lib: add wireguard_exporter package and module

2024-12-14 11:47:32 +00:00 · 2020-04-30 18:41:46 -04:00 · 2020-04-30 18:41:46 -04:00 · 6fdca2b235
commit 6fdca2b235
parent ca255a3a4e
2 changed files with 71 additions and 0 deletions
--- a/nixos/lib/modules/wireguard_exporter.nix
+++ b/nixos/lib/modules/wireguard_exporter.nix
@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.wireguard_exporter;
+  configFile = pkgs.writeText "wireguard_exporter.toml" cfg.config;
+in {
+  options.services.wireguard_exporter = {
+    enable = mkEnableOption "WireGuard Prometheus exporter";
+
+    # TODO: nixify.
+    config = mkOption {
+      default = "";
+      type = types.lines;
+      description = "Peer mappings TOML configuration.";
+    };
+
+    package = mkOption {
+      default = pkgs.wireguard_exporter;
+      defaultText = "pkgs.wireguard_exporter";
+      type = types.package;
+      description = "wireguard_exporter package to use.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.wireguard_exporter = {
+      description = "WireGuard Prometheus exporter";
+      after = [ "network-online.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        PermissionsStartOnly = true;
+        LimitNPROC = 512;
+        LimitNOFILE = 1048576;
+        CapabilityBoundingSet = "cap_net_admin";
+        AmbientCapabilities = "cap_net_admin";
+        NoNewPrivileges = true;
+        DynamicUser = true;
+        ExecStart = "${
+            getBin cfg.package
+          }/bin/wireguard_exporter -wireguard.peer-file=${configFile}";
+        Restart = "on-failure";
+      };
+    };
+  };
+}
--- a/nixos/lib/pkgs/wireguard_exporter.nix
+++ b/nixos/lib/pkgs/wireguard_exporter.nix
@ -0,0 +1,24 @@
+{ stdenv, buildGoModule, fetchFromGitHub }:
+
+buildGoModule rec {
+  pname = "wireguard_exporter";
+  version = "0.1.1";
+
+  goPackagePath = "github.com/mdlayher/wireguard_exporter";
+
+  src = fetchFromGitHub {
+    owner = "mdlayher";
+    repo = "wireguard_exporter";
+    rev = "v${version}";
+    sha256 = "06hh65c5qn7sbhcm23mgww44mc51kf37iv73hjxcmg4yac4fi65h";
+  };
+
+  modSha256 = "065a8jnkjbs57fyr9493b2m66ajq4wr6hsbl54s9yw0gj6jpn5w4";
+
+  meta = with stdenv.lib; {
+    homepage = "github.com/mdlayher/wireguard_exporter";
+    description = "Prometheus exporter for WireGuard devices.";
+    license = licenses.mit;
+    maintainers = with maintainers; [ mdlayher ];
+  };
+}