Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: ae94ce8ee3dd
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 6148b0e59f97
Choose a head ref
  • 3 commits
  • 3 files changed
  • 4 contributors

Commits on Sep 29, 2020

  1. prometheus exporters: always set user and group

    systemd.exec(5) on DynamicUser:
    > If a statically allocated user or group of the configured name
    > already exists, it is used and no dynamic user/group is allocated.
    
    Using DynamicUser while still setting a group name can be
    useful for granting access to resources that can otherwise only be
    accessed with entirely static IDs.
    lheckemann committed Sep 29, 2020
    Copy the full SHA
    2c1e72e View commit details
  2. nixos/prometheus-exporters/openvpn: init

    Co-Authored-By: Franz Pletz <fpletz@fnordicwalking.de>
    Co-Authored-By: Robin Gloster <mail@glob.in>
    3 people committed Sep 29, 2020
    Copy the full SHA
    a560936 View commit details

Commits on Sep 30, 2020

  1. Merge pull request #99079 from mayflower/openvpn-exporter-upstream

     nixos/prometheus-exporters/openvpn: init
    Ma27 authored Sep 30, 2020
    Copy the full SHA
    6148b0e View commit details
6 changes: 2 additions & 4 deletions nixos/modules/services/monitoring/prometheus/exporters.nix
Original file line number Diff line number Diff line change
@@ -38,6 +38,7 @@ let
"nextcloud"
"nginx"
"node"
"openvpn"
"postfix"
"postgres"
"redis"
@@ -101,15 +102,13 @@ let
default = "${name}-exporter";
description = ''
User name under which the ${name} exporter shall be run.
Has no effect when <option>systemd.services.prometheus-${name}-exporter.serviceConfig.DynamicUser</option> is true.
'';
};
group = mkOption {
type = types.str;
default = "${name}-exporter";
description = ''
Group under which the ${name} exporter shall be run.
Has no effect when <option>systemd.services.prometheus-${name}-exporter.serviceConfig.DynamicUser</option> is true.
'';
};
});
@@ -161,10 +160,9 @@ let
serviceConfig.PrivateTmp = mkDefault true;
serviceConfig.WorkingDirectory = mkDefault /tmp;
serviceConfig.DynamicUser = mkDefault enableDynamicUser;
} serviceOpts ] ++ optional (!enableDynamicUser) {
serviceConfig.User = conf.user;
serviceConfig.Group = conf.group;
});
} serviceOpts ]);
};
in
{
39 changes: 39 additions & 0 deletions nixos/modules/services/monitoring/prometheus/exporters/openvpn.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
{ config, pkgs, lib, ... }:

with lib;

let
cfg = config.services.prometheus.exporters.openvpn;
in {
port = 9176;
extraOpts = {
statusPaths = mkOption {
type = types.listOf types.str;
description = ''
Paths to OpenVPN status files. Please configure the OpenVPN option
<literal>status</literal> accordingly.
'';
};
telemetryPath = mkOption {
type = types.str;
default = "/metrics";
description = ''
Path under which to expose metrics.
'';
};
};

serviceOpts = {
serviceConfig = {
PrivateDevices = true;
ProtectKernelModules = true;
NoNewPrivileges = true;
ExecStart = ''
${pkgs.prometheus-openvpn-exporter}/bin/openvpn_exporter \
-openvpn.status_paths "${concatStringsSep "," cfg.statusPaths}" \
-web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
-web.telemetry-path ${cfg.telemetryPath}
'';
};
};
}
25 changes: 25 additions & 0 deletions nixos/tests/prometheus-exporters.nix
Original file line number Diff line number Diff line change
@@ -457,6 +457,31 @@ let
'';
};

openvpn = {
exporterConfig = {
enable = true;
group = "openvpn";
statusPaths = ["/run/openvpn-test"];
};
metricProvider = {
users.groups.openvpn = {};
services.openvpn.servers.test = {
config = ''
dev tun
status /run/openvpn-test
status-version 3
'';
up = "chmod g+r /run/openvpn-test";
};
systemd.services."openvpn-test".serviceConfig.Group = "openvpn";
};
exporterTest = ''
wait_for_unit("openvpn-test.service")
wait_for_unit("prometheus-openvpn-exporter.service")
succeed("curl -sSf http://localhost:9176/metrics | grep -q 'openvpn_up{.*} 1'")
'';
};

postfix = {
exporterConfig = {
enable = true;