nixos/prometheus-exporters/openvpn: init

Co-Authored-By: Franz Pletz <fpletz@fnordicwalking.de> Co-Authored-By: Robin Gloster <mail@glob.in>
2020-09-25 12:24:09 +02:00 · 2020-09-25 12:24:09 +02:00 · a560936cab
commit a560936cab
parent 2c1e72ee6a
3 changed files with 65 additions and 0 deletions
--- a/nixos/modules/services/monitoring/prometheus/exporters.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters.nix
@ -38,6 +38,7 @@ let
    "nextcloud"
    "nginx"
    "node"
+    "openvpn"
    "postfix"
    "postgres"
    "redis"
--- a/nixos/modules/services/monitoring/prometheus/exporters/openvpn.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/openvpn.nix
@ -0,0 +1,39 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.services.prometheus.exporters.openvpn;
+in {
+  port = 9176;
+  extraOpts = {
+    statusPaths = mkOption {
+      type = types.listOf types.str;
+      description = ''
+        Paths to OpenVPN status files. Please configure the OpenVPN option
+        <literal>status</literal> accordingly.
+      '';
+    };
+    telemetryPath = mkOption {
+      type = types.str;
+      default = "/metrics";
+      description = ''
+        Path under which to expose metrics.
+      '';
+    };
+  };
+
+  serviceOpts = {
+    serviceConfig = {
+      PrivateDevices = true;
+      ProtectKernelModules = true;
+      NoNewPrivileges = true;
+      ExecStart = ''
+        ${pkgs.prometheus-openvpn-exporter}/bin/openvpn_exporter \
+          -openvpn.status_paths "${concatStringsSep "," cfg.statusPaths}" \
+          -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
+          -web.telemetry-path ${cfg.telemetryPath}
+      '';
+    };
+  };
+}
--- a/nixos/tests/prometheus-exporters.nix
+++ b/nixos/tests/prometheus-exporters.nix
@ -457,6 +457,31 @@ let
      '';
    };

+    openvpn = {
+      exporterConfig = {
+        enable = true;
+        group = "openvpn";
+        statusPaths = ["/run/openvpn-test"];
+      };
+      metricProvider = {
+        users.groups.openvpn = {};
+        services.openvpn.servers.test = {
+          config = ''
+            dev tun
+            status /run/openvpn-test
+            status-version 3
+          '';
+          up = "chmod g+r /run/openvpn-test";
+        };
+        systemd.services."openvpn-test".serviceConfig.Group = "openvpn";
+      };
+      exporterTest = ''
+        wait_for_unit("openvpn-test.service")
+        wait_for_unit("prometheus-openvpn-exporter.service")
+        succeed("curl -sSf http://localhost:9176/metrics | grep -q 'openvpn_up{.*} 1'")
+      '';
+    };
+
    postfix = {
      exporterConfig = {
        enable = true;