nixos/modules/services/monitoring/grafana-agent.nix

   1 { lib, pkgs, config, generators, ... }:
   2 with lib;
   3 let
   4   cfg = config.services.grafana-agent;
   5   settingsFormat = pkgs.formats.yaml { };
   6   configFile = settingsFormat.generate "grafana-agent.yaml" cfg.settings;
   7 in
   8 {
   9   meta = {
  10     maintainers = with maintainers; [ flokli zimbatm ];
  11   };
  12
  13   options.services.grafana-agent = {
  14     enable = mkEnableOption "grafana-agent";
  15
  16     package = mkPackageOption pkgs "grafana-agent" { };
  17
  18     credentials = mkOption {
  19       description = ''
  20         Credentials to load at service startup. Keys that are UPPER_SNAKE will be loaded as env vars. Values are absolute paths to the credentials.
  21       '';
  22       type = types.attrsOf types.str;
  23       default = { };
  24
  25       example = {
  26         logs_remote_write_password = "/run/keys/grafana_agent_logs_remote_write_password";
  27         LOGS_REMOTE_WRITE_URL = "/run/keys/grafana_agent_logs_remote_write_url";
  28         LOGS_REMOTE_WRITE_USERNAME = "/run/keys/grafana_agent_logs_remote_write_username";
  29         metrics_remote_write_password = "/run/keys/grafana_agent_metrics_remote_write_password";
  30         METRICS_REMOTE_WRITE_URL = "/run/keys/grafana_agent_metrics_remote_write_url";
  31         METRICS_REMOTE_WRITE_USERNAME = "/run/keys/grafana_agent_metrics_remote_write_username";
  32       };
  33     };
  34
  35     extraFlags = mkOption {
  36       type = with types; listOf str;
  37       default = [ ];
  38       example = [ "-enable-features=integrations-next" "-disable-reporting" ];
  39       description = ''
  40         Extra command-line flags passed to {command}`grafana-agent`.
  41
  42         See <https://grafana.com/docs/agent/latest/static/configuration/flags/>
  43       '';
  44     };
  45
  46     settings = mkOption {
  47       description = ''
  48         Configuration for {command}`grafana-agent`.
  49
  50         See <https://grafana.com/docs/agent/latest/configuration/>
  51       '';
  52
  53       type = types.submodule {
  54         freeformType = settingsFormat.type;
  55       };
  56
  57       default = { };
  58       defaultText = lib.literalExpression ''
  59         {
  60           metrics = {
  61             wal_directory = "\''${STATE_DIRECTORY}";
  62             global.scrape_interval = "5s";
  63           };
  64           integrations = {
  65             agent.enabled = true;
  66             agent.scrape_integration = true;
  67             node_exporter.enabled = true;
  68           };
  69         }
  70       '';
  71       example = {
  72         metrics.global.remote_write = [{
  73           url = "\${METRICS_REMOTE_WRITE_URL}";
  74           basic_auth.username = "\${METRICS_REMOTE_WRITE_USERNAME}";
  75           basic_auth.password_file = "\${CREDENTIALS_DIRECTORY}/metrics_remote_write_password";
  76         }];
  77         logs.configs = [{
  78           name = "default";
  79           scrape_configs = [
  80             {
  81               job_name = "journal";
  82               journal = {
  83                 max_age = "12h";
  84                 labels.job = "systemd-journal";
  85               };
  86               relabel_configs = [
  87                 {
  88                   source_labels = [ "__journal__systemd_unit" ];
  89                   target_label = "systemd_unit";
  90                 }
  91                 {
  92                   source_labels = [ "__journal__hostname" ];
  93                   target_label = "nodename";
  94                 }
  95                 {
  96                   source_labels = [ "__journal_syslog_identifier" ];
  97                   target_label = "syslog_identifier";
  98                 }
  99               ];
 100             }
 101           ];
 102           positions.filename = "\${STATE_DIRECTORY}/loki_positions.yaml";
 103           clients = [{
 104             url = "\${LOGS_REMOTE_WRITE_URL}";
 105             basic_auth.username = "\${LOGS_REMOTE_WRITE_USERNAME}";
 106             basic_auth.password_file = "\${CREDENTIALS_DIRECTORY}/logs_remote_write_password";
 107           }];
 108         }];
 109       };
 110     };
 111   };
 112
 113   config = mkIf cfg.enable {
 114     services.grafana-agent.settings = {
 115       # keep this in sync with config.services.grafana-agent.settings.defaultText.
 116       metrics = {
 117         wal_directory = mkDefault "\${STATE_DIRECTORY}";
 118         global.scrape_interval = mkDefault "5s";
 119       };
 120       integrations = {
 121         agent.enabled = mkDefault true;
 122         agent.scrape_integration = mkDefault true;
 123         node_exporter.enabled = mkDefault true;
 124       };
 125     };
 126
 127     systemd.services.grafana-agent = {
 128       wantedBy = [ "multi-user.target" ];
 129       script = ''
 130         set -euo pipefail
 131         shopt -u nullglob
 132
 133         # Load all credentials into env if they are in UPPER_SNAKE form.
 134         if [[ -n "''${CREDENTIALS_DIRECTORY:-}" ]]; then
 135           for file in "$CREDENTIALS_DIRECTORY"/*; do
 136             key=$(basename "$file")
 137             if [[ $key =~ ^[A-Z0-9_]+$ ]]; then
 138               echo "Environ $key"
 139               export "$key=$(< "$file")"
 140             fi
 141           done
 142         fi
 143
 144         # We can't use Environment=HOSTNAME=%H, as it doesn't include the domain part.
 145         export HOSTNAME=$(< /proc/sys/kernel/hostname)
 146
 147         exec ${lib.getExe cfg.package} -config.expand-env -config.file ${configFile} ${escapeShellArgs cfg.extraFlags}
 148       '';
 149       serviceConfig = {
 150         Restart = "always";
 151         DynamicUser = true;
 152         RestartSec = 2;
 153         SupplementaryGroups = [
 154           # allow to read the systemd journal for loki log forwarding
 155           "systemd-journal"
 156         ];
 157         StateDirectory = "grafana-agent";
 158         LoadCredential = lib.mapAttrsToList (key: value: "${key}:${value}") cfg.credentials;
 159         Type = "simple";
 160       };
 161     };
 162   };
 163 }