gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/prometheus: add service discovery options

Browse Source
This commit is contained in:
Yannik Rödel
2021-10-27 15:46:43 +02:00
committed by Bas van Dijk
parent 904d29e1c4
commit b3d4f6d841
1 changed files with 600 additions and 267 deletions
Download Patch File Download Diff File Expand all files Collapse all files

821
nixos/modules/services/monitoring/prometheus/default.nix
View File

@@ -63,11 +63,14 @@ let
};
};
prometheusYml = let
yml = if cfg.configText != null then
prometheusYml =
let
yml =
if cfg.configText != null then
pkgs.writeText "prometheus.yml" cfg.configText
else generatedPrometheusYml;
in promtoolCheck "check config" "prometheus.yml" yml;
in
promtoolCheck "check config" "prometheus.yml" yml;
cmdlineArgs = cfg.extraFlags ++ [
"--storage.tsdb.path=${workingDir}/data/"
@@ -85,18 +88,25 @@ let
filterValidPrometheus = filterAttrsListRecursive (n: v: !(n == "_module" || v == null));
filterAttrsListRecursive = pred: x:
if isAttrs x then
listToAttrs (
concatMap (name:
listToAttrs
(
concatMap
(name:
let v = x.${name}; in
if pred name v then [
(nameValuePair name (filterAttrsListRecursive pred v))
] else [ ]
) (attrNames x)
)
(attrNames x)
)
else if isList x then
map (filterAttrsListRecursive pred) x
else x;
#
# Config types: helper functions
#
mkDefOpt = type: defaultStr: description: mkOpt type (description + ''
Defaults to <literal>${defaultStr}</literal> in prometheus
@@ -109,6 +119,55 @@ let
inherit description;
};
mkSdConfigModule = extraOptions: types.submodule {
options = {
basic_auth = mkOpt promTypes.basic_auth ''
Optional HTTP basic authentication information.
'';
authorization = mkOpt
(types.submodule {
options = {
type = mkDefOpt types.str "Bearer" ''
Sets the authentication type.
'';
credentials = mkOpt types.str ''
Sets the credentials. It is mutually exclusive with `credentials_file`.
'';
credentials_file = mkOpt types.str ''
Sets the credentials to the credentials read from the configured file.
It is mutually exclusive with `credentials`.
'';
};
}) ''
Optional `Authorization` header configuration.
'';
oauth2 = mkOpt promtypes.oauth2 ''
Optional OAuth 2.0 configuration.
Cannot be used at the same time as basic_auth or authorization.
'';
proxy_url = mkOpt types.str ''
Optional proxy URL.
'';
follow_redirects = mkDefOpt types.bool "true" ''
Configure whether HTTP requests follow HTTP 3xx redirects.
'';
tls_config = mkOpt promTypes.tls_config ''
TLS configuration.
'';
} // extraOptions;
};
#
# Config types: general
#
promTypes.globalConfig = types.submodule {
options = {
scrape_interval = mkDefOpt types.str "1m" ''
@@ -144,131 +203,55 @@ let
};
};
promTypes.remote_read = types.submodule {
promTypes.tls_config = types.submodule {
options = {
url = mkOption {
type = types.str;
description = ''
ca_file = mkOpt types.str ''
CA certificate to validate API server certificate with.
'';
cert_file = mkOpt types.str ''
Certificate file for client cert authentication to the server.
'';
key_file = mkOpt types.str ''
Key file for client cert authentication to the server.
'';
server_name = mkOpt types.str ''
ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
'';
};
name = mkOpt types.str ''
Name of the remote read config, which if specified must be unique among remote read configs.
The name will be used in metrics and logging in place of a generated value to help users distinguish between
remote read configs.
insecure_skip_verify = mkOpt types.bool ''
Disable validation of the server certificate.
'';
required_matchers = mkOpt (types.attrsOf types.str) ''
An optional list of equality matchers which have to be
present in a selector to query the remote read endpoint.
'';
remote_timeout = mkOpt types.str ''
Timeout for requests to the remote read endpoint.
'';
read_recent = mkOpt types.bool ''
Whether reads should be made for queries for time ranges that
the local storage should have complete data for.
'';
basic_auth = mkOpt promTypes.basic_auth ''
Sets the `Authorization` header on every remote read request with the
configured username and password.
password and password_file are mutually exclusive.
'';
bearer_token = mkOpt types.str ''
Sets the `Authorization` header on every remote read request with
the configured bearer token. It is mutually exclusive with `bearer_token_file`.
'';
bearer_token_file = mkOpt types.str ''
Sets the `Authorization` header on every remote read request with the bearer token
read from the configured file. It is mutually exclusive with `bearer_token`.
'';
tls_config = mkOpt promTypes.tls_config ''
Configures the remote read request's TLS settings.
'';
proxy_url = mkOpt types.str "Optional Proxy URL.";
};
};
promTypes.remote_write = types.submodule {
promtypes.oauth2 = types.submodule {
options = {
url = mkOption {
type = types.str;
description = ''
ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
client_id = mkOpt types.str ''
OAuth client ID.
'';
};
remote_timeout = mkOpt types.str ''
Timeout for requests to the remote write endpoint.
client_secret = mkOpt types.str ''
OAuth client secret.
'';
write_relabel_configs = mkOpt (types.listOf promTypes.relabel_config) ''
List of remote write relabel configurations.
client_secret_file = mkOpt types.str ''
Read the client secret from a file. It is mutually exclusive with `client_secret`.
'';
name = mkOpt types.str ''
Name of the remote write config, which if specified must be unique among remote write configs.
The name will be used in metrics and logging in place of a generated value to help users distinguish between
remote write configs.
scopes = mkOpt (types.listOf types.str) ''
Scopes for the token request.
'';
basic_auth = mkOpt promTypes.basic_auth ''
Sets the `Authorization` header on every remote write request with the
configured username and password.
password and password_file are mutually exclusive.
token_url = mkOpt types.str ''
The URL to fetch the token from.
'';
bearer_token = mkOpt types.str ''
Sets the `Authorization` header on every remote write request with
the configured bearer token. It is mutually exclusive with `bearer_token_file`.
'';
bearer_token_file = mkOpt types.str ''
Sets the `Authorization` header on every remote write request with the bearer token
read from the configured file. It is mutually exclusive with `bearer_token`.
'';
tls_config = mkOpt promTypes.tls_config ''
Configures the remote write request's TLS settings.
'';
proxy_url = mkOpt types.str "Optional Proxy URL.";
queue_config = mkOpt (types.submodule {
options = {
capacity = mkOpt types.int ''
Number of samples to buffer per shard before we block reading of more
samples from the WAL. It is recommended to have enough capacity in each
shard to buffer several requests to keep throughput up while processing
occasional slow remote requests.
'';
max_shards = mkOpt types.int ''
Maximum number of shards, i.e. amount of concurrency.
'';
min_shards = mkOpt types.int ''
Minimum number of shards, i.e. amount of concurrency.
'';
max_samples_per_send = mkOpt types.int ''
Maximum number of samples per send.
'';
batch_send_deadline = mkOpt types.str ''
Maximum time a sample will wait in buffer.
'';
min_backoff = mkOpt types.str ''
Initial retry delay. Gets doubled for every retry.
'';
max_backoff = mkOpt types.str ''
Maximum retry delay.
'';
};
}) ''
Configures the queue used to write to remote storage.
'';
metadata_config = mkOpt (types.submodule {
options = {
send = mkOpt types.bool ''
Whether metric metadata is sent to remote storage or not.
'';
send_interval = mkOpt types.str ''
How frequently metric metadata is sent to remote storage.
'';
};
}) ''
Configures the sending of series metadata to remote storage.
Metadata configuration is subject to change at any point
or be removed in future releases.
endpoint_params = mkOpt (types.attrsOf types.str) ''
Optional parameters to append to the token URL.
'';
};
};
@@ -360,16 +343,34 @@ let
Optional proxy URL.
'';
ec2_sd_configs = mkOpt (types.listOf promTypes.ec2_sd_config) ''
List of EC2 service discovery configurations.
# azure_sd_configs
consul_sd_configs = mkOpt (types.listOf promTypes.consul_sd_config) ''
List of Consul service discovery configurations.
'';
digitalocean_sd_configs = mkOpt (types.listOf promTypes.digitalocean_sd_config) ''
List of DigitalOcean service discovery configurations.
'';
docker_sd_configs = mkOpt (types.listOf promTypes.docker_sd_config) ''
List of Docker service discovery configurations.
'';
dockerswarm_sd_configs = mkOpt (types.listOf promTypes.dockerswarm_sd_config) ''
List of Docker Swarm service discovery configurations.
'';
dns_sd_configs = mkOpt (types.listOf promTypes.dns_sd_config) ''
List of DNS service discovery configurations.
'';
consul_sd_configs = mkOpt (types.listOf promTypes.consul_sd_config) ''
List of Consul service discovery configurations.
ec2_sd_configs = mkOpt (types.listOf promTypes.ec2_sd_config) ''
List of EC2 service discovery configurations.
'';
eureka_sd_configs = mkOpt (types.listOf promTypes.eureka_sd_config) ''
List of Eureka service discovery configurations.
'';
file_sd_configs = mkOpt (types.listOf promTypes.file_sd_config) ''
@@ -384,10 +385,43 @@ let
relevant Prometheus configuration docs</link> for more detail.
'';
hetzner_sd_configs = mkOpt (types.listOf promTypes.hetzner_sd_config) ''
List of Hetzner service discovery configurations.
'';
http_sd_configs = mkOpt (types.listOf promTypes.http_sd_config) ''
List of HTTP service discovery configurations.
'';
# kubernetes_sd_configs
kuma_sd_configs = mkOpt (types.listOf promTypes.kuma_sd_config) ''
List of Kuma service discovery configurations.
'';
# lightsail_sd_configs
linode_sd_configs = mkOpt (types.listOf promTypes.linode_sd_config) ''
List of Linode service discovery configurations.
'';
marathon_sd_configs = mkOpt (types.listOf promTypes.marathon_sd_config) ''
List of Marathon service discovery configurations.
'';
nerve_sd_configs = mkOpt (types.listOf promTypes.nerve_sd_config) ''
List of AirBnB's Nerve service discovery configurations.
'';
# openstack_sd_configs
# scaleway_sd_configs
serverset_sd_configs = mkOpt (types.listOf promTypes.serverset_sd_config) ''
List of Zookeeper Serverset service discovery configurations.
'';
# triton_sd_configs
static_configs = mkOpt (types.listOf promTypes.static_config) ''
List of labeled target groups for this job.
'';
@@ -441,107 +475,11 @@ let
};
};
promTypes.static_config = types.submodule {
options = {
targets = mkOption {
type = types.listOf types.str;
description = ''
The targets specified by the target group.
'';
};
labels = mkOption {
type = types.attrsOf types.str;
default = {};
description = ''
Labels assigned to all metrics scraped from the targets.
'';
};
};
};
#
# Config types: service discovery
#
promTypes.ec2_sd_config = types.submodule {
options = {
region = mkOption {
type = types.str;
description = ''
The AWS Region.
'';
};
endpoint = mkOpt types.str ''
Custom endpoint to be used.
'';
access_key = mkOpt types.str ''
The AWS API key id. If blank, the environment variable
<literal>AWS_ACCESS_KEY_ID</literal> is used.
'';
secret_key = mkOpt types.str ''
The AWS API key secret. If blank, the environment variable
<literal>AWS_SECRET_ACCESS_KEY</literal> is used.
'';
profile = mkOpt types.str ''
Named AWS profile used to connect to the API.
'';
role_arn = mkOpt types.str ''
AWS Role ARN, an alternative to using AWS API keys.
'';
refresh_interval = mkDefOpt types.str "60s" ''
Refresh interval to re-read the instance list.
'';
port = mkDefOpt types.int "80" ''
The port to scrape metrics from. If using the public IP
address, this must instead be specified in the relabeling
rule.
'';
filters = mkOpt (types.listOf promTypes.filter) ''
Filters can be used optionally to filter the instance list by other criteria.
'';
};
};
promTypes.filter = types.submodule {
options = {
name = mkOption {
type = types.str;
description = ''
See <link xlink:href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html">this list</link>
for the available filters.
'';
};
values = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Value of the filter.
'';
};
};
};
promTypes.dns_sd_config = types.submodule {
options = {
names = mkOption {
type = types.listOf types.str;
description = ''
A list of DNS SRV record names to be queried.
'';
};
refresh_interval = mkDefOpt types.str "30s" ''
The time after which the provided names are refreshed.
'';
};
};
promTypes.consul_sd_config = types.submodule {
options = {
promTypes.consul_sd_config = mkSdConfigModule {
server = mkDefOpt types.str "localhost:8500" ''
Consul server to query.
'';
@@ -591,6 +529,168 @@ let
because the catalog will change all the time.
'';
};
promTypes.digitalocean_sd_config = mkSdConfigModule {
port = mkDefOpt types.int "80" ''
The port to scrape metrics from.
'';
refresh_interval = mkDefOpt types.str "60s" ''
The time after which the droplets are refreshed.
'';
};
mkDockerSdConfigModule = extraOptions: mkSdConfigModule ({
host = mkOption {
type = types.str;
description = ''
Address of the Docker daemon.
'';
};
port = mkDefOpt types.int "80" ''
The port to scrape metrics from, when `role` is nodes, and for discovered
tasks and services that don't have published ports.
'';
filters = mkOpt
(types.listOf (types.submodule {
options = {
name = mkOption {
type = types.str;
description = ''
Name of the filter. The available filters are listed in the upstream documentation:
Services: <link xlink:href="https://docs.docker.com/engine/api/v1.40/#operation/ServiceList"/>
Tasks: <link xlink:href="https://docs.docker.com/engine/api/v1.40/#operation/TaskList"/>
Nodes: <link xlink:href="https://docs.docker.com/engine/api/v1.40/#operation/NodeList"/>
'';
};
values = mkOption {
type = types.str;
description = ''
Value for the filter.
'';
};
};
})) ''
Optional filters to limit the discovery process to a subset of available resources.
'';
refresh_interval = mkDefOpt types.str "60s" ''
The time after which the containers are refreshed.
'';
} // extraOptions);
promTypes.docker_sd_config = mkDockerSdConfigModule {
host_networking_host = mkDefOpt types.str "localhost" ''
The host to use if the container is in host networking mode.
'';
};
promTypes.dockerswarm_sd_config = mkDockerSdConfigModule {
role = mkOption {
type = types.enum [ "services" "tasks" "nodes" ];
description = ''
Role of the targets to retrieve. Must be `services`, `tasks`, or `nodes`.
'';
};
};
promTypes.dns_sd_config = types.submodule {
options = {
names = mkOption {
type = types.listOf types.str;
description = ''
A list of DNS SRV record names to be queried.
'';
};
type = mkDefOpt (types.enum [ "SRV" "A" "AAAA" ]) "SRV" ''
The type of DNS query to perform. One of SRV, A, or AAAA.
'';
port = mkOpt types.int ''
The port number used if the query type is not SRV.
'';
refresh_interval = mkDefOpt types.str "30s" ''
The time after which the provided names are refreshed.
'';
};
};
promTypes.ec2_sd_config = types.submodule {
options = {
region = mkOption {
type = types.str;
description = ''
The AWS Region. If blank, the region from the instance metadata is used.
'';
};
endpoint = mkOpt types.str ''
Custom endpoint to be used.
'';
access_key = mkOpt types.str ''
The AWS API key id. If blank, the environment variable
<literal>AWS_ACCESS_KEY_ID</literal> is used.
'';
secret_key = mkOpt types.str ''
The AWS API key secret. If blank, the environment variable
<literal>AWS_SECRET_ACCESS_KEY</literal> is used.
'';
profile = mkOpt types.str ''
Named AWS profile used to connect to the API.
'';
role_arn = mkOpt types.str ''
AWS Role ARN, an alternative to using AWS API keys.
'';
refresh_interval = mkDefOpt types.str "60s" ''
Refresh interval to re-read the instance list.
'';
port = mkDefOpt types.int "80" ''
The port to scrape metrics from. If using the public IP
address, this must instead be specified in the relabeling
rule.
'';
filters = mkOpt
(types.listOf (types.submodule {
options = {
name = mkOption {
type = types.str;
description = ''
See <link xlink:href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html">this list</link>
for the available filters.
'';
};
values = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
Value of the filter.
'';
};
};
})) ''
Filters can be used optionally to filter the instance list by other criteria.
'';
};
};
promTypes.eureka_sd_config = mkSdConfigModule {
server = mkOption {
type = types.str;
description = ''
The URL to connect to the Eureka server.
'';
};
};
promTypes.file_sd_config = types.submodule {
@@ -649,13 +749,30 @@ let
tag_separator = mkDefOpt types.str "," ''
The tag separator used to separate concatenated GCE instance network tags.
See the GCP documentation on network tags for more information: <link
xlink:href="https://cloud.google.com/vpc/docs/add-remove-network-tags"
/>
See the GCP documentation on network tags for more information:
<link xlink:href="https://cloud.google.com/vpc/docs/add-remove-network-tags" />
'';
};
};
promTypes.hetzner_sd_config = mkSdConfigModule {
role = mkOption {
type = types.enum [ "robot" "hcloud" ];
description = ''
The Hetzner role of entities that should be discovered.
One of <literal>robot</literal> or <literal>hcloud</literal>.
'';
};
port = mkDefOpt types.int "80" ''
The port to scrape metrics from.
'';
refresh_interval = mkDefOpt types.str "60s" ''
The time after which the servers are refreshed.
'';
};
promTypes.http_sd_config = types.submodule {
options = {
url = mkOption {
@@ -688,6 +805,109 @@ let
};
};
promTypes.kuma_sd_config = mkSdConfigModule {
server = mkOption {
type = types.str;
description = ''
Address of the Kuma Control Plane's MADS xDS server.
'';
};
refresh_interval = mkDefOpt types.str "30s" ''
The time to wait between polling update requests.
'';
fetch_timeout = mkDefOpt types.str "2m" ''
The time after which the monitoring assignments are refreshed.
'';
};
promTypes.linode_sd_config = mkSdConfigModule {
port = mkDefOpt types.int "80" ''
The port to scrape metrics from.
'';
tag_separator = mkDefOpt types.str "," ''
The string by which Linode Instance tags are joined into the tag label.
'';
refresh_interval = mkDefOpt types.str "60s" ''
The time after which the linode instances are refreshed.
'';
};
promTypes.marathon_sd_config = mkSdConfigModule {
servers = mkOption {
type = types.listOf types.str;
description = ''
List of URLs to be used to contact Marathon servers. You need to provide at least one server URL.
'';
};
refresh_interval = mkDefOpt types.str "30s" ''
Polling interval.
'';
auth_token = mkOpt types.str ''
Optional authentication information for token-based authentication:
<link xlink:href="https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token" />
It is mutually exclusive with <literal>auth_token_file</literal> and other authentication mechanisms.
'';
auth_token_file = mkOpt types.str ''
Optional authentication information for token-based authentication:
<link xlink:href="https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token" />
It is mutually exclusive with <literal>auth_token</literal> and other authentication mechanisms.
'';
};
promTypes.nerve_sd_config = types.submodule {
options = {
servers = mkOption {
type = types.listOf types.str;
description = ''
The Zookeeper servers.
'';
};
paths = mkOption {
type = types.listOf types.str;
description = ''
Paths can point to a single service, or the root of a tree of services.
'';
};
timeout = mkDefOpt types.str "10s" ''
Timeout value.
'';
};
};
# These are exactly the same.
promTypes.serverset_sd_config = promTypes.nerve_sd_config;
promTypes.static_config = types.submodule {
options = {
targets = mkOption {
type = types.listOf types.str;
description = ''
The targets specified by the target group.
'';
};
labels = mkOption {
type = types.attrsOf types.str;
default = { };
description = ''
Labels assigned to all metrics scraped from the targets.
'';
};
};
};
#
# Config types: relabling
#
promTypes.relabel_config = types.submodule {
options = {
source_labels = mkOpt (types.listOf types.str) ''
@@ -725,32 +945,143 @@ let
};
};
promTypes.tls_config = types.submodule {
#
# Config types : remote read / write
#
promTypes.remote_write = types.submodule {
options = {
ca_file = mkOpt types.str ''
CA certificate to validate API server certificate with.
'';
cert_file = mkOpt types.str ''
Certificate file for client cert authentication to the server.
'';
key_file = mkOpt types.str ''
Key file for client cert authentication to the server.
'';
server_name = mkOpt types.str ''
url = mkOption {
type = types.str;
description = ''
ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
'';
insecure_skip_verify = mkOpt types.bool ''
Disable validation of the server certificate.
};
remote_timeout = mkOpt types.str ''
Timeout for requests to the remote write endpoint.
'';
write_relabel_configs = mkOpt (types.listOf promTypes.relabel_config) ''
List of remote write relabel configurations.
'';
name = mkOpt types.str ''
Name of the remote write config, which if specified must be unique among remote write configs.
The name will be used in metrics and logging in place of a generated value to help users distinguish between
remote write configs.
'';
basic_auth = mkOpt promTypes.basic_auth ''
Sets the `Authorization` header on every remote write request with the
configured username and password.
password and password_file are mutually exclusive.
'';
bearer_token = mkOpt types.str ''
Sets the `Authorization` header on every remote write request with
the configured bearer token. It is mutually exclusive with `bearer_token_file`.
'';
bearer_token_file = mkOpt types.str ''
Sets the `Authorization` header on every remote write request with the bearer token
read from the configured file. It is mutually exclusive with `bearer_token`.
'';
tls_config = mkOpt promTypes.tls_config ''
Configures the remote write request's TLS settings.
'';
proxy_url = mkOpt types.str "Optional Proxy URL.";
queue_config = mkOpt
(types.submodule {
options = {
capacity = mkOpt types.int ''
Number of samples to buffer per shard before we block reading of more
samples from the WAL. It is recommended to have enough capacity in each
shard to buffer several requests to keep throughput up while processing
occasional slow remote requests.
'';
max_shards = mkOpt types.int ''
Maximum number of shards, i.e. amount of concurrency.
'';
min_shards = mkOpt types.int ''
Minimum number of shards, i.e. amount of concurrency.
'';
max_samples_per_send = mkOpt types.int ''
Maximum number of samples per send.
'';
batch_send_deadline = mkOpt types.str ''
Maximum time a sample will wait in buffer.
'';
min_backoff = mkOpt types.str ''
Initial retry delay. Gets doubled for every retry.
'';
max_backoff = mkOpt types.str ''
Maximum retry delay.
'';
};
}) ''
Configures the queue used to write to remote storage.
'';
metadata_config = mkOpt
(types.submodule {
options = {
send = mkOpt types.bool ''
Whether metric metadata is sent to remote storage or not.
'';
send_interval = mkOpt types.str ''
How frequently metric metadata is sent to remote storage.
'';
};
}) ''
Configures the sending of series metadata to remote storage.
Metadata configuration is subject to change at any point
or be removed in future releases.
'';
};
};
in {
promTypes.remote_read = types.submodule {
options = {
url = mkOption {
type = types.str;
description = ''
ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
'';
};
name = mkOpt types.str ''
Name of the remote read config, which if specified must be unique among remote read configs.
The name will be used in metrics and logging in place of a generated value to help users distinguish between
remote read configs.
'';
required_matchers = mkOpt (types.attrsOf types.str) ''
An optional list of equality matchers which have to be
present in a selector to query the remote read endpoint.
'';
remote_timeout = mkOpt types.str ''
Timeout for requests to the remote read endpoint.
'';
read_recent = mkOpt types.bool ''
Whether reads should be made for queries for time ranges that
the local storage should have complete data for.
'';
basic_auth = mkOpt promTypes.basic_auth ''
Sets the `Authorization` header on every remote read request with the
configured username and password.
password and password_file are mutually exclusive.
'';
bearer_token = mkOpt types.str ''
Sets the `Authorization` header on every remote read request with
the configured bearer token. It is mutually exclusive with `bearer_token_file`.
'';
bearer_token_file = mkOpt types.str ''
Sets the `Authorization` header on every remote read request with the bearer token
read from the configured file. It is mutually exclusive with `bearer_token`.
'';
tls_config = mkOpt promTypes.tls_config ''
Configures the remote read request's TLS settings.
'';
proxy_url = mkOpt types.str "Optional Proxy URL.";
};
};
in
{
imports = [
(mkRenamedOptionModule [ "services" "prometheus2" ] [ "services" "prometheus" ])
@@ -999,11 +1330,13 @@ in {
config = mkIf cfg.enable {
assertions = [
( let
(
let
# Match something with dots (an IPv4 address) or something ending in
# a square bracket (an IPv6 addresses) followed by a port number.
legacy = builtins.match "(.*\\..*|.*]):([[:digit:]]+)" cfg.listenAddress;
in {
in
{
assertion = legacy == null;
message = ''
Do not specify the port for Prometheus to listen on in the