Compare commits
2 Commits
a0fbcbb920
...
f28ea2244d
Author | SHA1 | Date |
---|---|---|
Simon Bruder | f28ea2244d | |
Simon Bruder | a8809bfcd4 |
|
@ -27,6 +27,8 @@ in
|
|||
|
||||
gust_tools = callPackage ./gust_tools { };
|
||||
|
||||
hcloud_exporter = callPackage ./hcloud_exporter { };
|
||||
|
||||
httpdirfs = callPackage ./httpdirfs { };
|
||||
|
||||
mpvScripts = prev.mpvScripts // {
|
||||
|
|
|
@ -11,6 +11,14 @@
|
|||
|
||||
outputs = { self, flake-utils, nixpkgs, nix-pre-commit-hooks }: {
|
||||
overlay = import ./default.nix;
|
||||
|
||||
nixosModules =
|
||||
let
|
||||
inherit (nixpkgs) lib;
|
||||
in
|
||||
{
|
||||
hcloud_exporter.imports = lib.singleton ./hcloud_exporter/module.nix;
|
||||
};
|
||||
} // flake-utils.lib.eachDefaultSystem (system:
|
||||
let
|
||||
pkgs = import nixpkgs { inherit system; overlays = [ self.overlay ]; };
|
||||
|
@ -40,6 +48,7 @@
|
|||
fSpy
|
||||
face_morpher
|
||||
gust_tools
|
||||
hcloud_exporter
|
||||
httpdirfs
|
||||
nsz
|
||||
oha
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
{ lib, buildGoModule, fetchFromGitHub }:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "hcloud_exporter";
|
||||
version = "unstable-2021-06-07";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "promhippie";
|
||||
repo = pname;
|
||||
rev = "f22c52bf79ecafafdecf6a3b6dd3642b51b20ddb";
|
||||
sha256 = "sha256-7UJhM/HLhRySTQ1lNLMgfKD9GDOivRMhGGNVLQknMLA=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-qWYj/BCuY/995pLiBUoMtKvDV81j17c2GJeqhgBWn74=";
|
||||
|
||||
meta = with lib; {
|
||||
description = "Prometheus exporter for Hetzner Cloud";
|
||||
homepage = "https://promhippie.github.io/hcloud_exporter/";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ sbruder ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
|
@ -0,0 +1,75 @@
|
|||
{ config, lib, options, pkgs, ... }:
|
||||
let
|
||||
cfg = config.services.hcloud_exporter;
|
||||
in
|
||||
{
|
||||
options.services.hcloud_exporter = {
|
||||
enable = lib.mkEnableOption "the prometheus hcloud exporter";
|
||||
package = lib.mkOption {
|
||||
type = lib.types.package;
|
||||
default = pkgs.hcloud_exporter;
|
||||
description = "The package to use for hcloud_exporter";
|
||||
};
|
||||
listenAddress = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "0.0.0.0:9501";
|
||||
example = "127.0.0.1:9501";
|
||||
description = "The address hcloud_exporter should listen on";
|
||||
};
|
||||
collectors = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [ "floating-ips" "images" "pricing" "servers" "ssh-keys" ];
|
||||
example = [ "servers" "volumes" ];
|
||||
description = "The collectors to enable";
|
||||
};
|
||||
environmentFile = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default = null;
|
||||
example = "/path/to/hcloud_exporter.env";
|
||||
description = ''
|
||||
A file including environment variables being passed to hcloud_exporter
|
||||
to allow storing the token outside of the nix store.
|
||||
It should be formatted according to the specification of systemd.exec(5)’s EnvironmentFile.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
systemd.services.hcloud_exporter = lib.mkIf cfg.enable {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
environment = {
|
||||
HCLOUD_EXPORTER_WEB_ADDRESS = cfg.listenAddress;
|
||||
} // (
|
||||
let
|
||||
defaultCollectors = options.services.hcloud_exporter.collectors.default;
|
||||
enabledCollectors = cfg.collectors;
|
||||
disabledCollectors = lib.subtractLists enabledCollectors defaultCollectors;
|
||||
collectorAttrs = lib.listToAttrs
|
||||
(map (lib.flip lib.nameValuePair "true") enabledCollectors
|
||||
++ map (lib.flip lib.nameValuePair "false") disabledCollectors);
|
||||
toUpperSnakeCase = x: lib.toUpper (lib.replaceStrings [ "-" ] [ "_" ] x);
|
||||
collectorStateToEnv = collector: state: lib.nameValuePair "HCLOUD_EXPORTER_COLLECTOR_${toUpperSnakeCase collector}" state;
|
||||
in
|
||||
lib.mapAttrs' collectorStateToEnv collectorAttrs
|
||||
);
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/hcloud_exporter";
|
||||
Restart = "always";
|
||||
|
||||
EnvironmentFile = cfg.environmentFile;
|
||||
|
||||
# systemd-analyze --no-pager security hcloud_exporter.service
|
||||
CapabilityBoundingSet = null;
|
||||
DynamicUser = true;
|
||||
PrivateDevices = true;
|
||||
PrivateUsers = true;
|
||||
ProtectHome = true;
|
||||
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
||||
RestrictNamespaces = true;
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = "@system-service";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue