From 46c14614a98d6ed212f4c17307561a54fb8c3f8c Mon Sep 17 00:00:00 2001 From: arcnmx Date: Sun, 30 Jun 2024 10:44:12 -0700 Subject: [PATCH] chore(ci): flake update --- flake.lock | 24 ++++++++--------- .../nixos/monitoring/source/prometheus.nix | 26 ++++++++++--------- 2 files changed, 26 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 0e903b60..1c47c14f 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1719588253, - "narHash": "sha256-A03i8xiVgP14DCmV5P7VUv37eodCjY4e1iai0b2EuuM=", + "lastModified": 1719677234, + "narHash": "sha256-qO9WZsj/0E6zcK4Ht1y/iJ8XfwbBzq7xdqhBh44OP/M=", "owner": "nix-community", "repo": "home-manager", - "rev": "7e68e55d2e16d3a1e92a679430728c35a30fd24e", + "rev": "36317d4d38887f7629876b0e43c8d9593c5cc48d", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719254875, - "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", + "lastModified": 1719506693, + "narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", + "rev": "b2852eb9365c6de48ffb0dc2c9562591f652242a", "type": "github" }, "original": { @@ -206,11 +206,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1719099622, - "narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=", + "lastModified": 1719663039, + "narHash": "sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e8e3b89adbd0be63192f6e645e0a54080004924", + "rev": "4a1e673523344f6ccc84b37f4413ad74ea19a119", "type": "github" }, "original": { @@ -267,11 +267,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1719268571, - "narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=", + "lastModified": 1719716556, + "narHash": "sha256-KA9gy2Wkv76s4A8eLnOcdKVTygewbw3xsB8+awNMyqs=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3", + "rev": "b5974d4331fb6c893e808977a2e1a6d34b3162d6", "type": "github" }, "original": { diff --git a/modules/nixos/monitoring/source/prometheus.nix b/modules/nixos/monitoring/source/prometheus.nix index 0dfef166..560bc6f5 100644 --- a/modules/nixos/monitoring/source/prometheus.nix +++ b/modules/nixos/monitoring/source/prometheus.nix @@ -4,12 +4,8 @@ ... }: let inherit (lib.modules) mkIf mkMerge; - inherit (lib.attrsets) attrValues; - inherit (lib.lists) concatMap toList elem; - allExporters = let - exporters = removeAttrs config.services.prometheus.exporters ["unifi-poller"]; - in - concatMap toList (attrValues exporters); + inherit (lib.attrsets) mapAttrsToList; + inherit (lib.lists) any toList elem; in { config = { services.prometheus.exporters = { @@ -70,11 +66,17 @@ in { ]; }; }; - networking.firewall.interfaces.lan.allowedTCPPorts = - map ( - exporter: - mkIf (exporter.enable && !exporter.openFirewall) exporter.port - ) - allExporters; + networking.firewall.interfaces.lan.allowedTCPPorts = let + # blacklist broken/deprecated exporters + allExporters = removeAttrs config.services.prometheus.exporters ["unifi-poller" "minio"]; + enablePort = fallback: exporter: exporter.enable or fallback && !exporter.openFirewall or (!fallback); + mkExporterPorts = name: exporters': let + exporters = toList exporters'; + allowedTCPPorts = map mkExporterPort exporters; + res = builtins.tryEval (any (enablePort true) exporters); + cond = lib.warnIf (!res.success) "broken prometheus exporter: ${name}" res.value; + in mkIf cond allowedTCPPorts; + mkExporterPort = exporter: mkIf (enablePort false exporter) exporter.port; + in mkMerge (mapAttrsToList mkExporterPorts allExporters); }; }