent = mkOpt types.bool ''
1536
+
Whether reads should be made for queries for time ranges that
1537
+
the local storage should have complete data for.
698
-
insecure_skip_verify = mkOpt types.bool ''
699
-
Disable validation of the server certificate.
1539
+
basic_auth = mkOpt promTypes.basic_auth ''
1540
+
Sets the `Authorization` header on every remote read request with the
1541
+
configured username and password.
1542
+
password and password_file are mutually exclusive.
1544
+
bearer_token = mkOpt types.str ''
1545
+
Sets the `Authorization` header on every remote read request with
1546
+
the configured bearer token. It is mutually exclusive with `bearer_token_file`.
1548
+
bearer_token_file = mkOpt types.str ''
1549
+
Sets the `Authorization` header on every remote read request with the bearer token
1550
+
read from the configured file. It is mutually exclusive with `bearer_token`.
1552
+
tls_config = mkOpt promTypes.tls_config ''
1553
+
Configures the remote read request's TLS settings.
1555
+
proxy_url = mkOpt types.str "Optional Proxy URL.";
(mkRenamedOptionModule [ "services" "prometheus2" ] [ "services" "prometheus" ])
···
type = types.listOf types.str;
Extra commandline options when launching Prometheus.
···
globalConfig = mkOption {
type = promTypes.globalConfig;
Parameters that are valid in all configuration contexts. They
also serve as defaults for other configuration sections
···
type = types.listOf promTypes.remote_read;
Parameters of the endpoints to query from.
See <link xlink:href="https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read">the official documentation</link> for more information.
···
type = types.listOf promTypes.remote_write;
Parameters of the endpoints to send samples to.
See <link xlink:href="https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write">the official documentation</link> for more information.
···
type = types.listOf types.str;
Alerting and/or Recording rules to evaluate at runtime.
···
type = types.listOf types.path;
Any additional rules files to include in this configuration.
···
scrapeConfigs = mkOption {
type = types.listOf promTypes.scrape_config;
A list of scrape configurations.
···
A list of alertmanagers to send alerts to.
See <link xlink:href="https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config">the official documentation</link> for more information.
···
config = mkIf cfg.enable {
# Match something with dots (an IPv4 address) or something ending in
# a square bracket (an IPv6 addresses) followed by a port number.
legacy = builtins.match "(.*\\..*|.*]):([[:digit:]]+)" cfg.listenAddress;
assertion = legacy == null;
Do not specify the port for Prometheus to listen on in the
···
systemd.services.prometheus = {
wantedBy = [ "multi-user.target" ];
977
-
after = [ "network.target" ];
1835
+
after = [ "network.target" ];
preStart = mkIf (!cfg.enableReload) ''
979
-
${lib.getBin pkgs.envsubst}/bin/envsubst -o "/run/prometheus/prometheus-substituted.yaml" \
980
-
-i "${prometheusYml}"
1837
+
${lib.getBin pkgs.envsubst}/bin/envsubst -o "/run/prometheus/prometheus-substituted.yaml" \
1838
+
-i "${prometheusYml}"
ExecStart = "${cfg.package}/bin/prometheus" +
···
concatStringsSep " \\\n " cmdlineArgs);
ExecReload = mkIf cfg.enableReload "+${reload}/bin/reload-prometheus";
988
-
Restart = "always";
1846
+
Restart = "always";
EnvironmentFile = mkIf (cfg.environmentFile != null && !cfg.enableReload) [ cfg.environmentFile ];
RuntimeDirectory = "prometheus";
RuntimeDirectoryMode = "0700";
pyrox.dev