nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix

{ config, lib, pkgs, options }:

with lib;

let
  cfg = config.services.prometheus.exporters.wireguard;
in {
  port = 9586;
  imports = [
    (mkRenamedOptionModule [ "addr" ] [ "listenAddress" ])
    ({ options.warnings = options.warnings; options.assertions = options.assertions; })
  ];
  extraOpts = {
    verbose = mkEnableOption "Verbose logging mode for prometheus-wireguard-exporter";

    wireguardConfig = mkOption {
      type = with types; nullOr (either path str);
      default = null;

      description = ''
        Path to the Wireguard Config to
        <link xlink:href="https://github.com/MindFlavor/prometheus_wireguard_exporter/tree/2.0.0#usage">add the peer's name to the stats of a peer</link>.

        Please note that <literal>networking.wg-quick</literal> is required for this feature
        as <literal>networking.wireguard</literal> uses
        <citerefentry><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>
        to set the peers up.
      '';
    };

    singleSubnetPerField = mkOption {
      type = types.bool;
      default = false;
      description = ''
        By default, all allowed IPs and subnets are comma-separated in the
        <literal>allowed_ips</literal> field. With this option enabled,
        a single IP and subnet will be listed in fields like <literal>allowed_ip_0</literal>,
        <literal>allowed_ip_1</literal> and so on.
      '';
    };

    withRemoteIp = mkOption {
      type = types.bool;
      default = false;
      description = ''
        Whether or not the remote IP of a WireGuard peer should be exposed via prometheus.
      '';
    };
  };
  serviceOpts = {
    path = [ pkgs.wireguard-tools ];

    serviceConfig = {
      AmbientCapabilities = [ "CAP_NET_ADMIN" ];
      ExecStart = ''
        ${pkgs.prometheus-wireguard-exporter}/bin/prometheus_wireguard_exporter \
          -p ${toString cfg.port} \
          -l ${cfg.listenAddress} \
          ${optionalString cfg.verbose "-v"} \
          ${optionalString cfg.singleSubnetPerField "-s"} \
          ${optionalString cfg.withRemoteIp "-r"} \
          ${optionalString (cfg.wireguardConfig != null) "-n ${cfg.wireguardConfig}"}
      '';
    };
  };
}
nixos/prometheus-exporters: refactor imports, replace 'with lib;' Pass through 'options' to exporter definitions and replace 'with lib;' by explicit function imports. 2019-07-17 14:19:18 +02:00			`{ config, lib, pkgs, options }:`
prometheus-wireguard-exporter: init at 2.0.1 This is a simple exporter which exports the information provided by `wg show all dump` to prometheus. Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de> 2019-06-02 03:13:53 +02:00
			`with lib;`

			`let`
			`cfg = config.services.prometheus.exporters.wireguard;`
			`in {`
			`port = 9586;`
nixos/prometheus-wireguard-exporter: remove `addr` option This option was added by mistake since `listenAddress` exists by default for each prometheus-exporter. Using `services.prometheus.exporters.wireguard.addr` will now cause a warning, but doesn't break eval. 2019-10-13 12:12:58 +02:00			`imports = [`
			`(mkRenamedOptionModule [ "addr" ] [ "listenAddress" ])`
			`({ options.warnings = options.warnings; options.assertions = options.assertions; })`
			`];`
prometheus-wireguard-exporter: init at 2.0.1 This is a simple exporter which exports the information provided by `wg show all dump` to prometheus. Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de> 2019-06-02 03:13:53 +02:00			`extraOpts = {`
			`verbose = mkEnableOption "Verbose logging mode for prometheus-wireguard-exporter";`

			`wireguardConfig = mkOption {`
			`type = with types; nullOr (either path str);`
			`default = null;`

			`description = ''`
			`Path to the Wireguard Config to`
			`<link xlink:href="https://github.com/MindFlavor/prometheus_wireguard_exporter/tree/2.0.0#usage">add the peer's name to the stats of a peer</link>.`

			`Please note that <literal>networking.wg-quick</literal> is required for this feature`
			`as <literal>networking.wireguard</literal> uses`
			`<citerefentry><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>`
			`to set the peers up.`
			`'';`
			`};`
nixos/prometheus-exporters/wireguard: add support for `-s` switch Since version 3.0 all allowed IPs and subnets are exposed by the exporter. With `-s` set on the CLI, instead of a comma-separated list, each allowed IP and subnet will be in a single field with the schema `allowed_ip_<index>`. 2019-07-21 15:41:51 +02:00
			`singleSubnetPerField = mkOption {`
			`type = types.bool;`
			`default = false;`
			`description = ''`
			`By default, all allowed IPs and subnets are comma-separated in the`
			`<literal>allowed_ips</literal> field. With this option enabled,`
			`a single IP and subnet will be listed in fields like <literal>allowed_ip_0</literal>,`
			`<literal>allowed_ip_1</literal> and so on.`
			`'';`
			`};`
nixos/prometheus-wireguard-exporter: add support for `-r` switch With this switch activated, the exporter also exposes the remote IP of each active WireGuard peer. 2019-08-08 21:54:49 +02:00
			`withRemoteIp = mkOption {`
			`type = types.bool;`
			`default = false;`
			`description = ''`
			`Whether or not the remote IP of a WireGuard peer should be exposed via prometheus.`
			`'';`
			`};`
prometheus-wireguard-exporter: init at 2.0.1 This is a simple exporter which exports the information provided by `wg show all dump` to prometheus. Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de> 2019-06-02 03:13:53 +02:00			`};`
			`serviceOpts = {`
			`path = [ pkgs.wireguard-tools ];`

			`serviceConfig = {`
			`AmbientCapabilities = [ "CAP_NET_ADMIN" ];`
nixos/prometheus-wireguard-exporter: use ExecStart instead of script 2019-08-02 15:34:19 +02:00			`ExecStart = ''`
			`${pkgs.prometheus-wireguard-exporter}/bin/prometheus_wireguard_exporter \`
			`-p ${toString cfg.port} \`
nixos/prometheus-wireguard-exporter: remove `addr` option This option was added by mistake since `listenAddress` exists by default for each prometheus-exporter. Using `services.prometheus.exporters.wireguard.addr` will now cause a warning, but doesn't break eval. 2019-10-13 12:12:58 +02:00			`-l ${cfg.listenAddress} \`
nixos/prometheus-wireguard-exporter: use ExecStart instead of script 2019-08-02 15:34:19 +02:00			`${optionalString cfg.verbose "-v"} \`
			`${optionalString cfg.singleSubnetPerField "-s"} \`
nixos/prometheus-wireguard-exporter: add support for `-r` switch With this switch activated, the exporter also exposes the remote IP of each active WireGuard peer. 2019-08-08 21:54:49 +02:00			`${optionalString cfg.withRemoteIp "-r"} \`
nixos/prometheus-wireguard-exporter: use ExecStart instead of script 2019-08-02 15:34:19 +02:00			`${optionalString (cfg.wireguardConfig != null) "-n ${cfg.wireguardConfig}"}`
			`'';`
prometheus-wireguard-exporter: init at 2.0.1 This is a simple exporter which exports the information provided by `wg show all dump` to prometheus. Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de> 2019-06-02 03:13:53 +02:00			`};`
			`};`
			`}`