pyrox.dev
prometheus-node-cert-exporter: init at 1.1.7-unstable-2024-12-26
+2
nixos/doc/manual/release-notes/rl-2505.section.md
+2
nixos/doc/manual/release-notes/rl-2505.section.md
···
69
70
- [nostr-rs-relay](https://git.sr.ht/~gheartsfield/nostr-rs-relay/), This is a nostr relay, written in Rust. Available as [services.nostr-rs-relay](options.html#opt-services.nostr-rs-relay.enable).
71
72
- [Actual Budget](https://actualbudget.org/), a local-first personal finance app. Available as [services.actual](#opt-services.actual.enable).
73
74
- [mqtt-exporter](https://github.com/kpetremann/mqtt-exporter/), a Prometheus exporter for exposing messages from MQTT. Available as [services.prometheus.exporters.mqtt](#opt-services.prometheus.exporters.mqtt.enable).
···
69
70
- [nostr-rs-relay](https://git.sr.ht/~gheartsfield/nostr-rs-relay/), This is a nostr relay, written in Rust. Available as [services.nostr-rs-relay](options.html#opt-services.nostr-rs-relay.enable).
71
72
+
- [Prometheus Node Cert Exporter](https://github.com/amimof/node-cert-exporter), a prometheus exporter to check for SSL cert expiry. Available under [services.prometheus.exporters.node-cert](#opt-services.prometheus.exporters.node-cert.enable).
73
+
74
- [Actual Budget](https://actualbudget.org/), a local-first personal finance app. Available as [services.actual](#opt-services.actual.enable).
75
76
- [mqtt-exporter](https://github.com/kpetremann/mqtt-exporter/), a Prometheus exporter for exposing messages from MQTT. Available as [services.prometheus.exporters.mqtt](#opt-services.prometheus.exporters.mqtt.enable).
+1
nixos/modules/services/monitoring/prometheus/exporters.nix
+1
nixos/modules/services/monitoring/prometheus/exporters.nix
+70
nixos/modules/services/monitoring/prometheus/exporters/node-cert.nix
+70
nixos/modules/services/monitoring/prometheus/exporters/node-cert.nix
···
···
1
+
{
2
+
config,
3
+
lib,
4
+
pkgs,
5
+
...
6
+
}:
7
+
8
+
let
9
+
cfg = config.services.prometheus.exporters.node-cert;
10
+
inherit (lib) mkOption types concatStringsSep;
11
+
in
12
+
{
13
+
port = 9141;
14
+
15
+
extraOpts = {
16
+
paths = mkOption {
17
+
type = types.listOf types.str;
18
+
description = ''
19
+
List of paths to search for SSL certificates.
20
+
'';
21
+
};
22
+
23
+
excludePaths = mkOption {
24
+
type = types.listOf types.str;
25
+
description = ''
26
+
List of paths to exclute from searching for SSL certificates.
27
+
'';
28
+
default = [ ];
29
+
};
30
+
31
+
includeGlobs = mkOption {
32
+
type = types.listOf types.str;
33
+
description = ''
34
+
List files matching a pattern to include. Uses Go blob pattern.
35
+
'';
36
+
default = [ ];
37
+
};
38
+
39
+
excludeGlobs = mkOption {
40
+
type = types.listOf types.str;
41
+
description = ''
42
+
List files matching a pattern to include. Uses Go blob pattern.
43
+
'';
44
+
default = [ ];
45
+
};
46
+
47
+
user = mkOption {
48
+
type = types.str;
49
+
description = ''
50
+
User owning the certs.
51
+
'';
52
+
default = "acme";
53
+
};
54
+
};
55
+
56
+
serviceOpts = {
57
+
serviceConfig = {
58
+
User = cfg.user;
59
+
ExecStart = ''
60
+
${lib.getExe pkgs.prometheus-node-cert-exporter} \
61
+
--listen ${toString cfg.listenAddress}:${toString cfg.port} \
62
+
--path ${concatStringsSep "," cfg.paths} \
63
+
--exclude-path "${concatStringsSep "," cfg.excludePaths}" \
64
+
--include-glob "${concatStringsSep "," cfg.includeGlobs}" \
65
+
--exclude-glob "${concatStringsSep "," cfg.excludeGlobs}" \
66
+
${concatStringsSep " \\\n " cfg.extraFlags}
67
+
'';
68
+
};
69
+
};
70
+
}
+43
nixos/tests/prometheus-exporters.nix
+43
nixos/tests/prometheus-exporters.nix
···
1002
'';
1003
};
1004
1005
+
node-cert = {
1006
+
nodeName = "node_cert";
1007
+
exporterConfig = {
1008
+
enable = true;
1009
+
paths = ["/run/certs"];
1010
+
};
1011
+
exporterTest = ''
1012
+
wait_for_unit("prometheus-node-cert-exporter.service")
1013
+
wait_for_open_port(9141)
1014
+
wait_until_succeeds(
1015
+
"curl -sSf http://localhost:9141/metrics | grep 'ssl_certificate_expiry_seconds{.\\+path=\"/run/certs/node-cert\\.cert\".\\+}'"
1016
+
)
1017
+
'';
1018
+
1019
+
metricProvider = {
1020
+
system.activationScripts.cert.text = ''
1021
+
mkdir -p /run/certs
1022
+
cd /run/certs
1023
+
1024
+
cat >ca.template <<EOF
1025
+
organization = "prometheus-node-cert-exporter"
1026
+
cn = "prometheus-node-cert-exporter"
1027
+
expiration_days = 365
1028
+
ca
1029
+
cert_signing_key
1030
+
crl_signing_key
1031
+
EOF
1032
+
1033
+
${pkgs.gnutls}/bin/certtool \
1034
+
--generate-privkey \
1035
+
--key-type rsa \
1036
+
--sec-param High \
1037
+
--outfile node-cert.key
1038
+
1039
+
${pkgs.gnutls}/bin/certtool \
1040
+
--generate-self-signed \
1041
+
--load-privkey node-cert.key \
1042
+
--template ca.template \
1043
+
--outfile node-cert.cert
1044
+
'';
1045
+
};
1046
+
};
1047
+
1048
pgbouncer = {
1049
exporterConfig = {
1050
enable = true;
+33
pkgs/by-name/pr/prometheus-node-cert-exporter/gomod.patch
+33
pkgs/by-name/pr/prometheus-node-cert-exporter/gomod.patch
···
···
1
+
diff --git a/go.mod b/go.mod
2
+
index 982eef4..bdb53ee 100644
3
+
--- a/go.mod
4
+
+++ b/go.mod
5
+
@@ -7,4 +7,15 @@ require (
6
+
github.com/spf13/pflag v1.0.3
7
+
)
8
+
9
+
-go 1.16
10
+
+require (
11
+
+ github.com/beorn7/perks v1.0.1 // indirect
12
+
+ github.com/cespare/xxhash/v2 v2.1.1 // indirect
13
+
+ github.com/golang/protobuf v1.4.3 // indirect
14
+
+ github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
15
+
+ github.com/prometheus/client_model v0.2.0 // indirect
16
+
+ github.com/prometheus/procfs v0.6.0 // indirect
17
+
+ golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40 // indirect
18
+
+ google.golang.org/protobuf v1.26.0-rc.1 // indirect
19
+
+)
20
+
+
21
+
+go 1.18
22
+
diff --git a/go.sum b/go.sum
23
+
index 8bebbb3..75f756a 100644
24
+
--- a/go.sum
25
+
+++ b/go.sum
26
+
@@ -39,7 +39,6 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
27
+
github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
28
+
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
29
+
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
30
+
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
31
+
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
32
+
github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
33
+
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+33
pkgs/by-name/pr/prometheus-node-cert-exporter/package.nix
+33
pkgs/by-name/pr/prometheus-node-cert-exporter/package.nix
···
···
1
+
{
2
+
lib,
3
+
buildGo122Module,
4
+
fetchFromGitHub,
5
+
nixosTests,
6
+
}:
7
+
8
+
buildGo122Module {
9
+
pname = "node-cert-exporter";
10
+
version = "1.1.7-unstable-2024-12-26";
11
+
12
+
src = fetchFromGitHub {
13
+
owner = "amimof";
14
+
repo = "node-cert-exporter";
15
+
rev = "v1.1.7";
16
+
sha256 = "sha256-VYJPgNVsfEs/zh/SEdOrFn0FK6S+hNFGDhonj2syutQ=";
17
+
};
18
+
19
+
vendorHash = "sha256-31MHX3YntogvoJmbOytl0rXS6qtdBSBJe8ejKyu6gqM=";
20
+
21
+
# Required otherwise we get a few:
22
+
# vendor/github.com/golang/glog/internal/logsink/logsink.go:129:41:
23
+
# predeclared any requires go1.18 or later (-lang was set to go1.16; check go.mod)
24
+
patches = [ ./gomod.patch ];
25
+
26
+
meta = with lib; {
27
+
description = "Prometheus exporter for SSL certificate";
28
+
mainProgram = "node-cert-exporter";
29
+
homepage = "https://github.com/amimof/node-cert-exporter";
30
+
license = licenses.asl20;
31
+
maintainers = with maintainers; [ ibizaman ];
32
+
};
33
+
}