| blob | b801cde833d6e2b3ba9d718478d6ab3d084c8552 |
1 { config, pkgs, lib, ... }:
2 let
3 cfg = config.services.cadvisor;
5 in {
6 options = {
7 services.cadvisor = {
8 enable = lib.mkEnableOption "Cadvisor service";
10 listenAddress = lib.mkOption {
11 default = "127.0.0.1";
12 type = lib.types.str;
13 description = "Cadvisor listening host";
14 };
16 port = lib.mkOption {
17 default = 8080;
18 type = lib.types.port;
19 description = "Cadvisor listening port";
20 };
22 storageDriver = lib.mkOption {
23 default = null;
24 type = lib.types.nullOr lib.types.str;
25 example = "influxdb";
26 description = "Cadvisor storage driver.";
27 };
29 storageDriverHost = lib.mkOption {
30 default = "localhost:8086";
31 type = lib.types.str;
32 description = "Cadvisor storage driver host.";
33 };
35 storageDriverDb = lib.mkOption {
36 default = "root";
37 type = lib.types.str;
38 description = "Cadvisord storage driver database name.";
39 };
41 storageDriverUser = lib.mkOption {
42 default = "root";
43 type = lib.types.str;
44 description = "Cadvisor storage driver username.";
45 };
47 storageDriverPassword = lib.mkOption {
48 default = "root";
49 type = lib.types.str;
50 description = ''
51 Cadvisor storage driver password.
53 Warning: this password is stored in the world-readable Nix store. It's
54 recommended to use the {option}`storageDriverPasswordFile` option
55 since that gives you control over the security of the password.
56 {option}`storageDriverPasswordFile` also takes precedence over {option}`storageDriverPassword`.
57 '';
58 };
60 storageDriverPasswordFile = lib.mkOption {
61 type = lib.types.str;
62 description = ''
63 File that contains the cadvisor storage driver password.
65 {option}`storageDriverPasswordFile` takes precedence over {option}`storageDriverPassword`
67 Warning: when {option}`storageDriverPassword` is non-empty this defaults to a file in the
68 world-readable Nix store that contains the value of {option}`storageDriverPassword`.
70 It's recommended to override this with a path not in the Nix store.
71 Tip: use [nixops key management](https://nixos.org/nixops/manual/#idm140737318306400)
72 '';
73 };
75 storageDriverSecure = lib.mkOption {
76 default = false;
77 type = lib.types.bool;
78 description = "Cadvisor storage driver, enable secure communication.";
79 };
81 extraOptions = lib.mkOption {
82 type = lib.types.listOf lib.types.str;
83 default = [];
84 description = ''
85 Additional cadvisor options.
87 See <https://github.com/google/cadvisor/blob/master/docs/runtime_options.md> for available options.
88 '';
89 };
90 };
91 };
93 config = lib.mkMerge [
94 { services.cadvisor.storageDriverPasswordFile = lib.mkIf (cfg.storageDriverPassword != "") (
95 lib.mkDefault (toString (pkgs.writeTextFile {
96 name = "cadvisor-storage-driver-password";
97 text = cfg.storageDriverPassword;
98 }))
99 );
100 }
102 (lib.mkIf cfg.enable {
103 systemd.services.cadvisor = {
104 wantedBy = [ "multi-user.target" ];
105 after = [ "network.target" "docker.service" "influxdb.service" ];
107 path = lib.optionals config.boot.zfs.enabled [ pkgs.zfs ];
109 postStart = lib.mkBefore ''
110 until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do
111 sleep 1;
112 done
113 '';
115 script = ''
116 exec ${pkgs.cadvisor}/bin/cadvisor \
117 -logtostderr=true \
118 -listen_ip="${cfg.listenAddress}" \
119 -port="${toString cfg.port}" \
120 ${lib.escapeShellArgs cfg.extraOptions} \
121 ${lib.optionalString (cfg.storageDriver != null) ''
122 -storage_driver "${cfg.storageDriver}" \
123 -storage_driver_host "${cfg.storageDriverHost}" \
124 -storage_driver_db "${cfg.storageDriverDb}" \
125 -storage_driver_user "${cfg.storageDriverUser}" \
126 -storage_driver_password "$(cat "${cfg.storageDriverPasswordFile}")" \
127 ${lib.optionalString cfg.storageDriverSecure "-storage_driver_secure"}
128 ''}
129 '';
131 serviceConfig.TimeoutStartSec=300;
132 };
133 })
134 ];
135 }