| blob | 1cdd8a78ea8ffe14e3d98bc6d14ac4a06a569f39 |
1 { config, lib, pkgs, ... }:
2 let
3 cfg = config.services.unpoller;
5 configFile = pkgs.writeText "unpoller.json" (lib.generators.toJSON {} {
6 inherit (cfg) poller influxdb loki prometheus unifi;
7 });
9 in {
10 imports = [
11 (lib.mkRenamedOptionModule [ "services" "unifi-poller" ] [ "services" "unpoller" ])
12 ];
14 options.services.unpoller = {
15 enable = lib.mkEnableOption "unpoller";
17 poller = {
18 debug = lib.mkOption {
19 type = lib.types.bool;
20 default = false;
21 description = ''
22 Turns on line numbers, microsecond logging, and a per-device log.
23 This may be noisy if you have a lot of devices. It adds one line per device.
24 '';
25 };
26 quiet = lib.mkOption {
27 type = lib.types.bool;
28 default = false;
29 description = ''
30 Turns off per-interval logs. Only startup and error logs will be emitted.
31 '';
32 };
33 plugins = lib.mkOption {
34 type = with lib.types; listOf str;
35 default = [];
36 description = ''
37 Load additional plugins.
38 '';
39 };
40 };
42 prometheus = {
43 disable = lib.mkOption {
44 type = lib.types.bool;
45 default = false;
46 description = ''
47 Whether to disable the prometheus output plugin.
48 '';
49 };
50 http_listen = lib.mkOption {
51 type = lib.types.str;
52 default = "[::]:9130";
53 description = ''
54 Bind the prometheus exporter to this IP or hostname.
55 '';
56 };
57 report_errors = lib.mkOption {
58 type = lib.types.bool;
59 default = false;
60 description = ''
61 Whether to report errors.
62 '';
63 };
64 };
66 influxdb = {
67 disable = lib.mkOption {
68 type = lib.types.bool;
69 default = false;
70 description = ''
71 Whether to disable the influxdb output plugin.
72 '';
73 };
74 url = lib.mkOption {
75 type = lib.types.str;
76 default = "http://127.0.0.1:8086";
77 description = ''
78 URL of the influxdb host.
79 '';
80 };
81 user = lib.mkOption {
82 type = lib.types.str;
83 default = "unifipoller";
84 description = ''
85 Username for the influxdb.
86 '';
87 };
88 pass = lib.mkOption {
89 type = lib.types.path;
90 default = pkgs.writeText "unpoller-influxdb-default.password" "unifipoller";
91 defaultText = lib.literalExpression "unpoller-influxdb-default.password";
92 description = ''
93 Path of a file containing the password for influxdb.
94 This file needs to be readable by the unifi-poller user.
95 '';
96 apply = v: "file://${v}";
97 };
98 db = lib.mkOption {
99 type = lib.types.str;
100 default = "unifi";
101 description = ''
102 Database name. Database should exist.
103 '';
104 };
105 verify_ssl = lib.mkOption {
106 type = lib.types.bool;
107 default = true;
108 description = ''
109 Verify the influxdb's certificate.
110 '';
111 };
112 interval = lib.mkOption {
113 type = lib.types.str;
114 default = "30s";
115 description = ''
116 Setting this lower than the Unifi controller's refresh
117 interval may lead to zeroes in your database.
118 '';
119 };
120 };
122 loki = {
123 url = lib.mkOption {
124 type = lib.types.str;
125 default = "";
126 description = ''
127 URL of the Loki host.
128 '';
129 };
130 user = lib.mkOption {
131 type = lib.types.str;
132 default = "";
133 description = ''
134 Username for Loki.
135 '';
136 };
137 pass = lib.mkOption {
138 type = lib.types.path;
139 default = pkgs.writeText "unpoller-loki-default.password" "";
140 defaultText = "unpoller-influxdb-default.password";
141 description = ''
142 Path of a file containing the password for Loki.
143 This file needs to be readable by the unifi-poller user.
144 '';
145 apply = v: "file://${v}";
146 };
147 verify_ssl = lib.mkOption {
148 type = lib.types.bool;
149 default = false;
150 description = ''
151 Verify Loki's certificate.
152 '';
153 };
154 tenant_id = lib.mkOption {
155 type = lib.types.str;
156 default = "";
157 description = ''
158 Tenant ID to use in Loki.
159 '';
160 };
161 interval = lib.mkOption {
162 type = lib.types.str;
163 default = "2m";
164 description = ''
165 How often the events are polled and pushed to Loki.
166 '';
167 };
168 timeout = lib.mkOption {
169 type = lib.types.str;
170 default = "10s";
171 description = ''
172 Should be increased in case of timeout errors.
173 '';
174 };
175 };
177 unifi = let
178 controllerOptions = {
179 user = lib.mkOption {
180 type = lib.types.str;
181 default = "unifi";
182 description = ''
183 Unifi service user name.
184 '';
185 };
186 pass = lib.mkOption {
187 type = lib.types.path;
188 default = pkgs.writeText "unpoller-unifi-default.password" "unifi";
189 defaultText = lib.literalExpression "unpoller-unifi-default.password";
190 description = ''
191 Path of a file containing the password for the unifi service user.
192 This file needs to be readable by the unifi-poller user.
193 '';
194 apply = v: "file://${v}";
195 };
196 url = lib.mkOption {
197 type = lib.types.str;
198 default = "https://unifi:8443";
199 description = ''
200 URL of the Unifi controller.
201 '';
202 };
203 sites = lib.mkOption {
204 type = with lib.types; either (enum [ "default" "all" ]) (listOf str);
205 default = "all";
206 description = ''
207 List of site names for which statistics should be exported.
208 Or the string "default" for the default site or the string "all" for all sites.
209 '';
210 apply = lib.toList;
211 };
212 save_ids = lib.mkOption {
213 type = lib.types.bool;
214 default = false;
215 description = ''
216 Collect and save data from the intrusion detection system to influxdb and Loki.
217 '';
218 };
219 save_events = lib.mkOption {
220 type = lib.types.bool;
221 default = false;
222 description = ''
223 Collect and save data from UniFi events to influxdb and Loki.
224 '';
225 };
226 save_alarms = lib.mkOption {
227 type = lib.types.bool;
228 default = false;
229 description = ''
230 Collect and save data from UniFi alarms to influxdb and Loki.
231 '';
232 };
233 save_anomalies = lib.mkOption {
234 type = lib.types.bool;
235 default = false;
236 description = ''
237 Collect and save data from UniFi anomalies to influxdb and Loki.
238 '';
239 };
240 save_dpi = lib.mkOption {
241 type = lib.types.bool;
242 default = false;
243 description = ''
244 Collect and save data from deep packet inspection.
245 Adds around 150 data points and impacts performance.
246 '';
247 };
248 save_sites = lib.mkOption {
249 type = lib.types.bool;
250 default = true;
251 description = ''
252 Collect and save site data.
253 '';
254 };
255 hash_pii = lib.mkOption {
256 type = lib.types.bool;
257 default = false;
258 description = ''
259 Hash, with md5, client names and MAC addresses. This attempts
260 to protect personally identifiable information.
261 '';
262 };
263 verify_ssl = lib.mkOption {
264 type = lib.types.bool;
265 default = true;
266 description = ''
267 Verify the Unifi controller's certificate.
268 '';
269 };
270 };
272 in {
273 dynamic = lib.mkOption {
274 type = lib.types.bool;
275 default = false;
276 description = ''
277 Let prometheus select which controller to poll when scraping.
278 Use with default credentials. See unifi-poller wiki for more.
279 '';
280 };
282 defaults = controllerOptions;
284 controllers = lib.mkOption {
285 type = with lib.types; listOf (submodule { options = controllerOptions; });
286 default = [];
287 description = ''
288 List of Unifi controllers to poll. Use defaults if empty.
289 '';
290 apply = map (lib.flip removeAttrs [ "_module" ]);
291 };
292 };
293 };
295 config = lib.mkIf cfg.enable {
296 users.groups.unifi-poller = { };
297 users.users.unifi-poller = {
298 description = "unifi-poller Service User";
299 group = "unifi-poller";
300 isSystemUser = true;
301 };
303 systemd.services.unifi-poller = {
304 wantedBy = [ "multi-user.target" ];
305 after = [ "network.target" ];
306 serviceConfig = {
307 ExecStart = "${pkgs.unpoller}/bin/unpoller --config ${configFile}";
308 Restart = "always";
309 PrivateTmp = true;
310 ProtectHome = true;
311 ProtectSystem = "full";
312 DevicePolicy = "closed";
313 NoNewPrivileges = true;
314 User = "unifi-poller";
315 WorkingDirectory = "/tmp";
316 };
317 };
318 };
319 }