646b892680
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
102 lines
2.6 KiB
Nix
102 lines
2.6 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.services.prometheus.exporters.dnssec;
|
|
configFormat = pkgs.formats.toml { };
|
|
configFile = configFormat.generate "dnssec-checks.toml" cfg.configuration;
|
|
in
|
|
{
|
|
port = 9204;
|
|
extraOpts = {
|
|
configuration = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.attrs;
|
|
default = null;
|
|
description = ''
|
|
dnssec exporter configuration as nix attribute set.
|
|
|
|
See <https://github.com/chrj/prometheus-dnssec-exporter/blob/master/README.md>
|
|
for the description of the configuration file format.
|
|
'';
|
|
example = lib.literalExpression ''
|
|
{
|
|
records = [
|
|
{
|
|
zone = "ietf.org";
|
|
record = "@";
|
|
type = "SOA";
|
|
}
|
|
{
|
|
zone = "verisigninc.com";
|
|
record = "@";
|
|
type = "SOA";
|
|
}
|
|
];
|
|
}
|
|
'';
|
|
};
|
|
|
|
listenAddress = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
default = null;
|
|
description = ''
|
|
Listen address as host IP and port definition.
|
|
'';
|
|
example = ":9204";
|
|
};
|
|
|
|
resolvers = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [ ];
|
|
description = ''
|
|
DNSSEC capable resolver to be used for the check.
|
|
'';
|
|
example = [ "0.0.0.0:53" ];
|
|
};
|
|
|
|
timeout = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
default = null;
|
|
description = ''
|
|
DNS request timeout duration.
|
|
'';
|
|
example = "10s";
|
|
};
|
|
|
|
extraFlags = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [ ];
|
|
description = ''
|
|
Extra commandline options when launching Prometheus.
|
|
'';
|
|
};
|
|
};
|
|
|
|
serviceOpts = {
|
|
serviceConfig =
|
|
let
|
|
startScript = pkgs.writeShellScriptBin "prometheus-dnssec-exporter-start" "${lib.concatStringsSep
|
|
" "
|
|
(
|
|
[ "${pkgs.prometheus-dnssec-exporter}/bin/prometheus-dnssec-exporter" ]
|
|
++ lib.optionals (cfg.configuration != null) [ "-config ${configFile}" ]
|
|
++ lib.optionals (cfg.listenAddress != null) [
|
|
"-listen-address ${lib.escapeShellArg cfg.listenAddress}"
|
|
]
|
|
++ lib.optionals (cfg.resolvers != [ ]) [
|
|
"-resolvers ${lib.escapeShellArg (lib.concatStringsSep "," cfg.resolvers)}"
|
|
]
|
|
++ lib.optionals (cfg.timeout != null) [ "-timeout ${lib.escapeShellArg cfg.timeout}" ]
|
|
++ cfg.extraFlags
|
|
)
|
|
}";
|
|
in
|
|
{
|
|
ExecStart = lib.getExe startScript;
|
|
};
|
|
};
|
|
}
|