153 lines
4.8 KiB
Nix
153 lines
4.8 KiB
Nix
|
{ lib, pkgs, config, generators, ... }:
|
||
|
with lib;
|
||
|
let
|
||
|
cfg = config.services.grafana-agent;
|
||
|
settingsFormat = pkgs.formats.yaml { };
|
||
|
configFile = settingsFormat.generate "grafana-agent.yaml" cfg.settings;
|
||
|
in
|
||
|
{
|
||
|
meta = {
|
||
|
maintainers = with maintainers; [ zimbatm ];
|
||
|
};
|
||
|
|
||
|
options.services.grafana-agent = {
|
||
|
enable = mkEnableOption "grafana-agent";
|
||
|
|
||
|
package = mkOption {
|
||
|
type = types.package;
|
||
|
default = pkgs.grafana-agent;
|
||
|
defaultText = "pkgs.grafana-agent";
|
||
|
description = "The grafana-agent package to use.";
|
||
|
};
|
||
|
|
||
|
credentials = mkOption {
|
||
|
description = ''
|
||
|
Credentials to load at service startup. Keys that are UPPER_SNAKE will be loaded as env vars. Values are absolute paths to the credentials.
|
||
|
'';
|
||
|
type = types.attrsOf types.str;
|
||
|
default = { };
|
||
|
|
||
|
example = {
|
||
|
logs_remote_write_password = "/run/keys/grafana_agent_logs_remote_write_password";
|
||
|
LOGS_REMOTE_WRITE_URL = "/run/keys/grafana_agent_logs_remote_write_url";
|
||
|
LOGS_REMOTE_WRITE_USERNAME = "/run/keys/grafana_agent_logs_remote_write_username";
|
||
|
metrics_remote_write_password = "/run/keys/grafana_agent_metrics_remote_write_password";
|
||
|
METRICS_REMOTE_WRITE_URL = "/run/keys/grafana_agent_metrics_remote_write_url";
|
||
|
METRICS_REMOTE_WRITE_USERNAME = "/run/keys/grafana_agent_metrics_remote_write_username";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
settings = mkOption {
|
||
|
description = ''
|
||
|
Configuration for <package>grafana-agent</package>.
|
||
|
|
||
|
See https://grafana.com/docs/agent/latest/configuration/
|
||
|
'';
|
||
|
|
||
|
type = types.submodule {
|
||
|
freeformType = settingsFormat.type;
|
||
|
};
|
||
|
|
||
|
default = {
|
||
|
server = {
|
||
|
# Don't bind on 0.0.0.0
|
||
|
grpc_listen_address = "127.0.0.1";
|
||
|
http_listen_address = "127.0.0.1";
|
||
|
# Don't bind on the default port 80
|
||
|
http_listen_port = 9090;
|
||
|
};
|
||
|
prometheus = {
|
||
|
wal_directory = "\${STATE_DIRECTORY}";
|
||
|
global.scrape_interval = "5s";
|
||
|
};
|
||
|
integrations = {
|
||
|
agent.enabled = true;
|
||
|
agent.scrape_integration = true;
|
||
|
node_exporter.enabled = true;
|
||
|
replace_instance_label = true;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
example = {
|
||
|
loki.configs = [{
|
||
|
name = "default";
|
||
|
scrape_configs = [
|
||
|
{
|
||
|
job_name = "journal";
|
||
|
journal = {
|
||
|
max_age = "12h";
|
||
|
labels.job = "systemd-journal";
|
||
|
};
|
||
|
relabel_configs = [
|
||
|
{
|
||
|
source_labels = [ "__journal__systemd_unit" ];
|
||
|
target_label = "systemd_unit";
|
||
|
}
|
||
|
{
|
||
|
source_labels = [ "__journal__hostname" ];
|
||
|
target_label = "nodename";
|
||
|
}
|
||
|
{
|
||
|
source_labels = [ "__journal_syslog_identifier" ];
|
||
|
target_label = "syslog_identifier";
|
||
|
}
|
||
|
];
|
||
|
}
|
||
|
];
|
||
|
positions.filename = "\${STATE_DIRECTORY}/loki_positions.yaml";
|
||
|
clients = [{
|
||
|
url = "\${LOGS_REMOTE_WRITE_URL}";
|
||
|
basic_auth.username = "\${LOGS_REMOTE_WRITE_USERNAME}";
|
||
|
basic_auth.password_file = "\${CREDENTIALS_DIRECTORY}/logs_remote_write_password";
|
||
|
}];
|
||
|
}];
|
||
|
integrations = {
|
||
|
prometheus_remote_write = [{
|
||
|
url = "\${METRICS_REMOTE_WRITE_URL}";
|
||
|
basic_auth.username = "\${METRICS_REMOTE_WRITE_USERNAME}";
|
||
|
basic_auth.password_file = "\${CREDENTIALS_DIRECTORY}/metrics_remote_write_password";
|
||
|
}];
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
config = mkIf cfg.enable {
|
||
|
systemd.services.grafana-agent = {
|
||
|
wantedBy = [ "multi-user.target" ];
|
||
|
script = ''
|
||
|
set -euo pipefail
|
||
|
shopt -u nullglob
|
||
|
|
||
|
# Load all credentials into env if they are in UPPER_SNAKE form.
|
||
|
if [[ -n "''${CREDENTIALS_DIRECTORY:-}" ]]; then
|
||
|
for file in "$CREDENTIALS_DIRECTORY"/*; do
|
||
|
key=$(basename "$file")
|
||
|
if [[ $key =~ ^[A-Z0-9_]+$ ]]; then
|
||
|
echo "Environ $key"
|
||
|
export "$key=$(< "$file")"
|
||
|
fi
|
||
|
done
|
||
|
fi
|
||
|
|
||
|
# We can't use Environment=HOSTNAME=%H, as it doesn't include the domain part.
|
||
|
export HOSTNAME=$(< /proc/sys/kernel/hostname)
|
||
|
|
||
|
exec ${cfg.package}/bin/agent -config.expand-env -config.file ${configFile}
|
||
|
'';
|
||
|
serviceConfig = {
|
||
|
Restart = "always";
|
||
|
DynamicUser = true;
|
||
|
RestartSec = 2;
|
||
|
SupplementaryGroups = [
|
||
|
# allow to read the systemd journal for loki log forwarding
|
||
|
"systemd-journal"
|
||
|
];
|
||
|
StateDirectory = "grafana-agent";
|
||
|
LoadCredential = lib.mapAttrsToList (key: value: "${key}:${value}") cfg.credentials;
|
||
|
Type = "simple";
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
}
|