simon/nixpkgs-overlay
simon/nixpkgs-overlay
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
nixpkgs-overlay/hcloud_exporter/module.nix

76 lines
2.7 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, lib, options, pkgs, ... }:
let
cfg = config.services.hcloud_exporter;
in
{
options.services.hcloud_exporter = {
enable = lib.mkEnableOption "the prometheus hcloud exporter";
package = lib.mkOption {
type = lib.types.package;
default = pkgs.hcloud_exporter;
description = "The package to use for hcloud_exporter";
};
listenAddress = lib.mkOption {
type = lib.types.str;
default = "0.0.0.0:9501";
example = "127.0.0.1:9501";
description = "The address hcloud_exporter should listen on";
};
collectors = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ "floating-ips" "images" "pricing" "servers" "ssh-keys" ];
example = [ "servers" "volumes" ];
description = "The collectors to enable";
};
environmentFile = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
example = "/path/to/hcloud_exporter.env";
description = ''
A file including environment variables being passed to hcloud_exporter
to allow storing the token outside of the nix store.
It should be formatted according to the specification of systemd.exec(5)s EnvironmentFile.
'';
};
};
config = {
systemd.services.hcloud_exporter = lib.mkIf cfg.enable {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
environment = {
HCLOUD_EXPORTER_WEB_ADDRESS = cfg.listenAddress;
} // (
let
defaultCollectors = options.services.hcloud_exporter.collectors.default;
enabledCollectors = cfg.collectors;
disabledCollectors = lib.subtractLists enabledCollectors defaultCollectors;
collectorAttrs = lib.listToAttrs
(map (lib.flip lib.nameValuePair "true") enabledCollectors
++ map (lib.flip lib.nameValuePair "false") disabledCollectors);
toUpperSnakeCase = x: lib.toUpper (lib.replaceStrings [ "-" ] [ "_" ] x);
collectorStateToEnv = collector: state: lib.nameValuePair "HCLOUD_EXPORTER_COLLECTOR_${toUpperSnakeCase collector}" state;
in
lib.mapAttrs' collectorStateToEnv collectorAttrs
);
serviceConfig = {
ExecStart = "${cfg.package}/bin/hcloud_exporter";
Restart = "always";
EnvironmentFile = cfg.environmentFile;
# systemd-analyze --no-pager security hcloud_exporter.service
CapabilityBoundingSet = null;
DynamicUser = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectHome = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
SystemCallArchitectures = "native";
SystemCallFilter = "@system-service";
};
};
};
}
Reference in a new issue View git blame Copy permalink