nixos/prometheus/unbound-exporter: update for new package

The command line interface changed slightly, but still supports the TCP
as well as the UDS control interface.
This commit is contained in:
Martin Weinelt 2023-08-28 23:21:52 +02:00
parent c52b0593cf
commit 73c5a5a778
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759
4 changed files with 64 additions and 32 deletions

View File

@ -116,6 +116,9 @@
- The ISC DHCP package and corresponding module have been removed, because they are end of life upstream. See https://www.isc.org/blogs/isc-dhcp-eol/ for details and switch to a different DHCP implementation like kea or dnsmasq.
- `prometheus-unbound-exporter` has been replaced by the Let's Encrypt maintained version, since the previous version was archived. This requires some changes to the module configuration, most notable `controlInterface` needs migration
towards `unbound.host` and requires either the `tcp://` or `unix://` URI scheme.
- `odoo` now defaults to 16, updated from 15.
- `util-linux` is now supported on Darwin and is no longer an alias to `unixtools`. Use the `unixtools.util-linux` package for access to the Apple variants of the utilities.

View File

@ -1,4 +1,8 @@
{ config, lib, pkgs, options }:
{ config
, lib
, pkgs
, options
}:
with lib;
@ -6,17 +10,14 @@ let
cfg = config.services.prometheus.exporters.unbound;
in
{
imports = [
(mkRemovedOptionModule [ "controlInterface" ] "This option was removed, use the `unbound.host` option instead.")
(mkRemovedOptionModule [ "fetchType" ] "This option was removed, use the `unbound.host` option instead.")
({ options.warnings = options.warnings; options.assertions = options.assertions; })
];
port = 9167;
extraOpts = {
fetchType = mkOption {
# TODO: add shm when upstream implemented it
type = types.enum [ "tcp" "uds" ];
default = "uds";
description = lib.mdDoc ''
Which methods the exporter uses to get the information from unbound.
'';
};
telemetryPath = mkOption {
type = types.str;
default = "/metrics";
@ -25,34 +26,65 @@ in
'';
};
controlInterface = mkOption {
type = types.nullOr types.str;
default = null;
example = "/run/unbound/unbound.socket";
description = lib.mdDoc ''
Path to the unbound socket for uds mode or the control interface port for tcp mode.
unbound = {
ca = mkOption {
type = types.nullOr types.path;
default = "/var/lib/unbound/unbound_server.pem";
example = null;
description = ''
Path to the Unbound server certificate authority
'';
};
Example:
uds-mode: /run/unbound/unbound.socket
tcp-mode: 127.0.0.1:8953
'';
certificate = mkOption {
type = types.nullOr types.path;
default = "/var/lib/unbound/unbound_control.pem";
example = null;
description = ''
Path to the Unbound control socket certificate
'';
};
key = mkOption {
type = types.nullOr types.path;
default = "/var/lib/unbound/unbound_control.key";
example = null;
description = ''
Path to the Unbound control socket key.
'';
};
host = mkOption {
type = types.str;
default = "tcp://127.0.0.1:8953";
example = "unix:///run/unbound/unbound.socket";
description = lib.mdDoc ''
Path to the unbound control socket. Supports unix domain sockets, as well as the TCP interface.
'';
};
};
};
serviceOpts = mkMerge ([{
serviceConfig = {
User = "unbound"; # to access the unbound_control.key
ExecStart = ''
${pkgs.prometheus-unbound-exporter}/bin/unbound-telemetry \
${cfg.fetchType} \
--bind ${cfg.listenAddress}:${toString cfg.port} \
--path ${cfg.telemetryPath} \
${optionalString (cfg.controlInterface != null) "--control-interface ${cfg.controlInterface}"} \
${pkgs.prometheus-unbound-exporter}/bin/unbound_exporter \
--unbound.host "${cfg.unbound.host}" \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
--web.telemetry-path ${cfg.telemetryPath} \
${optionalString (cfg.unbound.ca != null) "--unbound.ca ${cfg.unbound.ca}"} \
${optionalString (cfg.unbound.certificate != null) "--unbound.cert ${cfg.unbound.certificate}"} \
${optionalString (cfg.unbound.key != null) "--unbound.key ${cfg.unbound.key}"} \
${toString cfg.extraFlags}
'';
RestrictAddressFamilies = [
# Need AF_UNIX to collect data
"AF_UNIX"
"AF_INET"
"AF_INET6"
];
} // optionalAttrs (!config.services.unbound.enable) {
DynamicUser = true;
};
}] ++ [
(mkIf config.services.unbound.enable {

View File

@ -1422,8 +1422,7 @@ let
unbound = {
exporterConfig = {
enable = true;
fetchType = "uds";
controlInterface = "/run/unbound/unbound.ctl";
unbound.host = "unix:///run/unbound/unbound.ctl";
};
metricProvider = {
services.unbound = {
@ -1438,7 +1437,7 @@ let
wait_for_unit("unbound.service")
wait_for_unit("prometheus-unbound-exporter.service")
wait_for_open_port(9167)
succeed("curl -sSf localhost:9167/metrics | grep 'unbound_up 1'")
wait_until_succeeds("curl -sSf localhost:9167/metrics | grep 'unbound_up 1'")
'';
};

View File

@ -27299,9 +27299,7 @@ with pkgs;
prometheus-sql-exporter = callPackage ../servers/monitoring/prometheus/sql-exporter.nix { };
prometheus-systemd-exporter = callPackage ../servers/monitoring/prometheus/systemd-exporter.nix { };
prometheus-tor-exporter = callPackage ../servers/monitoring/prometheus/tor-exporter.nix { };
prometheus-unbound-exporter = callPackage ../servers/monitoring/prometheus/unbound-exporter.nix {
inherit (darwin.apple_sdk.frameworks) Security;
};
prometheus-unbound-exporter = callPackage ../servers/monitoring/prometheus/unbound-exporter.nix { };
prometheus-v2ray-exporter = callPackage ../servers/monitoring/prometheus/v2ray-exporter.nix { };
prometheus-varnish-exporter = callPackage ../servers/monitoring/prometheus/varnish-exporter.nix { };
prometheus-wireguard-exporter = callPackage ../servers/monitoring/prometheus/wireguard-exporter.nix {