summary refs log tree commit diff
diff options
context:
space:
mode:
authorMaximilian Bosch <maximilian@mbosch.me>2020-09-30 15:37:03 +0200
committerGitHub <noreply@github.com>2020-09-30 15:37:03 +0200
commit6148b0e59f972fbab0818c06b2749b6c772e5d90 (patch)
treec7cd630945191f2cee7cb5506be24757f08f5d5a
parentae94ce8ee3dd5873d8aa31854a2734ca28ad5e9c (diff)
parenta560936cabdc339a75a6ab9d665f296880d0e39a (diff)
downloadnixpkgs-6148b0e59f972fbab0818c06b2749b6c772e5d90.tar
nixpkgs-6148b0e59f972fbab0818c06b2749b6c772e5d90.tar.gz
nixpkgs-6148b0e59f972fbab0818c06b2749b6c772e5d90.tar.bz2
nixpkgs-6148b0e59f972fbab0818c06b2749b6c772e5d90.tar.lz
nixpkgs-6148b0e59f972fbab0818c06b2749b6c772e5d90.tar.xz
nixpkgs-6148b0e59f972fbab0818c06b2749b6c772e5d90.tar.zst
nixpkgs-6148b0e59f972fbab0818c06b2749b6c772e5d90.zip
Merge pull request #99079 from mayflower/openvpn-exporter-upstream
 nixos/prometheus-exporters/openvpn: init
Diffstat
-rw-r--r--nixos/modules/services/monitoring/prometheus/exporters.nix6
-rw-r--r--nixos/modules/services/monitoring/prometheus/exporters/openvpn.nix39
-rw-r--r--nixos/tests/prometheus-exporters.nix25
3 files changed, 66 insertions, 4 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix
index 4d15fb12ff7..1233e5cdd1a 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters.nix
@@ -38,6 +38,7 @@ let
     "nextcloud"
     "nginx"
     "node"
+    "openvpn"
     "postfix"
     "postgres"
     "redis"
@@ -101,7 +102,6 @@ let
       default = "${name}-exporter";
       description = ''
         User name under which the ${name} exporter shall be run.
-        Has no effect when <option>systemd.services.prometheus-${name}-exporter.serviceConfig.DynamicUser</option> is true.
       '';
     };
     group = mkOption {
@@ -109,7 +109,6 @@ let
       default = "${name}-exporter";
       description = ''
         Group under which the ${name} exporter shall be run.
-        Has no effect when <option>systemd.services.prometheus-${name}-exporter.serviceConfig.DynamicUser</option> is true.
       '';
     };
   });
@@ -161,10 +160,9 @@ let
         serviceConfig.PrivateTmp = mkDefault true;
         serviceConfig.WorkingDirectory = mkDefault /tmp;
         serviceConfig.DynamicUser = mkDefault enableDynamicUser;
-      } serviceOpts ] ++ optional (!enableDynamicUser) {
         serviceConfig.User = conf.user;
         serviceConfig.Group = conf.group;
-      });
+      } serviceOpts ]);
   };
 in
 {
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/openvpn.nix b/nixos/modules/services/monitoring/prometheus/exporters/openvpn.nix
new file mode 100644
index 00000000000..a97a753ebc3
--- /dev/null
+++ b/nixos/modules/services/monitoring/prometheus/exporters/openvpn.nix
@@ -0,0 +1,39 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.services.prometheus.exporters.openvpn;
+in {
+  port = 9176;
+  extraOpts = {
+    statusPaths = mkOption {
+      type = types.listOf types.str;
+      description = ''
+        Paths to OpenVPN status files. Please configure the OpenVPN option
+        <literal>status</literal> accordingly.
+      '';
+    };
+    telemetryPath = mkOption {
+      type = types.str;
+      default = "/metrics";
+      description = ''
+        Path under which to expose metrics.
+      '';
+    };
+  };
+
+  serviceOpts = {
+    serviceConfig = {
+      PrivateDevices = true;
+      ProtectKernelModules = true;
+      NoNewPrivileges = true;
+      ExecStart = ''
+        ${pkgs.prometheus-openvpn-exporter}/bin/openvpn_exporter \
+          -openvpn.status_paths "${concatStringsSep "," cfg.statusPaths}" \
+          -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
+          -web.telemetry-path ${cfg.telemetryPath}
+      '';
+    };
+  };
+}
diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix
index 5b9fff5a4f2..ad2fff2b01f 100644
--- a/nixos/tests/prometheus-exporters.nix
+++ b/nixos/tests/prometheus-exporters.nix
@@ -457,6 +457,31 @@ let
       '';
     };
 
+    openvpn = {
+      exporterConfig = {
+        enable = true;
+        group = "openvpn";
+        statusPaths = ["/run/openvpn-test"];
+      };
+      metricProvider = {
+        users.groups.openvpn = {};
+        services.openvpn.servers.test = {
+          config = ''
+            dev tun
+            status /run/openvpn-test
+            status-version 3
+          '';
+          up = "chmod g+r /run/openvpn-test";
+        };
+        systemd.services."openvpn-test".serviceConfig.Group = "openvpn";
+      };
+      exporterTest = ''
+        wait_for_unit("openvpn-test.service")
+        wait_for_unit("prometheus-openvpn-exporter.service")
+        succeed("curl -sSf http://localhost:9176/metrics | grep -q 'openvpn_up{.*} 1'")
+      '';
+    };
+
     postfix = {
       exporterConfig = {
         enable = true;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-01 11:35:26 +0000