nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dnssec.nix

{ config, lib, pkgs, ... }:
let
  cfg = config.services.prometheus.exporters.dnssec;
  configFormat = pkgs.formats.toml { };
  configFile = configFormat.generate "dnssec-checks.toml" cfg.configuration;
in {
  port = 9204;
  extraOpts = {
    configuration = lib.mkOption {
      type = lib.types.nullOr lib.types.attrs;
      default = null;
      description = ''
        dnssec exporter configuration as nix attribute set.

        See <https://github.com/chrj/prometheus-dnssec-exporter/blob/master/README.md>
        for the description of the configuration file format.
      '';
      example = lib.literalExpression ''
        {
          records = [
            {
              zone = "ietf.org";
              record = "@";
              type = "SOA";
            }
            {
              zone = "verisigninc.com";
              record = "@";
              type = "SOA";
            }
          ];
        }
      '';
    };

    listenAddress = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
      default = null;
      description = ''
        Listen address as host IP and port definition.
      '';
      example = ":9204";
    };

    resolvers = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = [ ];
      description = ''
        DNSSEC capable resolver to be used for the check.
      '';
      example = [ "0.0.0.0:53" ];
    };

    timeout = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
      default = null;
      description = ''
        DNS request timeout duration.
      '';
      example = "10s";
    };

    extraFlags = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = [ ];
      description = ''
        Extra commandline options when launching Prometheus.
      '';
    };
  };

  serviceOpts = {
    serviceConfig = let
      startScript = pkgs.writeShellScriptBin "prometheus-dnssec-exporter-start"
        "${lib.concatStringsSep " "
        ([ "${pkgs.prometheus-dnssec-exporter}/bin/prometheus-dnssec-exporter" ]
          ++ lib.optionals (cfg.configuration != null)
          [ "-config ${configFile}" ]
          ++ lib.optionals (cfg.listenAddress != null)
          [ "-listen-address ${lib.escapeShellArg cfg.listenAddress}" ]
          ++ lib.optionals (cfg.resolvers != [ ]) [
            "-resolvers ${
              lib.escapeShellArg (lib.concatStringsSep "," cfg.resolvers)
            }"
          ] ++ lib.optionals (cfg.timeout != null)
          [ "-timeout ${lib.escapeShellArg cfg.timeout}" ] ++ cfg.extraFlags)}";
    in { ExecStart = lib.getExe startScript; };
  };
}
nixos/prometheus.exporters.dnssec: init module 2024-04-07 17:21:16 +02:00			`{ config, lib, pkgs, ... }:`
			`let`
			`cfg = config.services.prometheus.exporters.dnssec;`
			`configFormat = pkgs.formats.toml { };`
			`configFile = configFormat.generate "dnssec-checks.toml" cfg.configuration;`
			`in {`
			`port = 9204;`
			`extraOpts = {`
			`configuration = lib.mkOption {`
			`type = lib.types.nullOr lib.types.attrs;`
			`default = null;`
			`description = ''`
			`dnssec exporter configuration as nix attribute set.`

			`See <https://github.com/chrj/prometheus-dnssec-exporter/blob/master/README.md>`
			`for the description of the configuration file format.`
			`'';`
			`example = lib.literalExpression ''`
			`{`
			`records = [`
			`{`
			`zone = "ietf.org";`
			`record = "@";`
			`type = "SOA";`
			`}`
			`{`
			`zone = "verisigninc.com";`
			`record = "@";`
			`type = "SOA";`
			`}`
			`];`
			`}`
			`'';`
			`};`

			`listenAddress = lib.mkOption {`
			`type = lib.types.nullOr lib.types.str;`
			`default = null;`
			`description = ''`
			`Listen address as host IP and port definition.`
			`'';`
			`example = ":9204";`
			`};`

			`resolvers = lib.mkOption {`
			`type = lib.types.listOf lib.types.str;`
			`default = [ ];`
			`description = ''`
			`DNSSEC capable resolver to be used for the check.`
			`'';`
			`example = [ "0.0.0.0:53" ];`
			`};`

			`timeout = lib.mkOption {`
			`type = lib.types.nullOr lib.types.str;`
			`default = null;`
			`description = ''`
			`DNS request timeout duration.`
			`'';`
			`example = "10s";`
			`};`

			`extraFlags = lib.mkOption {`
			`type = lib.types.listOf lib.types.str;`
			`default = [ ];`
			`description = ''`
			`Extra commandline options when launching Prometheus.`
			`'';`
			`};`
			`};`

			`serviceOpts = {`
			`serviceConfig = let`
			`startScript = pkgs.writeShellScriptBin "prometheus-dnssec-exporter-start"`
			`"${lib.concatStringsSep " "`
			`([ "${pkgs.prometheus-dnssec-exporter}/bin/prometheus-dnssec-exporter" ]`
			`++ lib.optionals (cfg.configuration != null)`
			`[ "-config ${configFile}" ]`
			`++ lib.optionals (cfg.listenAddress != null)`
			`[ "-listen-address ${lib.escapeShellArg cfg.listenAddress}" ]`
			`++ lib.optionals (cfg.resolvers != [ ]) [`
			`"-resolvers ${`
			`lib.escapeShellArg (lib.concatStringsSep "," cfg.resolvers)`
			`}"`
			`] ++ lib.optionals (cfg.timeout != null)`
			`[ "-timeout ${lib.escapeShellArg cfg.timeout}" ] ++ cfg.extraFlags)}";`
			`in { ExecStart = lib.getExe startScript; };`
			`};`
			`}`