| blob | 9d6b51ad140d0f204c0a36f268a1d12573fb992b |
1 { config, lib, pkgs, options, ... }:
3 let
4 cfg = config.services.prometheus.exporters.node;
5 inherit (lib)
6 mkOption
7 types
8 concatStringsSep
9 concatMapStringsSep
10 any
11 optionals
12 ;
13 collectorIsEnabled = final: any (collector: (final == collector)) cfg.enabledCollectors;
14 collectorIsDisabled = final: any (collector: (final == collector)) cfg.disabledCollectors;
15 in
16 {
17 port = 9100;
18 extraOpts = {
19 enabledCollectors = mkOption {
20 type = types.listOf types.str;
21 default = [];
22 example = [ "systemd" ];
23 description = ''
24 Collectors to enable. The collectors listed here are enabled in addition to the default ones.
25 '';
26 };
27 disabledCollectors = mkOption {
28 type = types.listOf types.str;
29 default = [];
30 example = [ "timex" ];
31 description = ''
32 Collectors to disable which are enabled by default.
33 '';
34 };
35 };
36 serviceOpts = {
37 serviceConfig = {
38 DynamicUser = false;
39 RuntimeDirectory = "prometheus-node-exporter";
40 ExecStart = ''
41 ${pkgs.prometheus-node-exporter}/bin/node_exporter \
42 ${concatMapStringsSep " " (x: "--collector." + x) cfg.enabledCollectors} \
43 ${concatMapStringsSep " " (x: "--no-collector." + x) cfg.disabledCollectors} \
44 --web.listen-address ${cfg.listenAddress}:${toString cfg.port} ${concatStringsSep " " cfg.extraFlags}
45 '';
46 RestrictAddressFamilies = optionals (collectorIsEnabled "logind" || collectorIsEnabled "systemd") [
47 # needs access to dbus via unix sockets (logind/systemd)
48 "AF_UNIX"
49 ] ++ optionals (collectorIsEnabled "network_route" || collectorIsEnabled "wifi" || ! collectorIsDisabled "netdev") [
50 # needs netlink sockets for wireless collector
51 "AF_NETLINK"
52 ];
53 # The timex collector needs to access clock APIs
54 ProtectClock = collectorIsDisabled "timex";
55 # Allow space monitoring under /home
56 ProtectHome = true;
57 };
58 };
59 }