nixos/prometheus-wireguard-exporter: add support for new flags

2025-06-30 20:34:59 +02:00 · 2025-06-30 20:34:59 +02:00 · ab2dc5c3f9
commit ab2dc5c3f9
parent 3a1f517d25
1 changed files with 25 additions and 3 deletions
--- a/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix
@ -15,16 +15,18 @@ let
    mkEnableOption
    optionalString
    escapeShellArg
+    concatStringsSep
+    concatMapStringsSep
    ;
 in
 {
  port = 9586;
  imports = [
    (mkRenamedOptionModule [ "addr" ] [ "listenAddress" ])
-    ({
+    {
      options.warnings = options.warnings;
      options.assertions = options.assertions;
-    })
+    }
  ];
  extraOpts = {
    verbose = mkEnableOption "verbose logging mode for prometheus-wireguard-exporter";
@ -44,6 +46,15 @@ in
      '';
    };

+    interfaces = mkOption {
+      type = types.listOf types.str;
+      default = [ ];
+      description = ''
+        Specifies the interface(s) passed to the wg show <interface> dump parameter.
+        By default all interfaces are used.
+      '';
+    };
+
    singleSubnetPerField = mkOption {
      type = types.bool;
      default = false;
@ -70,6 +81,14 @@ in
        Adds the `wireguard_latest_handshake_delay_seconds` metric that automatically calculates the seconds passed since the last handshake.
      '';
    };
+
+    prependSudo = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether or no to prepend sudo to wg commands.
+      '';
+    };
  };
  serviceOpts = {
    path = [ pkgs.wireguard-tools ];
@ -85,7 +104,10 @@ in
          ${optionalString cfg.singleSubnetPerField "-s true"} \
          ${optionalString cfg.withRemoteIp "-r true"} \
          ${optionalString cfg.latestHandshakeDelay "-d true"} \
-          ${optionalString (cfg.wireguardConfig != null) "-n ${escapeShellArg cfg.wireguardConfig}"}
+          ${optionalString cfg.prependSudo "-a true"} \
+          ${optionalString (cfg.wireguardConfig != null) "-n ${escapeShellArg cfg.wireguardConfig}"} \
+          ${concatMapStringsSep " " (i: "-i ${i}") cfg.interfaces} \
+          ${concatStringsSep " " cfg.extraFlags}
      '';
      RestrictAddressFamilies = [
        # Need AF_NETLINK to collect data