mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-10-30 22:21:26 +00:00
nixos/prometheus/unbound-exporter: update for new package
The command line interface changed slightly, but still supports the TCP as well as the UDS control interface.
This commit is contained in:
parent
c52b0593cf
commit
73c5a5a778
@ -116,6 +116,9 @@
|
||||
|
||||
- The ISC DHCP package and corresponding module have been removed, because they are end of life upstream. See https://www.isc.org/blogs/isc-dhcp-eol/ for details and switch to a different DHCP implementation like kea or dnsmasq.
|
||||
|
||||
- `prometheus-unbound-exporter` has been replaced by the Let's Encrypt maintained version, since the previous version was archived. This requires some changes to the module configuration, most notable `controlInterface` needs migration
|
||||
towards `unbound.host` and requires either the `tcp://` or `unix://` URI scheme.
|
||||
|
||||
- `odoo` now defaults to 16, updated from 15.
|
||||
|
||||
- `util-linux` is now supported on Darwin and is no longer an alias to `unixtools`. Use the `unixtools.util-linux` package for access to the Apple variants of the utilities.
|
||||
|
@ -1,4 +1,8 @@
|
||||
{ config, lib, pkgs, options }:
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, options
|
||||
}:
|
||||
|
||||
with lib;
|
||||
|
||||
@ -6,17 +10,14 @@ let
|
||||
cfg = config.services.prometheus.exporters.unbound;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "controlInterface" ] "This option was removed, use the `unbound.host` option instead.")
|
||||
(mkRemovedOptionModule [ "fetchType" ] "This option was removed, use the `unbound.host` option instead.")
|
||||
({ options.warnings = options.warnings; options.assertions = options.assertions; })
|
||||
];
|
||||
|
||||
port = 9167;
|
||||
extraOpts = {
|
||||
fetchType = mkOption {
|
||||
# TODO: add shm when upstream implemented it
|
||||
type = types.enum [ "tcp" "uds" ];
|
||||
default = "uds";
|
||||
description = lib.mdDoc ''
|
||||
Which methods the exporter uses to get the information from unbound.
|
||||
'';
|
||||
};
|
||||
|
||||
telemetryPath = mkOption {
|
||||
type = types.str;
|
||||
default = "/metrics";
|
||||
@ -25,34 +26,65 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
controlInterface = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "/run/unbound/unbound.socket";
|
||||
description = lib.mdDoc ''
|
||||
Path to the unbound socket for uds mode or the control interface port for tcp mode.
|
||||
unbound = {
|
||||
ca = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = "/var/lib/unbound/unbound_server.pem";
|
||||
example = null;
|
||||
description = ''
|
||||
Path to the Unbound server certificate authority
|
||||
'';
|
||||
};
|
||||
|
||||
Example:
|
||||
uds-mode: /run/unbound/unbound.socket
|
||||
tcp-mode: 127.0.0.1:8953
|
||||
'';
|
||||
certificate = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = "/var/lib/unbound/unbound_control.pem";
|
||||
example = null;
|
||||
description = ''
|
||||
Path to the Unbound control socket certificate
|
||||
'';
|
||||
};
|
||||
|
||||
key = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = "/var/lib/unbound/unbound_control.key";
|
||||
example = null;
|
||||
description = ''
|
||||
Path to the Unbound control socket key.
|
||||
'';
|
||||
};
|
||||
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
default = "tcp://127.0.0.1:8953";
|
||||
example = "unix:///run/unbound/unbound.socket";
|
||||
description = lib.mdDoc ''
|
||||
Path to the unbound control socket. Supports unix domain sockets, as well as the TCP interface.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
serviceOpts = mkMerge ([{
|
||||
serviceConfig = {
|
||||
User = "unbound"; # to access the unbound_control.key
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-unbound-exporter}/bin/unbound-telemetry \
|
||||
${cfg.fetchType} \
|
||||
--bind ${cfg.listenAddress}:${toString cfg.port} \
|
||||
--path ${cfg.telemetryPath} \
|
||||
${optionalString (cfg.controlInterface != null) "--control-interface ${cfg.controlInterface}"} \
|
||||
${pkgs.prometheus-unbound-exporter}/bin/unbound_exporter \
|
||||
--unbound.host "${cfg.unbound.host}" \
|
||||
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
--web.telemetry-path ${cfg.telemetryPath} \
|
||||
${optionalString (cfg.unbound.ca != null) "--unbound.ca ${cfg.unbound.ca}"} \
|
||||
${optionalString (cfg.unbound.certificate != null) "--unbound.cert ${cfg.unbound.certificate}"} \
|
||||
${optionalString (cfg.unbound.key != null) "--unbound.key ${cfg.unbound.key}"} \
|
||||
${toString cfg.extraFlags}
|
||||
'';
|
||||
RestrictAddressFamilies = [
|
||||
# Need AF_UNIX to collect data
|
||||
"AF_UNIX"
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
];
|
||||
} // optionalAttrs (!config.services.unbound.enable) {
|
||||
DynamicUser = true;
|
||||
};
|
||||
}] ++ [
|
||||
(mkIf config.services.unbound.enable {
|
||||
|
@ -1422,8 +1422,7 @@ let
|
||||
unbound = {
|
||||
exporterConfig = {
|
||||
enable = true;
|
||||
fetchType = "uds";
|
||||
controlInterface = "/run/unbound/unbound.ctl";
|
||||
unbound.host = "unix:///run/unbound/unbound.ctl";
|
||||
};
|
||||
metricProvider = {
|
||||
services.unbound = {
|
||||
@ -1438,7 +1437,7 @@ let
|
||||
wait_for_unit("unbound.service")
|
||||
wait_for_unit("prometheus-unbound-exporter.service")
|
||||
wait_for_open_port(9167)
|
||||
succeed("curl -sSf localhost:9167/metrics | grep 'unbound_up 1'")
|
||||
wait_until_succeeds("curl -sSf localhost:9167/metrics | grep 'unbound_up 1'")
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -27299,9 +27299,7 @@ with pkgs;
|
||||
prometheus-sql-exporter = callPackage ../servers/monitoring/prometheus/sql-exporter.nix { };
|
||||
prometheus-systemd-exporter = callPackage ../servers/monitoring/prometheus/systemd-exporter.nix { };
|
||||
prometheus-tor-exporter = callPackage ../servers/monitoring/prometheus/tor-exporter.nix { };
|
||||
prometheus-unbound-exporter = callPackage ../servers/monitoring/prometheus/unbound-exporter.nix {
|
||||
inherit (darwin.apple_sdk.frameworks) Security;
|
||||
};
|
||||
prometheus-unbound-exporter = callPackage ../servers/monitoring/prometheus/unbound-exporter.nix { };
|
||||
prometheus-v2ray-exporter = callPackage ../servers/monitoring/prometheus/v2ray-exporter.nix { };
|
||||
prometheus-varnish-exporter = callPackage ../servers/monitoring/prometheus/varnish-exporter.nix { };
|
||||
prometheus-wireguard-exporter = callPackage ../servers/monitoring/prometheus/wireguard-exporter.nix {
|
||||
|
Loading…
Reference in New Issue
Block a user