mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-11-12 10:43:16 +01:00
98 lines
2.9 KiB
Nix
98 lines
2.9 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.services.prometheus.exporters.chrony;
|
|
inherit (lib)
|
|
mkOption
|
|
types
|
|
concatStringsSep
|
|
concatMapStringsSep
|
|
;
|
|
in
|
|
{
|
|
port = 9123;
|
|
extraOpts = {
|
|
chronyServerAddress = mkOption {
|
|
type = types.str;
|
|
default = "unix:///run/chrony/chronyd.sock";
|
|
example = [ "192.82.0.1:323" ];
|
|
description = ''
|
|
ChronyServerAddress of the chrony server side command port. (Not enabled by default.)
|
|
Defaults to the local unix socket.
|
|
'';
|
|
};
|
|
user = mkOption {
|
|
type = types.str;
|
|
default = "chrony";
|
|
description = ''
|
|
User name under which the chrony exporter shall be run.
|
|
This allows the exporter to talk to chrony using a unix socket, which is owned by chrony.
|
|
The exporter startup with the default user chrony will fail without local chrony instance.
|
|
'';
|
|
};
|
|
group = mkOption {
|
|
type = types.str;
|
|
default = "chrony";
|
|
description = ''
|
|
Group under which the chrony exporter shall be run.
|
|
This allows the exporter to talk to chrony using a unix socket, which is owned by chrony group.
|
|
The service startup with the default group chrony will fail without local chrony instance.
|
|
'';
|
|
};
|
|
enabledCollectors = mkOption {
|
|
type = types.listOf types.str;
|
|
default = [
|
|
"tracking"
|
|
"sources"
|
|
"sources.with-ntpdata"
|
|
"serverstats"
|
|
"dns-lookups"
|
|
];
|
|
example = [ "dns-lookups" ];
|
|
description = ''
|
|
Collectors to enable.
|
|
Currently all collectors are enabled by default.
|
|
'';
|
|
};
|
|
disabledCollectors = mkOption {
|
|
type = types.listOf types.str;
|
|
default = [ ];
|
|
example = [ "sources.with-ntpdata" ];
|
|
description = ''
|
|
Collectors to disable which are enabled by default.
|
|
Disable sources.with-ntpdata for network scraper. Option requires unix socket.
|
|
'';
|
|
};
|
|
};
|
|
serviceOpts = {
|
|
serviceConfig = {
|
|
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
|
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
|
|
MemoryDenyWriteExecute = true;
|
|
NoNewPrivileges = true;
|
|
ProtectClock = true;
|
|
ProtectSystem = "strict";
|
|
Restart = "on-failure";
|
|
RestrictAddressFamilies = [
|
|
"AF_INET"
|
|
"AF_INET6"
|
|
"AF_UNIX"
|
|
];
|
|
RestrictNamespaces = true;
|
|
RestrictRealtime = true;
|
|
ExecStart = ''
|
|
${lib.getExe pkgs.prometheus-chrony-exporter} \
|
|
${concatMapStringsSep " " (x: "--collector." + x) cfg.enabledCollectors} \
|
|
${concatMapStringsSep " " (x: "--no-collector." + x) cfg.disabledCollectors} \
|
|
--chrony.address ${cfg.chronyServerAddress} \
|
|
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
|
${concatStringsSep " " cfg.extraFlags}
|
|
'';
|
|
};
|
|
};
|
|
}
|