From 6c8d45fb20c40a8ccc73130d026d487b887a3de4 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 28 Oct 2024 04:10:45 +0100 Subject: module: add prometheus-node-exporter service --- .../monitoring/prometheus-node-exporter.nix | 117 +++++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 modules/services/monitoring/prometheus-node-exporter.nix (limited to 'modules/services/monitoring/prometheus-node-exporter.nix') diff --git a/modules/services/monitoring/prometheus-node-exporter.nix b/modules/services/monitoring/prometheus-node-exporter.nix new file mode 100644 index 0000000..752dc0f --- /dev/null +++ b/modules/services/monitoring/prometheus-node-exporter.nix @@ -0,0 +1,117 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) + concatStringsSep + escapeShellArgs + getExe + mkEnableOption + mkIf + mkOption + mkPackageOption + mkRemovedOptionModule + types + ; + + cfg = config.services.prometheus.exporters.node; +in { + imports = [ + (mkRemovedOptionModule [ "services" "prometheus" "exporters" "node" "openFirewall" ] "No nix-darwin equivalent to this NixOS option.") + (mkRemovedOptionModule [ "services" "prometheus" "exporters" "node" "firewallFilter" ] "No nix-darwin equivalent to this NixOS option.") + (mkRemovedOptionModule [ "services" "prometheus" "exporters" "node" "firewallRules" ] "No nix-darwin equivalent to this NixOS option.") + ]; + + options = { + services.prometheus.exporters.node = { + enable = mkEnableOption "Prometheus Node exporter"; + + package = mkPackageOption pkgs "prometheus-node-exporter" { }; + + listenAddress = mkOption { + type = types.str; + default = ""; + example = "0.0.0.0"; + description = '' + Address where Node exporter exposes its HTTP interface. Leave empty to bind to all addresses. + ''; + }; + + port = mkOption { + type = types.port; + default = 9100; + description = '' + Port where the Node exporter exposes its HTTP interface. + ''; + }; + + extraFlags = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "--log.level=debug" ]; + description = '' + Extra commandline options to pass to the Node exporter executable. + ''; + }; + + enabledCollectors = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + Collectors to enable in addition to the ones that are [enabled by default](https://github.com/prometheus/node_exporter#enabled-by-default). + ''; + }; + + disabledCollectors = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "boottime" ]; + description = '' + Collectors to disable from the list of collectors that are [enabled by default](https://github.com/prometheus/node_exporter#enabled-by-default). + ''; + }; + }; + }; + + config = mkIf cfg.enable { + users.users._prometheus-node-exporter = { + uid = config.ids.uids._prometheus-node-exporter; + gid = config.ids.gids._prometheus-node-exporter; + home = "/var/empty"; + shell = "/usr/bin/false"; + description = "System user for the Prometheus Node exporter"; + }; + + users.groups._prometheus-node-exporter = { + gid = config.ids.gids._prometheus-node-exporter; + description = "System group for the Prometheus Node exporter"; + }; + + users.knownGroups = [ "_prometheus-node-exporter" ]; + users.knownUsers = [ "_prometheus-node-exporter" ]; + + launchd.daemons.prometheus-node-exporter = { + script = concatStringsSep " " + ([ + (getExe cfg.package) + "--web.listen-address" + "${cfg.listenAddress}:${toString cfg.port}" + ] + ++ (map (collector: "--collector.${collector}") cfg.enabledCollectors) + ++ (map (collector: "--no-collector.${collector}") cfg.disabledCollectors) + ) + escapeShellArgs cfg.extraFlags; + serviceConfig = { + KeepAlive = true; + RunAtLoad = true; + StandardErrorPath = "/var/log/prometheus-node-exporter.log"; + StandardOutPath = "/var/log/prometheus-node-exporter.log"; + GroupName = "_prometheus-node-exporter"; + UserName = "_prometheus-node-exporter"; + }; + }; + }; +} -- cgit v1.2.3 From 84d14d404325380ec180f580332e8e85df232d06 Mon Sep 17 00:00:00 2001 From: Emily Date: Tue, 5 Nov 2024 02:59:00 +0000 Subject: prometheus-node-exporter: fix log permissions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The daemon won’t start as the assigned user doesn’t have permissions to create the log file. --- modules/services/monitoring/prometheus-node-exporter.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'modules/services/monitoring/prometheus-node-exporter.nix') diff --git a/modules/services/monitoring/prometheus-node-exporter.nix b/modules/services/monitoring/prometheus-node-exporter.nix index 752dc0f..7f58055 100644 --- a/modules/services/monitoring/prometheus-node-exporter.nix +++ b/modules/services/monitoring/prometheus-node-exporter.nix @@ -81,7 +81,8 @@ in { users.users._prometheus-node-exporter = { uid = config.ids.uids._prometheus-node-exporter; gid = config.ids.gids._prometheus-node-exporter; - home = "/var/empty"; + home = "/var/lib/prometheus-node-exporter"; + createHome = true; shell = "/usr/bin/false"; description = "System user for the Prometheus Node exporter"; }; @@ -104,11 +105,14 @@ in { ++ (map (collector: "--collector.${collector}") cfg.enabledCollectors) ++ (map (collector: "--no-collector.${collector}") cfg.disabledCollectors) ) + escapeShellArgs cfg.extraFlags; - serviceConfig = { + serviceConfig = let + logPath = config.users.users._prometheus-node-exporter.home + + "/prometheus-node-exporter.log"; + in { KeepAlive = true; RunAtLoad = true; - StandardErrorPath = "/var/log/prometheus-node-exporter.log"; - StandardOutPath = "/var/log/prometheus-node-exporter.log"; + StandardErrorPath = logPath; + StandardOutPath = logPath; GroupName = "_prometheus-node-exporter"; UserName = "_prometheus-node-exporter"; }; -- cgit v1.2.3