hcloud_exporter: init module

hcloud_exporter: init at unstable-2021-06-07
2021-08-28 13:40:28 +02:00 · 2021-08-28 13:40:06 +02:00
4 changed files with 109 additions and 0 deletions
--- a/default.nix
+++ b/default.nix
@ -27,6 +27,8 @@ in

  gust_tools = callPackage ./gust_tools { };

+  hcloud_exporter = callPackage ./hcloud_exporter { };
+
  httpdirfs = callPackage ./httpdirfs { };

  mpvScripts = prev.mpvScripts // {
--- a/flake.nix
+++ b/flake.nix
@ -11,6 +11,14 @@

  outputs = { self, flake-utils, nixpkgs, nix-pre-commit-hooks }: {
    overlay = import ./default.nix;
+
+    nixosModules =
+      let
+        inherit (nixpkgs) lib;
+      in
+      {
+        hcloud_exporter.imports = lib.singleton ./hcloud_exporter/module.nix;
+      };
  } // flake-utils.lib.eachDefaultSystem (system:
    let
      pkgs = import nixpkgs { inherit system; overlays = [ self.overlay ]; };
@ -40,6 +48,7 @@
            fSpy
            face_morpher
            gust_tools
+            hcloud_exporter
            httpdirfs
            nsz
            oha
--- a/hcloud_exporter/default.nix
+++ b/hcloud_exporter/default.nix
@ -0,0 +1,23 @@
+{ lib, buildGoModule, fetchFromGitHub }:
+
+buildGoModule rec {
+  pname = "hcloud_exporter";
+  version = "unstable-2021-06-07";
+
+  src = fetchFromGitHub {
+    owner = "promhippie";
+    repo = pname;
+    rev = "f22c52bf79ecafafdecf6a3b6dd3642b51b20ddb";
+    sha256 = "sha256-7UJhM/HLhRySTQ1lNLMgfKD9GDOivRMhGGNVLQknMLA=";
+  };
+
+  vendorSha256 = "sha256-qWYj/BCuY/995pLiBUoMtKvDV81j17c2GJeqhgBWn74=";
+
+  meta = with lib; {
+    description = "Prometheus exporter for Hetzner Cloud";
+    homepage = "https://promhippie.github.io/hcloud_exporter/";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ sbruder ];
+    platforms = platforms.linux;
+  };
+}
--- a/hcloud_exporter/module.nix
+++ b/hcloud_exporter/module.nix
@ -0,0 +1,75 @@
+{ config, lib, options, pkgs, ... }:
+let
+  cfg = config.services.hcloud_exporter;
+in
+{
+  options.services.hcloud_exporter = {
+    enable = lib.mkEnableOption "the prometheus hcloud exporter";
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.hcloud_exporter;
+      description = "The package to use for hcloud_exporter";
+    };
+    listenAddress = lib.mkOption {
+      type = lib.types.str;
+      default = "0.0.0.0:9501";
+      example = "127.0.0.1:9501";
+      description = "The address hcloud_exporter should listen on";
+    };
+    collectors = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ "floating-ips" "images" "pricing" "servers" "ssh-keys" ];
+      example = [ "servers" "volumes" ];
+      description = "The collectors to enable";
+    };
+    environmentFile = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      example = "/path/to/hcloud_exporter.env";
+      description = ''
+        A file including environment variables being passed to hcloud_exporter
+        to allow storing the token outside of the nix store.
+        It should be formatted according to the specification of systemd.exec(5)’s EnvironmentFile.
+      '';
+    };
+  };
+
+  config = {
+    systemd.services.hcloud_exporter = lib.mkIf cfg.enable {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      environment = {
+        HCLOUD_EXPORTER_WEB_ADDRESS = cfg.listenAddress;
+      } // (
+        let
+          defaultCollectors = options.services.hcloud_exporter.collectors.default;
+          enabledCollectors = cfg.collectors;
+          disabledCollectors = lib.subtractLists enabledCollectors defaultCollectors;
+          collectorAttrs = lib.listToAttrs
+            (map (lib.flip lib.nameValuePair "true") enabledCollectors
+              ++ map (lib.flip lib.nameValuePair "false") disabledCollectors);
+          toUpperSnakeCase = x: lib.toUpper (lib.replaceStrings [ "-" ] [ "_" ] x);
+          collectorStateToEnv = collector: state: lib.nameValuePair "HCLOUD_EXPORTER_COLLECTOR_${toUpperSnakeCase collector}" state;
+        in
+        lib.mapAttrs' collectorStateToEnv collectorAttrs
+      );
+      serviceConfig = {
+        ExecStart = "${cfg.package}/bin/hcloud_exporter";
+        Restart = "always";
+
+        EnvironmentFile = cfg.environmentFile;
+
+        # systemd-analyze --no-pager security hcloud_exporter.service
+        CapabilityBoundingSet = null;
+        DynamicUser = true;
+        PrivateDevices = true;
+        PrivateUsers = true;
+        ProtectHome = true;
+        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+        RestrictNamespaces = true;
+        SystemCallArchitectures = "native";
+        SystemCallFilter = "@system-service";
+      };
+    };
+  };
+}
Author	SHA1	Message	Date
Simon Bruder	f28ea2244d	hcloud_exporter: init module	2021-08-28 13:40:28 +02:00
Simon Bruder	a8809bfcd4	hcloud_exporter: init at unstable-2021-06-07	2021-08-28 13:40:06 +02:00