prometheus-tailscale-exporter: init at 0.2.5 (#453075)

nixos/doc/manual/release-notes/rl-2511.section.md

@@ -166,6 +166,8 @@
 
 - [conman](https://github.com/dun/conman), a serial console management program. Available as [services.conman](#opt-services.conman.enable).
 
+- [Prometheus Tailscale Exporter](https://github.com/adinhodovic/tailscale-exporter), a Prometheus exporter for Tailscale Tailnet metrics.
+
 - [KMinion](https://github.com/redpanda-data/kminion), feature-rich Prometheus exporter for Apache Kafka. Available as [services.prometheus.exporters.kafka](options.html#opt-services.prometheus.exporters.kafka).
 
 - [Beszel](https://beszel.dev), a lightweight server monitoring hub with historical data, docker stats, and alerts. Available as [`services.beszel.agent`](options.html#opt-services.beszel.agent.enable) and [`services.beszel.hub`](options.html#opt-services.beszel.hub.enable).

nixos/modules/services/monitoring/prometheus/exporters.nix

@@ -127,6 +127,7 @@ let
         "storagebox"
         "surfboard"
         "systemd"
+        "tailscale"
         "tibber"
         "unbound"
         "unpoller"

nixos/modules/services/monitoring/prometheus/exporters/tailscale.nix

@@ -0,0 +1,47 @@
+{
+  config,
+  lib,
+  pkgs,
+  utils,
+  ...
+}:
+
+let
+  inherit (lib)
+    getExe
+    mkOption
+    mkPackageOption
+    types
+    ;
+
+  inherit (utils) escapeSystemdExecArgs;
+
+  cfg = config.services.prometheus.exporters.tailscale;
+in
+{
+  port = 9250;
+  extraOpts = with types; {
+    package = mkPackageOption pkgs "prometheus-tailscale-exporter" { };
+    environmentFile = mkOption {
+      type = path;
+      description = ''
+        Environment file containg at least the TAILSCALE_TAILNET,
+        TAILSCALE_OAUTH_CLIENT_ID, and TAILSCALE_OAUTH_CLIENT_SECRET
+        environment variables.
+      '';
+    };
+  };
+  serviceOpts = {
+    serviceConfig = {
+      EnvironmentFile = cfg.environmentFile;
+      ExecStart = escapeSystemdExecArgs (
+        [
+          (getExe cfg.package)
+          "--listen-address"
+          "${cfg.listenAddress}:${toString cfg.port}"
+        ]
+        ++ cfg.extraFlags
+      );
+    };
+  };
+}

nixos/tests/prometheus-exporters.nix

@@ -1757,6 +1757,51 @@ let
       '';
     };
 
+    tailscale = {
+      exporterConfig = {
+        package = pkgs.prometheus-tailscale-exporter.overrideAttrs {
+          patches = [
+            # This patch prevents the exporter from exiting immediately upon
+            # startup when no credentials are provided, which is useful for
+            # testing the NixOS module.
+            (pkgs.writeText "allow-running-without-credentials" ''
+              diff --git a/cmd/tailscale-exporter/root.go b/cmd/tailscale-exporter/root.go
+              index 2ff11cb..2fb576f 100644
+              --- a/cmd/tailscale-exporter/root.go
+              +++ b/cmd/tailscale-exporter/root.go
+              @@ -137,14 +137,6 @@ func runExporter(cmd *cobra.Command, args []string) error {
+              ''\t// Create HTTP client that automatically handles token refresh
+              ''\thttpClient := oauthConfig.Client(context.Background())
+
+              -''\t// Test OAuth token generation
+              -''\ttoken, err := oauthConfig.Token(context.Background())
+              -''\tif err != nil {
+              -''\t''\treturn fmt.Errorf("failed to obtain OAuth token: %w", err)
+              -''\t}
+              -''\tlogger.Info("OAuth token obtained", "token_type", token.TokenType)
+              -''\tlogger.Info("Successfully obtained OAuth token", "expires", token.Expiry)
+              -
+              ''\t// Default labels for all metrics
+              ''\tdefaultLabels := prometheus.Labels{"tailnet": tailnet}
+              ''\treg := prometheus.WrapRegistererWith(
+            '')
+          ];
+        };
+        enable = true;
+        environmentFile = pkgs.writeText "tailscale-exporter-env" ''
+          TAILSCALE_OAUTH_CLIENT_ID=12345678
+          TAILSCALE_OAUTH_CLIENT_SECRET=12345678
+          TAILSCALE_TAILNET=example.com
+        '';
+      };
+
+      exporterTest = ''
+        wait_for_unit("prometheus-tailscale-exporter.service")
+        wait_for_open_port(9250)
+        succeed("curl -sSf localhost:9250/metrics | grep 'tailscale_up{tailnet=\"example.com\"} 1'")
+      '';
+    };
+
     unpoller = {
       nodeName = "unpoller";
       exporterConfig.enable = true;

pkgs/by-name/pr/prometheus-tailscale-exporter/package.nix

@@ -0,0 +1,53 @@
+{
+  lib,
+  buildGoModule,
+  fetchFromGitHub,
+  nixosTests,
+  versionCheckHook,
+}:
+
+buildGoModule rec {
+  pname = "tailscale-exporter";
+  version = "0.2.5";
+
+  src = fetchFromGitHub {
+    owner = "adinhodovic";
+    repo = "tailscale-exporter";
+    tag = version;
+    hash = "sha256-6iQtGfQsXVmwFaSA7B1AG+kbtSyKVWFbEld1lMb0DnE=";
+  };
+
+  vendorHash = "sha256-Nbx6LyGGhdgI4oEtbyqhJ2H1lY6BfSL/ROH/Dh4UOk0=";
+
+  subPackages = [
+    "cmd/tailscale-exporter"
+    "collector"
+  ];
+
+  env.CGO_ENABLED = 0;
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-X main.version=${version}"
+  ];
+
+  doInstallCheck = true;
+  nativeInstallCheckInputs = [ versionCheckHook ];
+  versionCheckProgramArg = "version";
+
+  passthru.tests = {
+    inherit (nixosTests.prometheus-exporters) tailscale;
+  };
+
+  meta = {
+    description = "Tailscale Tailnet metric exporter for Prometheus";
+    homepage = "https://github.com/adinhodovic/tailscale-exporter";
+    changelog = "https://github.com/adinhodovic/tailscale-exporter/releases/tag/${src.tag}";
+    license = lib.licenses.asl20;
+    maintainers = with lib.maintainers; [
+      squat
+    ];
+    mainProgram = "tailscale-exporter";
+  };
+}