diff options
Diffstat (limited to 'nixos/modules/services/monitoring')
8 files changed, 192 insertions, 73 deletions
diff --git a/nixos/modules/services/monitoring/munin.nix b/nixos/modules/services/monitoring/munin.nix index ff9604c7dbc..2b265d5b5a9 100644 --- a/nixos/modules/services/monitoring/munin.nix +++ b/nixos/modules/services/monitoring/munin.nix @@ -5,8 +5,8 @@ # TODO: support fastcgi # http://munin-monitoring.org/wiki/CgiHowto2 -# spawn-fcgi -s /var/run/munin/fastcgi-graph.sock -U www-data -u munin -g munin /usr/lib/munin/cgi/munin-cgi-graph -# spawn-fcgi -s /var/run/munin/fastcgi-html.sock -U www-data -u munin -g munin /usr/lib/munin/cgi/munin-cgi-html +# spawn-fcgi -s /run/munin/fastcgi-graph.sock -U www-data -u munin -g munin /usr/lib/munin/cgi/munin-cgi-graph +# spawn-fcgi -s /run/munin/fastcgi-html.sock -U www-data -u munin -g munin /usr/lib/munin/cgi/munin-cgi-html # https://paste.sh/vofcctHP#-KbDSXVeWoifYncZmLfZzgum # nginx http://munin.readthedocs.org/en/latest/example/webserver/nginx.html @@ -22,7 +22,7 @@ let dbdir /var/lib/munin htmldir /var/www/munin logdir /var/log/munin - rundir /var/run/munin + rundir /run/munin ${cronCfg.extraGlobalConfig} @@ -170,7 +170,7 @@ in wantedBy = [ "multi-user.target" ]; path = with pkgs; [ munin smartmontools "/run/current-system/sw" "/run/wrappers" ]; environment.MUNIN_LIBDIR = "${pkgs.munin}/lib"; - environment.MUNIN_PLUGSTATE = "/var/run/munin"; + environment.MUNIN_PLUGSTATE = "/run/munin"; environment.MUNIN_LOGDIR = "/var/log/munin"; preStart = '' echo "updating munin plugins..." @@ -188,7 +188,7 @@ in }; # munin_stats plugin breaks as of 2.0.33 when this doesn't exist - systemd.tmpfiles.rules = [ "d /var/run/munin 0755 munin munin -" ]; + systemd.tmpfiles.rules = [ "d /run/munin 0755 munin munin -" ]; }) (mkIf cronCfg.enable { @@ -210,7 +210,7 @@ in }; systemd.tmpfiles.rules = [ - "d /var/run/munin 0755 munin munin -" + "d /run/munin 0755 munin munin -" "d /var/log/munin 0755 munin munin -" "d /var/www/munin 0755 munin munin -" "d /var/lib/munin 0755 munin munin -" diff --git a/nixos/modules/services/monitoring/prometheus/alertmanager.nix b/nixos/modules/services/monitoring/prometheus/alertmanager.nix index 8a47c9f1e7d..8a44cf7fd8f 100644 --- a/nixos/modules/services/monitoring/prometheus/alertmanager.nix +++ b/nixos/modules/services/monitoring/prometheus/alertmanager.nix @@ -9,6 +9,15 @@ let if cfg.configText != null then pkgs.writeText "alertmanager.yml" cfg.configText else mkConfigFile; + cmdlineArgs = cfg.extraFlags ++ [ + "--config.file ${alertmanagerYml}" + "--web.listen-address ${cfg.listenAddress}:${toString cfg.port}" + "--log.level ${cfg.logLevel}" + ] ++ (optional (cfg.webExternalUrl != null) + "--web.external-url ${cfg.webExternalUrl}" + ) ++ (optional (cfg.logFormat != null) + "--log.format ${cfg.logFormat}" + ); in { options = { services.prometheus.alertmanager = { @@ -99,6 +108,14 @@ in { Open port in firewall for incoming connections. ''; }; + + extraFlags = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Extra commandline options when launching the Alertmanager. + ''; + }; }; }; @@ -111,11 +128,7 @@ in { after = [ "network.target" ]; script = '' ${pkgs.prometheus-alertmanager.bin}/bin/alertmanager \ - --config.file ${alertmanagerYml} \ - --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ - --log.level ${cfg.logLevel} \ - ${optionalString (cfg.webExternalUrl != null) ''--web.external-url ${cfg.webExternalUrl} \''} - ${optionalString (cfg.logFormat != null) "--log.format ${cfg.logFormat}"} + ${concatStringsSep " \\\n " cmdlineArgs} ''; serviceConfig = { diff --git a/nixos/modules/services/monitoring/prometheus/default.nix b/nixos/modules/services/monitoring/prometheus/default.nix index 5dda763bd56..e2ee995cea8 100644 --- a/nixos/modules/services/monitoring/prometheus/default.nix +++ b/nixos/modules/services/monitoring/prometheus/default.nix @@ -39,6 +39,7 @@ let "-alertmanager.notification-queue-capacity=${toString cfg.alertmanagerNotificationQueueCapacity}" "-alertmanager.timeout=${toString cfg.alertmanagerTimeout}s" (optionalString (cfg.alertmanagerURL != []) "-alertmanager.url=${concatStringsSep "," cfg.alertmanagerURL}") + (optionalString (cfg.webExternalUrl != null) "-web.external-url=${cfg.webExternalUrl}") ]; promTypes.globalConfig = types.submodule { @@ -467,6 +468,16 @@ in { Alert manager HTTP API timeout (in seconds). ''; }; + + webExternalUrl = mkOption { + type = types.nullOr types.str; + default = null; + example = "https://example.com/"; + description = '' + The URL under which Prometheus is externally reachable (for example, + if Prometheus is served via a reverse proxy). + ''; + }; }; }; diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index 1d5f400250f..950af848c0f 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -30,6 +30,7 @@ let postfix = import ./exporters/postfix.nix { inherit config lib pkgs; }; snmp = import ./exporters/snmp.nix { inherit config lib pkgs; }; surfboard = import ./exporters/surfboard.nix { inherit config lib pkgs; }; + tor = import ./exporters/tor.nix { inherit config lib pkgs; }; unifi = import ./exporters/unifi.nix { inherit config lib pkgs; }; varnish = import ./exporters/varnish.nix { inherit config lib pkgs; }; }; @@ -123,15 +124,13 @@ let systemd.services."prometheus-${name}-exporter" = mkMerge ([{ wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - serviceConfig = { - Restart = mkDefault "always"; - PrivateTmp = mkDefault true; - WorkingDirectory = mkDefault /tmp; - } // mkIf (!(serviceOpts.serviceConfig.DynamicUser or false)) { - User = conf.user; - Group = conf.group; - }; - } serviceOpts ]); + serviceConfig.Restart = mkDefault "always"; + serviceConfig.PrivateTmp = mkDefault true; + serviceConfig.WorkingDirectory = mkDefault /tmp; + } serviceOpts ] ++ optional (serviceOpts.serviceConfig.DynamicUser or false) { + serviceConfig.User = conf.user; + serviceConfig.Group = conf.group; + }); }; in { @@ -172,5 +171,8 @@ in }) exporterOpts) ); - meta.doc = ./exporters.xml; + meta = { + doc = ./exporters.xml; + maintainers = [ maintainers.willibutz ]; + }; } diff --git a/nixos/modules/services/monitoring/prometheus/exporters.xml b/nixos/modules/services/monitoring/prometheus/exporters.xml index be86abb74b4..7a0a1bdf2c1 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.xml +++ b/nixos/modules/services/monitoring/prometheus/exporters.xml @@ -3,13 +3,19 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="module-services-prometheus-exporters"> + <title>Prometheus exporters</title> + <para> + Prometheus exporters provide metrics for the + <link xlink:href="https://prometheus.io">prometheus monitoring system</link>. + </para> + <section xml:id="module-services-prometheus-exporters-configuration"> + <title>Configuration</title> -<title>Prometheus exporters</title> - -<para>Prometheus exporters provide metrics for the <link xlink:href="https://prometheus.io">prometheus monitoring system</link>.</para> - -<section xml:id="module-services-prometheus-exporters-configuration"><title>Configuration</title> - <para>One of the most common exporters is the <link xlink:href="https://github.com/prometheus/node_exporter">node exporter</link>, it provides hardware and OS metrics from the host it's running on. The exporter could be configured as follows: + <para> + One of the most common exporters is the + <link xlink:href="https://github.com/prometheus/node_exporter">node + exporter</link>, it provides hardware and OS metrics from the host it's + running on. The exporter could be configured as follows: <programlisting> services.promtheus.exporters.node = { enable = true; @@ -24,43 +30,88 @@ firewallFilter = "-i br0 -p tcp -m tcp --dport 9100"; }; </programlisting> -It should now serve all metrics from the collectors -that are explicitly enabled and the ones that are -<link xlink:href="https://github.com/prometheus/node_exporter#enabled-by-default">enabled by default</link>, via http under <literal>/metrics</literal>. In this example the firewall should just -allow incoming connections to the exporter's port on the bridge interface <literal>br0</literal> -(this would have to be configured seperately of course). -For more information about configuration see <literal>man configuration.nix</literal> or -search through the <link xlink:href="https://nixos.org/nixos/options.html#prometheus.exporters">available options</link>. -</para> -</section> -<section xml:id="module-services-prometheus-exporters-new-exporter"><title>Adding a new exporter</title> - <para>To add a new exporter, it has to be packaged first (see <literal>nixpkgs/pkgs/servers/monitoring/prometheus/</literal> for examples), then a module can be added. The postfix exporter is used in this example:</para> -<itemizedlist> - <listitem> + It should now serve all metrics from the collectors that are explicitly + enabled and the ones that are + <link xlink:href="https://github.com/prometheus/node_exporter#enabled-by-default">enabled + by default</link>, via http under <literal>/metrics</literal>. In this + example the firewall should just allow incoming connections to the + exporter's port on the bridge interface <literal>br0</literal> (this would + have to be configured seperately of course). For more information about + configuration see <literal>man configuration.nix</literal> or search through + the + <link xlink:href="https://nixos.org/nixos/options.html#prometheus.exporters">available + options</link>. + </para> + </section> + <section xml:id="module-services-prometheus-exporters-new-exporter"> + <title>Adding a new exporter</title> + + <para> + To add a new exporter, it has to be packaged first (see + <literal>nixpkgs/pkgs/servers/monitoring/prometheus/</literal> for + examples), then a module can be added. The postfix exporter is used in this + example: + </para> + + <itemizedlist> + <listitem> <para> - Some default options for all exporters are provided by - <literal>nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix</literal>: + Some default options for all exporters are provided by + <literal>nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix</literal>: </para> - </listitem> - <listitem override='none'> + </listitem> + <listitem override='none'> <itemizedlist> - <listitem><para><literal>enable</literal></para></listitem> - <listitem><para><literal>port</literal></para></listitem> - <listitem><para><literal>listenAddress</literal></para></listitem> - <listitem><para><literal>extraFlags</literal></para></listitem> - <listitem><para><literal>openFirewall</literal></para></listitem> - <listitem><para><literal>firewallFilter</literal></para></listitem> - <listitem><para><literal>user</literal></para></listitem> - <listitem><para><literal>group</literal></para></listitem> + <listitem> + <para> + <literal>enable</literal> + </para> + </listitem> + <listitem> + <para> + <literal>port</literal> + </para> + </listitem> + <listitem> + <para> + <literal>listenAddress</literal> + </para> + </listitem> + <listitem> + <para> + <literal>extraFlags</literal> + </para> + </listitem> + <listitem> + <para> + <literal>openFirewall</literal> + </para> + </listitem> + <listitem> + <para> + <literal>firewallFilter</literal> + </para> + </listitem> + <listitem> + <para> + <literal>user</literal> + </para> + </listitem> + <listitem> + <para> + <literal>group</literal> + </para> + </listitem> </itemizedlist> - </listitem> - <listitem> - <para>As there is already a package available, the module can now be added. - This is accomplished by adding a new file to the - <literal>nixos/modules/services/monitoring/prometheus/exporters/</literal> directory, - which will be called postfix.nix and contains all exporter specific options - and configuration: - <programlisting> + </listitem> + <listitem> + <para> + As there is already a package available, the module can now be added. This + is accomplished by adding a new file to the + <literal>nixos/modules/services/monitoring/prometheus/exporters/</literal> + directory, which will be called postfix.nix and contains all exporter + specific options and configuration: +<programlisting> # nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix { config, lib, pkgs }: @@ -121,15 +172,16 @@ search through the <link xlink:href="https://nixos.org/nixos/options.html#promet } </programlisting> </para> - </listitem> - <listitem> + </listitem> + <listitem> <para> - This should already be enough for the postfix exporter. Additionally one could - now add assertions and conditional default values. This can be done in the - 'meta-module' that combines all exporter definitions and generates the submodules: - <literal>nixpkgs/nixos/modules/services/prometheus/exporters.nix</literal> + This should already be enough for the postfix exporter. Additionally one + could now add assertions and conditional default values. This can be done + in the 'meta-module' that combines all exporter definitions and generates + the submodules: + <literal>nixpkgs/nixos/modules/services/prometheus/exporters.nix</literal> </para> - </listitem> -</itemizedlist> -</section> + </listitem> + </itemizedlist> + </section> </chapter> diff --git a/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix b/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix index 404cd0a1896..0d919412432 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix @@ -60,10 +60,10 @@ in DynamicUser = true; ExecStart = '' ${pkgs.prometheus-snmp-exporter.bin}/bin/snmp_exporter \ - -config.file ${configFile} \ - -log.format ${cfg.logFormat} \ - -log.level ${cfg.logLevel} \ - -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ + --config.file=${configFile} \ + --log.format=${cfg.logFormat} \ + --log.level=${cfg.logLevel} \ + --web.listen-address=${cfg.listenAddress}:${toString cfg.port} \ ${concatStringsSep " \\\n " cfg.extraFlags} ''; }; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/tor.nix b/nixos/modules/services/monitoring/prometheus/exporters/tor.nix new file mode 100644 index 00000000000..0e2a13c44ab --- /dev/null +++ b/nixos/modules/services/monitoring/prometheus/exporters/tor.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs }: + +with lib; + +let + cfg = config.services.prometheus.exporters.tor; +in +{ + port = 9130; + extraOpts = { + torControlAddress = mkOption { + type = types.str; + default = "127.0.0.1"; + description = '' + Tor control IP address or hostname. + ''; + }; + + torControlPort = mkOption { + type = types.int; + default = 9051; + description = '' + Tor control port. + ''; + }; + }; + serviceOpts = { + serviceConfig = { + DynamicUser = true; + ExecStart = '' + ${pkgs.prometheus-tor-exporter}/bin/prometheus-tor-exporter \ + -b ${cfg.listenAddress} \ + -p ${toString cfg.port} \ + -a ${cfg.torControlAddress} \ + -c ${toString cfg.torControlPort} \ + ${concatStringsSep " \\\n " cfg.extraFlags} + ''; + }; + }; +} diff --git a/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix b/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix index 8dbf2d735ab..aaed76175b8 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix @@ -69,6 +69,7 @@ in path = [ pkgs.varnish ]; serviceConfig = { DynamicUser = true; + RestartSec = mkDefault 1; ExecStart = '' ${pkgs.prometheus-varnish-exporter}/bin/prometheus_varnish_exporter \ --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ |