| blob | d2245fb9306275e0760e0772054b9d97c9c41d30 |
1 {
2 config,
3 lib,
4 pkgs,
5 options,
6 ...
7 }:
9 let
10 cfg = config.services.prometheus.exporters.node;
11 inherit (lib)
12 mkOption
13 types
14 concatStringsSep
15 concatMapStringsSep
16 any
17 optionals
18 ;
19 collectorIsEnabled = final: any (collector: (final == collector)) cfg.enabledCollectors;
20 collectorIsDisabled = final: any (collector: (final == collector)) cfg.disabledCollectors;
21 in
22 {
23 port = 9100;
24 extraOpts = {
25 enabledCollectors = mkOption {
26 type = types.listOf types.str;
27 default = [ ];
28 example = [ "systemd" ];
29 description = ''
30 Collectors to enable. The collectors listed here are enabled in addition to the default ones.
31 '';
32 };
33 disabledCollectors = mkOption {
34 type = types.listOf types.str;
35 default = [ ];
36 example = [ "timex" ];
37 description = ''
38 Collectors to disable which are enabled by default.
39 '';
40 };
41 };
42 serviceOpts = {
43 serviceConfig = {
44 DynamicUser = false;
45 RuntimeDirectory = "prometheus-node-exporter";
46 ExecStart = ''
47 ${pkgs.prometheus-node-exporter}/bin/node_exporter \
48 ${concatMapStringsSep " " (x: "--collector." + x) cfg.enabledCollectors} \
49 ${concatMapStringsSep " " (x: "--no-collector." + x) cfg.disabledCollectors} \
50 --web.listen-address ${cfg.listenAddress}:${toString cfg.port} ${concatStringsSep " " cfg.extraFlags}
51 '';
52 RestrictAddressFamilies =
53 optionals (collectorIsEnabled "logind" || collectorIsEnabled "systemd") [
54 # needs access to dbus via unix sockets (logind/systemd)
55 "AF_UNIX"
56 ]
57 ++ optionals
58 (collectorIsEnabled "network_route" || collectorIsEnabled "wifi" || !collectorIsDisabled "netdev")
59 [
60 # needs netlink sockets for wireless collector
61 "AF_NETLINK"
62 ];
63 # The timex collector needs to access clock APIs
64 ProtectClock = collectorIsDisabled "timex";
65 # Allow space monitoring under /home
66 ProtectHome = true;
67 };
68 };
69 }