mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-25 23:23:07 +00:00
197 lines
5.5 KiB
Nix
197 lines
5.5 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
let
|
|
cfg = config.services.prometheus.pushgateway;
|
|
|
|
cmdlineArgs =
|
|
opt "web.listen-address" cfg.web.listen-address
|
|
++ opt "web.telemetry-path" cfg.web.telemetry-path
|
|
++ opt "web.external-url" cfg.web.external-url
|
|
++ opt "web.route-prefix" cfg.web.route-prefix
|
|
++ lib.optional cfg.persistMetrics ''--persistence.file="/var/lib/${cfg.stateDir}/metrics"''
|
|
++ opt "persistence.interval" cfg.persistence.interval
|
|
++ opt "log.level" cfg.log.level
|
|
++ opt "log.format" cfg.log.format
|
|
++ cfg.extraFlags;
|
|
|
|
opt = k : v : lib.optional (v != null) ''--${k}="${v}"'';
|
|
|
|
in {
|
|
options = {
|
|
services.prometheus.pushgateway = {
|
|
enable = lib.mkEnableOption "Prometheus Pushgateway";
|
|
|
|
package = lib.mkPackageOption pkgs "prometheus-pushgateway" { };
|
|
|
|
web.listen-address = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
default = null;
|
|
description = ''
|
|
Address to listen on for the web interface, API and telemetry.
|
|
|
|
`null` will default to `:9091`.
|
|
'';
|
|
};
|
|
|
|
web.telemetry-path = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
default = null;
|
|
description = ''
|
|
Path under which to expose metrics.
|
|
|
|
`null` will default to `/metrics`.
|
|
'';
|
|
};
|
|
|
|
web.external-url = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
default = null;
|
|
description = ''
|
|
The URL under which Pushgateway is externally reachable.
|
|
'';
|
|
};
|
|
|
|
web.route-prefix = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
default = null;
|
|
description = ''
|
|
Prefix for the internal routes of web endpoints.
|
|
|
|
Defaults to the path of
|
|
{option}`services.prometheus.pushgateway.web.external-url`.
|
|
'';
|
|
};
|
|
|
|
persistence.interval = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
default = null;
|
|
example = "10m";
|
|
description = ''
|
|
The minimum interval at which to write out the persistence file.
|
|
|
|
`null` will default to `5m`.
|
|
'';
|
|
};
|
|
|
|
log.level = lib.mkOption {
|
|
type = lib.types.nullOr (lib.types.enum ["debug" "info" "warn" "error" "fatal"]);
|
|
default = null;
|
|
description = ''
|
|
Only log messages with the given severity or above.
|
|
|
|
`null` will default to `info`.
|
|
'';
|
|
};
|
|
|
|
log.format = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
default = null;
|
|
example = "logger:syslog?appname=bob&local=7";
|
|
description = ''
|
|
Set the log target and format.
|
|
|
|
`null` will default to `logger:stderr`.
|
|
'';
|
|
};
|
|
|
|
extraFlags = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [];
|
|
description = ''
|
|
Extra commandline options when launching the Pushgateway.
|
|
'';
|
|
};
|
|
|
|
persistMetrics = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = ''
|
|
Whether to persist metrics to a file.
|
|
|
|
When enabled metrics will be saved to a file called
|
|
`metrics` in the directory
|
|
`/var/lib/pushgateway`. The directory below
|
|
`/var/lib` can be set using
|
|
{option}`services.prometheus.pushgateway.stateDir`.
|
|
'';
|
|
};
|
|
|
|
stateDir = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "pushgateway";
|
|
description = ''
|
|
Directory below `/var/lib` to store metrics.
|
|
|
|
This directory will be created automatically using systemd's
|
|
StateDirectory mechanism when
|
|
{option}`services.prometheus.pushgateway.persistMetrics`
|
|
is enabled.
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
assertions = [
|
|
{
|
|
assertion = !lib.hasPrefix "/" cfg.stateDir;
|
|
message =
|
|
"The option services.prometheus.pushgateway.stateDir" +
|
|
" shouldn't be an absolute directory." +
|
|
" It should be a directory relative to /var/lib.";
|
|
}
|
|
];
|
|
systemd.services.pushgateway = {
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network.target" ];
|
|
serviceConfig = {
|
|
ExecStart = "${cfg.package}/bin/pushgateway" +
|
|
lib.optionalString (lib.length cmdlineArgs != 0) (" \\\n " +
|
|
lib.concatStringsSep " \\\n " cmdlineArgs);
|
|
|
|
CapabilityBoundingSet = [ "" ];
|
|
DeviceAllow = [ "" ];
|
|
DynamicUser = true;
|
|
NoNewPrivileges = true;
|
|
|
|
MemoryDenyWriteExecute = true;
|
|
|
|
LockPersonality = true;
|
|
|
|
ProtectProc = "invisible";
|
|
ProtectSystem = "strict";
|
|
ProtectHome = "tmpfs";
|
|
|
|
PrivateTmp = true;
|
|
PrivateDevices = true;
|
|
PrivateIPC = true;
|
|
|
|
ProcSubset = "pid";
|
|
|
|
ProtectHostname = true;
|
|
ProtectClock = true;
|
|
ProtectKernelTunables = true;
|
|
ProtectKernelModules = true;
|
|
ProtectKernelLogs = true;
|
|
ProtectControlGroups = true;
|
|
|
|
Restart = "always";
|
|
|
|
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
|
RestrictNamespaces = true;
|
|
RestrictRealtime = true;
|
|
RestrictSUIDSGID = true;
|
|
|
|
StateDirectory = if cfg.persistMetrics then cfg.stateDir else null;
|
|
SystemCallFilter = [
|
|
"@system-service"
|
|
"~@cpu-emulation"
|
|
"~@privileged"
|
|
"~@reboot"
|
|
"~@setuid"
|
|
"~@swap"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|