| blob | 5c111687c1d75da08b16c3f0d21968e72d76e14c |
1 { config, lib, pkgs, options, ... }:
3 let
4 cfg = config.services.prometheus.exporters.pgbouncer;
5 inherit (lib)
6 mkOption
7 mkPackageOption
8 types
9 optionals
10 getExe
11 escapeShellArg
12 concatStringsSep
13 ;
14 in
15 {
16 port = 9127;
17 extraOpts = {
18 package = mkPackageOption pkgs "prometheus-pgbouncer-exporter" { };
20 telemetryPath = mkOption {
21 type = types.str;
22 default = "/metrics";
23 description = ''
24 Path under which to expose metrics.
25 '';
26 };
28 connectionString = mkOption {
29 type = types.nullOr types.str;
30 default = null;
31 example = "postgres://admin:@localhost:6432/pgbouncer?sslmode=require";
32 description = ''
33 Connection string for accessing pgBouncer.
35 NOTE: You MUST keep pgbouncer as database name (special internal db)!!!
37 NOTE: ignore_startup_parameters MUST contain "extra_float_digits".
39 NOTE: Admin user (with password or passwordless) MUST exist in the
40 auth_file if auth_type other than "any" is used.
42 WARNING: this secret is stored in the world-readable Nix store!
43 Use [](#opt-services.prometheus.exporters.pgbouncer.connectionEnvFile) if the
44 URL contains a secret.
45 '';
46 };
48 connectionEnvFile = mkOption {
49 type = types.nullOr types.str;
50 default = null;
51 description = ''
52 File that must contain the environment variable
53 `PGBOUNCER_EXPORTER_CONNECTION_STRING` which is set to the connection
54 string used by pgbouncer. I.e. the format is supposed to look like this:
56 ```
57 PGBOUNCER_EXPORTER_CONNECTION_STRING="postgres://admin@localhost:6432/pgbouncer?sslmode=require"
58 ```
60 NOTE: You MUST keep pgbouncer as database name (special internal db)!
61 NOTE: `services.pgbouncer.settings.pgbouncer.ignore_startup_parameters`
62 MUST contain "extra_float_digits".
64 Mutually exclusive with [](#opt-services.prometheus.exporters.pgbouncer.connectionString).
65 '';
66 };
68 pidFile = mkOption {
69 type = types.nullOr types.str;
70 default = null;
71 description = ''
72 Path to PgBouncer pid file.
74 If provided, the standard process metrics get exported for the PgBouncer
75 process, prefixed with 'pgbouncer_process_...'. The pgbouncer_process exporter
76 needs to have read access to files owned by the PgBouncer process. Depends on
77 the availability of /proc.
79 https://prometheus.io/docs/instrumenting/writing_clientlibs/#process-metrics.
81 '';
82 };
84 webSystemdSocket = mkOption {
85 type = types.bool;
86 default = false;
87 description = ''
88 Use systemd socket activation listeners instead of port listeners (Linux only).
89 '';
90 };
92 logLevel = mkOption {
93 type = types.enum [ "debug" "info" "warn" "error" ];
94 default = "info";
95 description = ''
96 Only log messages with the given severity or above.
97 '';
98 };
100 logFormat = mkOption {
101 type = types.enum [ "logfmt" "json" ];
102 default = "logfmt";
103 description = ''
104 Output format of log messages. One of: [logfmt, json]
105 '';
106 };
108 webConfigFile = mkOption {
109 type = types.nullOr types.path;
110 default = null;
111 description = ''
112 Path to configuration file that can enable TLS or authentication.
113 '';
114 };
116 extraFlags = mkOption {
117 type = types.listOf types.str;
118 default = [ ];
119 description = ''
120 Extra commandline options when launching Prometheus.
121 '';
122 };
124 };
126 serviceOpts = {
127 after = [ "pgbouncer.service" ];
128 script = concatStringsSep " " ([
129 "exec -- ${escapeShellArg (getExe cfg.package)}"
130 "--web.listen-address ${cfg.listenAddress}:${toString cfg.port}"
131 ] ++ optionals (cfg.connectionString != null) [
132 "--pgBouncer.connectionString ${escapeShellArg cfg.connectionString}"
133 ] ++ optionals (cfg.telemetryPath != null) [
134 "--web.telemetry-path ${escapeShellArg cfg.telemetryPath}"
135 ] ++ optionals (cfg.pidFile != null) [
136 "--pgBouncer.pid-file ${escapeShellArg cfg.pidFile}"
137 ] ++ optionals (cfg.logLevel != null) [
138 "--log.level ${escapeShellArg cfg.logLevel}"
139 ] ++ optionals (cfg.logFormat != null) [
140 "--log.format ${escapeShellArg cfg.logFormat}"
141 ] ++ optionals (cfg.webSystemdSocket != false) [
142 "--web.systemd-socket ${escapeShellArg cfg.webSystemdSocket}"
143 ] ++ optionals (cfg.webConfigFile != null) [
144 "--web.config.file ${escapeShellArg cfg.webConfigFile}"
145 ] ++ cfg.extraFlags);
147 serviceConfig.RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
148 serviceConfig.EnvironmentFile = lib.mkIf (cfg.connectionEnvFile != null) [
149 cfg.connectionEnvFile
150 ];
151 };
153 imports = [
154 (lib.mkRemovedOptionModule [ "connectionStringFile" ] ''
155 As replacement, the option `services.prometheus.exporters.pgbouncer.connectionEnvFile`
156 has been added. In contrast to `connectionStringFile` it must be an environment file
157 with the connection string being set to `PGBOUNCER_EXPORTER_CONNECTION_STRING`.
159 The change was necessary since the former option wrote the contents of the file
160 into the cmdline of the exporter making the connection string effectively
161 world-readable.
162 '')
163 ({ options.warnings = options.warnings; options.assertions = options.assertions; })
164 ];
165 }