1 { config, pkgs, lib, ... }:
6 cfg = config.services.cadvisor;
11 enable = mkEnableOption (lib.mdDoc "Cadvisor service");
13 listenAddress = mkOption {
14 default = "127.0.0.1";
16 description = lib.mdDoc "Cadvisor listening host";
22 description = lib.mdDoc "Cadvisor listening port";
25 storageDriver = mkOption {
27 type = types.nullOr types.str;
29 description = lib.mdDoc "Cadvisor storage driver.";
32 storageDriverHost = mkOption {
33 default = "localhost:8086";
35 description = lib.mdDoc "Cadvisor storage driver host.";
38 storageDriverDb = mkOption {
41 description = lib.mdDoc "Cadvisord storage driver database name.";
44 storageDriverUser = mkOption {
47 description = lib.mdDoc "Cadvisor storage driver username.";
50 storageDriverPassword = mkOption {
53 description = lib.mdDoc ''
54 Cadvisor storage driver password.
56 Warning: this password is stored in the world-readable Nix store. It's
57 recommended to use the {option}`storageDriverPasswordFile` option
58 since that gives you control over the security of the password.
59 {option}`storageDriverPasswordFile` also takes precedence over {option}`storageDriverPassword`.
63 storageDriverPasswordFile = mkOption {
65 description = lib.mdDoc ''
66 File that contains the cadvisor storage driver password.
68 {option}`storageDriverPasswordFile` takes precedence over {option}`storageDriverPassword`
70 Warning: when {option}`storageDriverPassword` is non-empty this defaults to a file in the
71 world-readable Nix store that contains the value of {option}`storageDriverPassword`.
73 It's recommended to override this with a path not in the Nix store.
74 Tip: use [nixops key management](https://nixos.org/nixops/manual/#idm140737318306400)
78 storageDriverSecure = mkOption {
81 description = lib.mdDoc "Cadvisor storage driver, enable secure communication.";
84 extraOptions = mkOption {
85 type = types.listOf types.str;
87 description = lib.mdDoc ''
88 Additional cadvisor options.
90 See <https://github.com/google/cadvisor/blob/master/docs/runtime_options.md> for available options.
97 { services.cadvisor.storageDriverPasswordFile = mkIf (cfg.storageDriverPassword != "") (
98 mkDefault (toString (pkgs.writeTextFile {
99 name = "cadvisor-storage-driver-password";
100 text = cfg.storageDriverPassword;
106 systemd.services.cadvisor = {
107 wantedBy = [ "multi-user.target" ];
108 after = [ "network.target" "docker.service" "influxdb.service" ];
110 path = optionals config.boot.zfs.enabled [ pkgs.zfs ];
112 postStart = mkBefore ''
113 until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do
119 exec ${pkgs.cadvisor}/bin/cadvisor \
121 -listen_ip="${cfg.listenAddress}" \
122 -port="${toString cfg.port}" \
123 ${escapeShellArgs cfg.extraOptions} \
124 ${optionalString (cfg.storageDriver != null) ''
125 -storage_driver "${cfg.storageDriver}" \
126 -storage_driver_user "${cfg.storageDriverHost}" \
127 -storage_driver_db "${cfg.storageDriverDb}" \
128 -storage_driver_user "${cfg.storageDriverUser}" \
129 -storage_driver_password "$(cat "${cfg.storageDriverPasswordFile}")" \
130 ${optionalString cfg.storageDriverSecure "-storage_driver_secure"}
134 serviceConfig.TimeoutStartSec=300;