| blob | 945a950ed85de24c652c780a55179b35d8cf09fa |
1 {
2 config,
3 lib,
4 pkgs,
5 options,
6 ...
7 }:
9 let
10 cfg = config.services.prometheus.exporters.pgbouncer;
11 inherit (lib)
12 mkOption
13 mkPackageOption
14 types
15 optionals
16 getExe
17 escapeShellArg
18 concatStringsSep
19 ;
20 in
21 {
22 port = 9127;
23 extraOpts = {
24 package = mkPackageOption pkgs "prometheus-pgbouncer-exporter" { };
26 telemetryPath = mkOption {
27 type = types.str;
28 default = "/metrics";
29 description = ''
30 Path under which to expose metrics.
31 '';
32 };
34 connectionString = mkOption {
35 type = types.nullOr types.str;
36 default = null;
37 example = "postgres://admin:@localhost:6432/pgbouncer?sslmode=require";
38 description = ''
39 Connection string for accessing pgBouncer.
41 NOTE: You MUST keep pgbouncer as database name (special internal db)!!!
43 NOTE: ignore_startup_parameters MUST contain "extra_float_digits".
45 NOTE: Admin user (with password or passwordless) MUST exist in the
46 auth_file if auth_type other than "any" is used.
48 WARNING: this secret is stored in the world-readable Nix store!
49 Use [](#opt-services.prometheus.exporters.pgbouncer.connectionEnvFile) if the
50 URL contains a secret.
51 '';
52 };
54 connectionEnvFile = mkOption {
55 type = types.nullOr types.str;
56 default = null;
57 description = ''
58 File that must contain the environment variable
59 `PGBOUNCER_EXPORTER_CONNECTION_STRING` which is set to the connection
60 string used by pgbouncer. I.e. the format is supposed to look like this:
62 ```
63 PGBOUNCER_EXPORTER_CONNECTION_STRING="postgres://admin@localhost:6432/pgbouncer?sslmode=require"
64 ```
66 NOTE: You MUST keep pgbouncer as database name (special internal db)!
67 NOTE: `services.pgbouncer.settings.pgbouncer.ignore_startup_parameters`
68 MUST contain "extra_float_digits".
70 Mutually exclusive with [](#opt-services.prometheus.exporters.pgbouncer.connectionString).
71 '';
72 };
74 pidFile = mkOption {
75 type = types.nullOr types.str;
76 default = null;
77 description = ''
78 Path to PgBouncer pid file.
80 If provided, the standard process metrics get exported for the PgBouncer
81 process, prefixed with 'pgbouncer_process_...'. The pgbouncer_process exporter
82 needs to have read access to files owned by the PgBouncer process. Depends on
83 the availability of /proc.
85 https://prometheus.io/docs/instrumenting/writing_clientlibs/#process-metrics.
87 '';
88 };
90 webSystemdSocket = mkOption {
91 type = types.bool;
92 default = false;
93 description = ''
94 Use systemd socket activation listeners instead of port listeners (Linux only).
95 '';
96 };
98 logLevel = mkOption {
99 type = types.enum [
100 "debug"
101 "info"
102 "warn"
103 "error"
104 ];
105 default = "info";
106 description = ''
107 Only log messages with the given severity or above.
108 '';
109 };
111 logFormat = mkOption {
112 type = types.enum [
113 "logfmt"
114 "json"
115 ];
116 default = "logfmt";
117 description = ''
118 Output format of log messages. One of: [logfmt, json]
119 '';
120 };
122 webConfigFile = mkOption {
123 type = types.nullOr types.path;
124 default = null;
125 description = ''
126 Path to configuration file that can enable TLS or authentication.
127 '';
128 };
130 extraFlags = mkOption {
131 type = types.listOf types.str;
132 default = [ ];
133 description = ''
134 Extra commandline options when launching Prometheus.
135 '';
136 };
138 };
140 serviceOpts = {
141 after = [ "pgbouncer.service" ];
142 script = concatStringsSep " " (
143 [
144 "exec -- ${escapeShellArg (getExe cfg.package)}"
145 "--web.listen-address ${cfg.listenAddress}:${toString cfg.port}"
146 ]
147 ++ optionals (cfg.connectionString != null) [
148 "--pgBouncer.connectionString ${escapeShellArg cfg.connectionString}"
149 ]
150 ++ optionals (cfg.telemetryPath != null) [
151 "--web.telemetry-path ${escapeShellArg cfg.telemetryPath}"
152 ]
153 ++ optionals (cfg.pidFile != null) [
154 "--pgBouncer.pid-file ${escapeShellArg cfg.pidFile}"
155 ]
156 ++ optionals (cfg.logLevel != null) [
157 "--log.level ${escapeShellArg cfg.logLevel}"
158 ]
159 ++ optionals (cfg.logFormat != null) [
160 "--log.format ${escapeShellArg cfg.logFormat}"
161 ]
162 ++ optionals (cfg.webSystemdSocket != false) [
163 "--web.systemd-socket ${escapeShellArg cfg.webSystemdSocket}"
164 ]
165 ++ optionals (cfg.webConfigFile != null) [
166 "--web.config.file ${escapeShellArg cfg.webConfigFile}"
167 ]
168 ++ cfg.extraFlags
169 );
171 serviceConfig.RestrictAddressFamilies = [
172 "AF_INET"
173 "AF_INET6"
174 "AF_UNIX"
175 ];
176 serviceConfig.EnvironmentFile = lib.mkIf (cfg.connectionEnvFile != null) [
177 cfg.connectionEnvFile
178 ];
179 };
181 imports = [
182 (lib.mkRemovedOptionModule [ "connectionStringFile" ] ''
183 As replacement, the option `services.prometheus.exporters.pgbouncer.connectionEnvFile`
184 has been added. In contrast to `connectionStringFile` it must be an environment file
185 with the connection string being set to `PGBOUNCER_EXPORTER_CONNECTION_STRING`.
187 The change was necessary since the former option wrote the contents of the file
188 into the cmdline of the exporter making the connection string effectively
189 world-readable.
190 '')
191 ({
192 options.warnings = options.warnings;
193 options.assertions = options.assertions;
194 })
195 ];
196 }