prometheus-wireguard-exporter: init at 2.0.1

This is a simple exporter which exports the information provided by `wg show all dump` to prometheus. Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de>
2019-06-02 03:13:53 +02:00 · 2019-06-02 03:13:53 +02:00 · bf09e6a14e
commit bf09e6a14e
parent b7d1bd8efb
5 changed files with 95 additions and 0 deletions
--- a/nixos/modules/services/monitoring/prometheus/exporters.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters.nix
@ -34,6 +34,7 @@ let
    unifi     = import ./exporters/unifi.nix     { inherit config lib pkgs; };
    varnish   = import ./exporters/varnish.nix   { inherit config lib pkgs; };
    bind      = import ./exporters/bind.nix      { inherit config lib pkgs; };
+    wireguard = import ./exporters/wireguard.nix { inherit config lib pkgs; };
  };

  mkExporterOpts = ({ name, port }: {
--- a/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix
@ -0,0 +1,42 @@
+{ config, lib, pkgs }:
+
+with lib;
+
+let
+  cfg = config.services.prometheus.exporters.wireguard;
+in {
+  port = 9586;
+  extraOpts = {
+    verbose = mkEnableOption "Verbose logging mode for prometheus-wireguard-exporter";
+
+    wireguardConfig = mkOption {
+      type = with types; nullOr (either path str);
+      default = null;
+
+      description = ''
+        Path to the Wireguard Config to
+        <link xlink:href="https://github.com/MindFlavor/prometheus_wireguard_exporter/tree/2.0.0#usage">add the peer's name to the stats of a peer</link>.
+
+        Please note that <literal>networking.wg-quick</literal> is required for this feature
+        as <literal>networking.wireguard</literal> uses
+        <citerefentry><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+        to set the peers up.
+      '';
+    };
+  };
+  serviceOpts = {
+    script = ''
+      ${pkgs.prometheus-wireguard-exporter}/bin/prometheus_wireguard_exporter \
+        -p ${toString cfg.port} \
+        ${optionalString cfg.verbose "-v"} \
+        ${optionalString (cfg.wireguardConfig != null) "-n ${cfg.wireguardConfig}"}
+    '';
+
+    path = [ pkgs.wireguard-tools ];
+
+    serviceConfig = {
+      DynamicUser = true;
+      AmbientCapabilities = [ "CAP_NET_ADMIN" ];
+    };
+  };
+}
--- a/nixos/tests/prometheus-exporters.nix
+++ b/nixos/tests/prometheus-exporters.nix
@ -315,6 +315,29 @@ let
        succeed("curl -sSf http://localhost:9131/metrics | grep -q 'varnish_up 1'");
      '';
    };
+
+    wireguard = let snakeoil = import ./wireguard/snakeoil-keys.nix; in {
+      exporterConfig.enable = true;
+      metricProvider = {
+        networking.wireguard.interfaces.wg0 = {
+          ips = [ "10.23.42.1/32" "fc00::1/128" ];
+          listenPort = 23542;
+
+          inherit (snakeoil.peer0) privateKey;
+
+          peers = singleton {
+            allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ];
+
+            inherit (snakeoil.peer1) publicKey;
+          };
+        };
+      };
+      exporterTest = ''
+        waitForUnit("prometheus-wireguard-exporter.service");
+        waitForOpenPort(9586);
+        succeed("curl -sSf http://localhost:9586/metrics | grep '${snakeoil.peer1.publicKey}'");
+      '';
+    };
  };
 in
 mapAttrs (exporter: testConfig: (makeTest {
--- a/pkgs/servers/monitoring/prometheus/wireguard-exporter.nix
+++ b/pkgs/servers/monitoring/prometheus/wireguard-exporter.nix
@ -0,0 +1,26 @@
+{ stdenv, rustPlatform, fetchFromGitHub, lib, Security }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "wireguard-exporter";
+  version = "2.0.1";
+
+  src = fetchFromGitHub {
+    owner = "MindFlavor";
+    repo = "prometheus_wireguard_exporter";
+    rev = version;
+    sha256 = "11yrry8fzalcigqsx1wx371w543gdcsx48fd7dacbrsfl2dk2azp";
+  };
+
+  cargoSha256 = "1wnk39p144zjsdhnyjk6y41xs448bxnbbxkqk53r6i2f2wzrsk2m";
+
+  buildInputs = lib.optional stdenv.isDarwin Security;
+
+  doCheck = false;
+
+  meta = with lib; {
+    description = "A Prometheus exporter for WireGuard, written in Rust.";
+    license = licenses.mit;
+    homepage = https://github.com/MindFlavor/prometheus_wireguard_exporter;
+    maintainers = with maintainers; [ ma27 ];
+  };
+}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -14580,6 +14580,9 @@ in
  prometheus-unifi-exporter = callPackage ../servers/monitoring/prometheus/unifi-exporter { };
  prometheus-varnish-exporter = callPackage ../servers/monitoring/prometheus/varnish-exporter.nix { };
  prometheus-jmx-httpserver = callPackage ../servers/monitoring/prometheus/jmx-httpserver.nix {  };
+  prometheus-wireguard-exporter = callPackage ../servers/monitoring/prometheus/wireguard-exporter.nix {
+    inherit (darwin.apple_sdk.frameworks) Security;
+  };

  prometheus-cpp = callPackage ../development/libraries/prometheus-cpp { };