You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

thanos.nix 27KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835
  1. { config, lib, pkgs, ... }:
  2. with lib;
  3. let
  4. cfg = config.services.thanos;
  5. nullOpt = type: description: mkOption {
  6. type = types.nullOr type;
  7. default = null;
  8. inherit description;
  9. };
  10. optionToArgs = opt: v : optional (v != null) ''--${opt}="${toString v}"'';
  11. flagToArgs = opt: v : optional v ''--${opt}'';
  12. listToArgs = opt: vs : map (v: ''--${opt}="${v}"'') vs;
  13. attrsToArgs = opt: kvs: mapAttrsToList (k: v: ''--${opt}=${k}=\"${v}\"'') kvs;
  14. mkParamDef = type: default: description: mkParam type (description + ''
  15. Defaults to <literal>${toString default}</literal> in Thanos
  16. when set to <literal>null</literal>.
  17. '');
  18. mkParam = type: description: {
  19. toArgs = optionToArgs;
  20. option = nullOpt type description;
  21. };
  22. mkFlagParam = description: {
  23. toArgs = flagToArgs;
  24. option = mkOption {
  25. type = types.bool;
  26. default = false;
  27. inherit description;
  28. };
  29. };
  30. mkListParam = opt: description: {
  31. toArgs = _opt: listToArgs opt;
  32. option = mkOption {
  33. type = types.listOf types.str;
  34. default = [];
  35. inherit description;
  36. };
  37. };
  38. mkAttrsParam = opt: description: {
  39. toArgs = _opt: attrsToArgs opt;
  40. option = mkOption {
  41. type = types.attrsOf types.str;
  42. default = {};
  43. inherit description;
  44. };
  45. };
  46. mkStateDirParam = opt: default: description: {
  47. toArgs = _opt: stateDir: optionToArgs opt "/var/lib/${stateDir}";
  48. option = mkOption {
  49. type = types.str;
  50. inherit default;
  51. inherit description;
  52. };
  53. };
  54. toYAML = name: attrs: pkgs.runCommandNoCC name {
  55. preferLocalBuild = true;
  56. json = builtins.toFile "${name}.json" (builtins.toJSON attrs);
  57. nativeBuildInputs = [ pkgs.remarshal ];
  58. } ''json2yaml -i $json -o $out'';
  59. thanos = cmd: "${cfg.package}/bin/thanos ${cmd}" +
  60. (let args = cfg.${cmd}.arguments;
  61. in optionalString (length args != 0) (" \\\n " +
  62. concatStringsSep " \\\n " args));
  63. argumentsOf = cmd: concatLists (collect isList
  64. (flip mapParamsRecursive params.${cmd} (path: param:
  65. let opt = concatStringsSep "." path;
  66. v = getAttrFromPath path cfg.${cmd};
  67. in param.toArgs opt v)));
  68. mkArgumentsOption = cmd: mkOption {
  69. type = types.listOf types.str;
  70. default = argumentsOf cmd;
  71. description = ''
  72. Arguments to the <literal>thanos ${cmd}</literal> command.
  73. Defaults to a list of arguments formed by converting the structured
  74. options of <option>services.thanos.${cmd}</option> to a list of arguments.
  75. Overriding this option will cause none of the structured options to have
  76. any effect. So only set this if you know what you're doing!
  77. '';
  78. };
  79. mapParamsRecursive =
  80. let noParam = attr: !(attr ? toArgs && attr ? option);
  81. in mapAttrsRecursiveCond noParam;
  82. paramsToOptions = mapParamsRecursive (_path: param: param.option);
  83. params = {
  84. log = {
  85. log.level = mkParamDef (types.enum ["debug" "info" "warn" "error" "fatal"]) "info" ''
  86. Log filtering level.
  87. '';
  88. log.format = mkParam types.str ''
  89. Log format to use.
  90. '';
  91. };
  92. tracing = cfg: {
  93. tracing.config-file = {
  94. toArgs = _opt: path: optionToArgs "tracing.config-file" path;
  95. option = mkOption {
  96. type = with types; nullOr str;
  97. default = if cfg.tracing.config == null then null
  98. else toString (toYAML "tracing.yaml" cfg.tracing.config);
  99. defaultText = ''
  100. if config.services.thanos.<cmd>.tracing.config == null then null
  101. else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config);
  102. '';
  103. description = ''
  104. Path to YAML file that contains tracing configuration.
  105. See format details: <link xlink:href="https://thanos.io/tracing.md/#configuration"/>
  106. '';
  107. };
  108. };
  109. tracing.config =
  110. {
  111. toArgs = _opt: _attrs: [];
  112. option = nullOpt types.attrs ''
  113. Tracing configuration.
  114. When not <literal>null</literal> the attribute set gets converted to
  115. a YAML file and stored in the Nix store. The option
  116. <option>tracing.config-file</option> will default to its path.
  117. If <option>tracing.config-file</option> is set this option has no effect.
  118. See format details: <link xlink:href="https://thanos.io/tracing.md/#configuration"/>
  119. '';
  120. };
  121. };
  122. common = cfg: params.log // params.tracing cfg // {
  123. http-address = mkParamDef types.str "0.0.0.0:10902" ''
  124. Listen <literal>host:port</literal> for HTTP endpoints.
  125. '';
  126. grpc-address = mkParamDef types.str "0.0.0.0:10901" ''
  127. Listen <literal>ip:port</literal> address for gRPC endpoints (StoreAPI).
  128. Make sure this address is routable from other components.
  129. '';
  130. grpc-server-tls-cert = mkParam types.str ''
  131. TLS Certificate for gRPC server, leave blank to disable TLS
  132. '';
  133. grpc-server-tls-key = mkParam types.str ''
  134. TLS Key for the gRPC server, leave blank to disable TLS
  135. '';
  136. grpc-server-tls-client-ca = mkParam types.str ''
  137. TLS CA to verify clients against.
  138. If no client CA is specified, there is no client verification on server side.
  139. (tls.NoClientCert)
  140. '';
  141. };
  142. objstore = cfg: {
  143. objstore.config-file = {
  144. toArgs = _opt: path: optionToArgs "objstore.config-file" path;
  145. option = mkOption {
  146. type = with types; nullOr str;
  147. default = if cfg.objstore.config == null then null
  148. else toString (toYAML "objstore.yaml" cfg.objstore.config);
  149. defaultText = ''
  150. if config.services.thanos.<cmd>.objstore.config == null then null
  151. else toString (toYAML "objstore.yaml" config.services.thanos.<cmd>.objstore.config);
  152. '';
  153. description = ''
  154. Path to YAML file that contains object store configuration.
  155. See format details: <link xlink:href="https://thanos.io/storage.md/#configuration"/>
  156. '';
  157. };
  158. };
  159. objstore.config =
  160. {
  161. toArgs = _opt: _attrs: [];
  162. option = nullOpt types.attrs ''
  163. Object store configuration.
  164. When not <literal>null</literal> the attribute set gets converted to
  165. a YAML file and stored in the Nix store. The option
  166. <option>objstore.config-file</option> will default to its path.
  167. If <option>objstore.config-file</option> is set this option has no effect.
  168. See format details: <link xlink:href="https://thanos.io/storage.md/#configuration"/>
  169. '';
  170. };
  171. };
  172. sidecar = params.common cfg.sidecar // params.objstore cfg.sidecar // {
  173. prometheus.url = mkParamDef types.str "http://localhost:9090" ''
  174. URL at which to reach Prometheus's API.
  175. For better performance use local network.
  176. '';
  177. tsdb.path = {
  178. toArgs = optionToArgs;
  179. option = mkOption {
  180. type = types.str;
  181. default = "/var/lib/${config.services.prometheus.stateDir}/data";
  182. defaultText = "/var/lib/\${config.services.prometheus.stateDir}/data";
  183. description = ''
  184. Data directory of TSDB.
  185. '';
  186. };
  187. };
  188. reloader.config-file = mkParam types.str ''
  189. Config file watched by the reloader.
  190. '';
  191. reloader.config-envsubst-file = mkParam types.str ''
  192. Output file for environment variable substituted config file.
  193. '';
  194. reloader.rule-dirs = mkListParam "reloader.rule-dir" ''
  195. Rule directories for the reloader to refresh.
  196. '';
  197. };
  198. store = params.common cfg.store // params.objstore cfg.store // {
  199. stateDir = mkStateDirParam "data-dir" "thanos-store" ''
  200. Data directory relative to <literal>/var/lib</literal>
  201. in which to cache remote blocks.
  202. '';
  203. index-cache-size = mkParamDef types.str "250MB" ''
  204. Maximum size of items held in the index cache.
  205. '';
  206. chunk-pool-size = mkParamDef types.str "2GB" ''
  207. Maximum size of concurrently allocatable bytes for chunks.
  208. '';
  209. store.grpc.series-sample-limit = mkParamDef types.int 0 ''
  210. Maximum amount of samples returned via a single Series call.
  211. <literal>0</literal> means no limit.
  212. NOTE: for efficiency we take 120 as the number of samples in chunk (it
  213. cannot be bigger than that), so the actual number of samples might be
  214. lower, even though the maximum could be hit.
  215. '';
  216. store.grpc.series-max-concurrency = mkParamDef types.int 20 ''
  217. Maximum number of concurrent Series calls.
  218. '';
  219. sync-block-duration = mkParamDef types.str "3m" ''
  220. Repeat interval for syncing the blocks between local and remote view.
  221. '';
  222. block-sync-concurrency = mkParamDef types.int 20 ''
  223. Number of goroutines to use when syncing blocks from object storage.
  224. '';
  225. min-time = mkParamDef types.str "0000-01-01T00:00:00Z" ''
  226. Start of time range limit to serve.
  227. Thanos Store serves only metrics, which happened later than this
  228. value. Option can be a constant time in RFC3339 format or time duration
  229. relative to current time, such as -1d or 2h45m. Valid duration units are
  230. ms, s, m, h, d, w, y.
  231. '';
  232. max-time = mkParamDef types.str "9999-12-31T23:59:59Z" ''
  233. End of time range limit to serve.
  234. Thanos Store serves only blocks, which happened eariler than this
  235. value. Option can be a constant time in RFC3339 format or time duration
  236. relative to current time, such as -1d or 2h45m. Valid duration units are
  237. ms, s, m, h, d, w, y.
  238. '';
  239. };
  240. query = params.common cfg.query // {
  241. grpc-client-tls-secure = mkFlagParam ''
  242. Use TLS when talking to the gRPC server
  243. '';
  244. grpc-client-tls-cert = mkParam types.str ''
  245. TLS Certificates to use to identify this client to the server
  246. '';
  247. grpc-client-tls-key = mkParam types.str ''
  248. TLS Key for the client's certificate
  249. '';
  250. grpc-client-tls-ca = mkParam types.str ''
  251. TLS CA Certificates to use to verify gRPC servers
  252. '';
  253. grpc-client-server-name = mkParam types.str ''
  254. Server name to verify the hostname on the returned gRPC certificates.
  255. See <link xlink:href="https://tools.ietf.org/html/rfc4366#section-3.1"/>
  256. '';
  257. web.route-prefix = mkParam types.str ''
  258. Prefix for API and UI endpoints.
  259. This allows thanos UI to be served on a sub-path. This option is
  260. analogous to <option>web.route-prefix</option> of Promethus.
  261. '';
  262. web.external-prefix = mkParam types.str ''
  263. Static prefix for all HTML links and redirect URLs in the UI query web
  264. interface.
  265. Actual endpoints are still served on / or the
  266. <option>web.route-prefix</option>. This allows thanos UI to be served
  267. behind a reverse proxy that strips a URL sub-path.
  268. '';
  269. web.prefix-header = mkParam types.str ''
  270. Name of HTTP request header used for dynamic prefixing of UI links and
  271. redirects.
  272. This option is ignored if the option
  273. <literal>web.external-prefix</literal> is set.
  274. Security risk: enable this option only if a reverse proxy in front of
  275. thanos is resetting the header.
  276. The setting <literal>web.prefix-header="X-Forwarded-Prefix"</literal>
  277. can be useful, for example, if Thanos UI is served via Traefik reverse
  278. proxy with <literal>PathPrefixStrip</literal> option enabled, which
  279. sends the stripped prefix value in <literal>X-Forwarded-Prefix</literal>
  280. header. This allows thanos UI to be served on a sub-path.
  281. '';
  282. query.timeout = mkParamDef types.str "2m" ''
  283. Maximum time to process query by query node.
  284. '';
  285. query.max-concurrent = mkParamDef types.int 20 ''
  286. Maximum number of queries processed concurrently by query node.
  287. '';
  288. query.replica-label = mkParam types.str ''
  289. Label to treat as a replica indicator along which data is
  290. deduplicated.
  291. Still you will be able to query without deduplication using
  292. <literal>dedup=false</literal> parameter.
  293. '';
  294. selector-labels = mkAttrsParam "selector-label" ''
  295. Query selector labels that will be exposed in info endpoint.
  296. '';
  297. store.addresses = mkListParam "store" ''
  298. Addresses of statically configured store API servers.
  299. The scheme may be prefixed with <literal>dns+</literal> or
  300. <literal>dnssrv+</literal> to detect store API servers through
  301. respective DNS lookups.
  302. '';
  303. store.sd-files = mkListParam "store.sd-files" ''
  304. Path to files that contain addresses of store API servers. The path
  305. can be a glob pattern.
  306. '';
  307. store.sd-interval = mkParamDef types.str "5m" ''
  308. Refresh interval to re-read file SD files. It is used as a resync fallback.
  309. '';
  310. store.sd-dns-interval = mkParamDef types.str "30s" ''
  311. Interval between DNS resolutions.
  312. '';
  313. store.unhealthy-timeout = mkParamDef types.str "5m" ''
  314. Timeout before an unhealthy store is cleaned from the store UI page.
  315. '';
  316. query.auto-downsampling = mkFlagParam ''
  317. Enable automatic adjustment (step / 5) to what source of data should
  318. be used in store gateways if no
  319. <literal>max_source_resolution</literal> param is specified.
  320. '';
  321. query.partial-response = mkFlagParam ''
  322. Enable partial response for queries if no
  323. <literal>partial_response</literal> param is specified.
  324. '';
  325. query.default-evaluation-interval = mkParamDef types.str "1m" ''
  326. Set default evaluation interval for sub queries.
  327. '';
  328. store.response-timeout = mkParamDef types.str "0ms" ''
  329. If a Store doesn't send any data in this specified duration then a
  330. Store will be ignored and partial data will be returned if it's
  331. enabled. <literal>0</literal> disables timeout.
  332. '';
  333. };
  334. rule = params.common cfg.rule // params.objstore cfg.rule // {
  335. labels = mkAttrsParam "label" ''
  336. Labels to be applied to all generated metrics.
  337. Similar to external labels for Prometheus,
  338. used to identify ruler and its blocks as unique source.
  339. '';
  340. stateDir = mkStateDirParam "data-dir" "thanos-rule" ''
  341. Data directory relative to <literal>/var/lib</literal>.
  342. '';
  343. rule-files = mkListParam "rule-file" ''
  344. Rule files that should be used by rule manager. Can be in glob format.
  345. '';
  346. eval-interval = mkParamDef types.str "30s" ''
  347. The default evaluation interval to use.
  348. '';
  349. tsdb.block-duration = mkParamDef types.str "2h" ''
  350. Block duration for TSDB block.
  351. '';
  352. tsdb.retention = mkParamDef types.str "48h" ''
  353. Block retention time on local disk.
  354. '';
  355. alertmanagers.urls = mkListParam "alertmanagers.url" ''
  356. Alertmanager replica URLs to push firing alerts.
  357. Ruler claims success if push to at least one alertmanager from
  358. discovered succeeds. The scheme may be prefixed with
  359. <literal>dns+</literal> or <literal>dnssrv+</literal> to detect
  360. Alertmanager IPs through respective DNS lookups. The port defaults to
  361. <literal>9093</literal> or the SRV record's value. The URL path is
  362. used as a prefix for the regular Alertmanager API path.
  363. '';
  364. alertmanagers.send-timeout = mkParamDef types.str "10s" ''
  365. Timeout for sending alerts to alertmanager.
  366. '';
  367. alert.query-url = mkParam types.str ''
  368. The external Thanos Query URL that would be set in all alerts 'Source' field.
  369. '';
  370. alert.label-drop = mkListParam "alert.label-drop" ''
  371. Labels by name to drop before sending to alertmanager.
  372. This allows alert to be deduplicated on replica label.
  373. Similar Prometheus alert relabelling
  374. '';
  375. web.route-prefix = mkParam types.str ''
  376. Prefix for API and UI endpoints.
  377. This allows thanos UI to be served on a sub-path.
  378. This option is analogous to <literal>--web.route-prefix</literal> of Promethus.
  379. '';
  380. web.external-prefix = mkParam types.str ''
  381. Static prefix for all HTML links and redirect URLs in the UI query web
  382. interface.
  383. Actual endpoints are still served on / or the
  384. <option>web.route-prefix</option>. This allows thanos UI to be served
  385. behind a reverse proxy that strips a URL sub-path.
  386. '';
  387. web.prefix-header = mkParam types.str ''
  388. Name of HTTP request header used for dynamic prefixing of UI links and
  389. redirects.
  390. This option is ignored if the option
  391. <option>web.external-prefix</option> is set.
  392. Security risk: enable this option only if a reverse proxy in front of
  393. thanos is resetting the header.
  394. The header <literal>X-Forwarded-Prefix</literal> can be useful, for
  395. example, if Thanos UI is served via Traefik reverse proxy with
  396. <literal>PathPrefixStrip</literal> option enabled, which sends the
  397. stripped prefix value in <literal>X-Forwarded-Prefix</literal>
  398. header. This allows thanos UI to be served on a sub-path.
  399. '';
  400. query.addresses = mkListParam "query" ''
  401. Addresses of statically configured query API servers.
  402. The scheme may be prefixed with <literal>dns+</literal> or
  403. <literal>dnssrv+</literal> to detect query API servers through
  404. respective DNS lookups.
  405. '';
  406. query.sd-files = mkListParam "query.sd-files" ''
  407. Path to file that contain addresses of query peers.
  408. The path can be a glob pattern.
  409. '';
  410. query.sd-interval = mkParamDef types.str "5m" ''
  411. Refresh interval to re-read file SD files. (used as a fallback)
  412. '';
  413. query.sd-dns-interval = mkParamDef types.str "30s" ''
  414. Interval between DNS resolutions.
  415. '';
  416. };
  417. compact = params.log // params.tracing cfg.compact // params.objstore cfg.compact // {
  418. http-address = mkParamDef types.str "0.0.0.0:10902" ''
  419. Listen <literal>host:port</literal> for HTTP endpoints.
  420. '';
  421. stateDir = mkStateDirParam "data-dir" "thanos-compact" ''
  422. Data directory relative to <literal>/var/lib</literal>
  423. in which to cache blocks and process compactions.
  424. '';
  425. consistency-delay = mkParamDef types.str "30m" ''
  426. Minimum age of fresh (non-compacted) blocks before they are being
  427. processed. Malformed blocks older than the maximum of consistency-delay
  428. and 30m0s will be removed.
  429. '';
  430. retention.resolution-raw = mkParamDef types.str "0d" ''
  431. How long to retain raw samples in bucket.
  432. <literal>0d</literal> - disables this retention
  433. '';
  434. retention.resolution-5m = mkParamDef types.str "0d" ''
  435. How long to retain samples of resolution 1 (5 minutes) in bucket.
  436. <literal>0d</literal> - disables this retention
  437. '';
  438. retention.resolution-1h = mkParamDef types.str "0d" ''
  439. How long to retain samples of resolution 2 (1 hour) in bucket.
  440. <literal>0d</literal> - disables this retention
  441. '';
  442. startAt = {
  443. toArgs = _opt: startAt: flagToArgs "wait" (startAt == null);
  444. option = nullOpt types.str ''
  445. When this option is set to a <literal>systemd.time</literal>
  446. specification the Thanos compactor will run at the specified period.
  447. When this option is <literal>null</literal> the Thanos compactor service
  448. will run continuously. So it will not exit after all compactions have
  449. been processed but wait for new work.
  450. '';
  451. };
  452. downsampling.disable = mkFlagParam ''
  453. Disables downsampling.
  454. This is not recommended as querying long time ranges without
  455. non-downsampled data is not efficient and useful e.g it is not possible
  456. to render all samples for a human eye anyway
  457. '';
  458. block-sync-concurrency = mkParamDef types.int 20 ''
  459. Number of goroutines to use when syncing block metadata from object storage.
  460. '';
  461. compact.concurrency = mkParamDef types.int 1 ''
  462. Number of goroutines to use when compacting groups.
  463. '';
  464. };
  465. downsample = params.log // params.tracing cfg.downsample // params.objstore cfg.downsample // {
  466. stateDir = mkStateDirParam "data-dir" "thanos-downsample" ''
  467. Data directory relative to <literal>/var/lib</literal>
  468. in which to cache blocks and process downsamplings.
  469. '';
  470. };
  471. receive = params.common cfg.receive // params.objstore cfg.receive // {
  472. remote-write.address = mkParamDef types.str "0.0.0.0:19291" ''
  473. Address to listen on for remote write requests.
  474. '';
  475. stateDir = mkStateDirParam "tsdb.path" "thanos-receive" ''
  476. Data directory relative to <literal>/var/lib</literal> of TSDB.
  477. '';
  478. labels = mkAttrsParam "labels" ''
  479. External labels to announce.
  480. This flag will be removed in the future when handling multiple tsdb
  481. instances is added.
  482. '';
  483. tsdb.retention = mkParamDef types.str "15d" ''
  484. How long to retain raw samples on local storage.
  485. <literal>0d</literal> - disables this retention
  486. '';
  487. };
  488. };
  489. assertRelativeStateDir = cmd: {
  490. assertions = [
  491. {
  492. assertion = !hasPrefix "/" cfg.${cmd}.stateDir;
  493. message =
  494. "The option services.thanos.${cmd}.stateDir should not be an absolute directory." +
  495. " It should be a directory relative to /var/lib.";
  496. }
  497. ];
  498. };
  499. in {
  500. options.services.thanos = {
  501. package = mkOption {
  502. type = types.package;
  503. default = pkgs.thanos;
  504. defaultText = "pkgs.thanos";
  505. description = ''
  506. The thanos package that should be used.
  507. '';
  508. };
  509. sidecar = paramsToOptions params.sidecar // {
  510. enable = mkEnableOption
  511. "the Thanos sidecar for Prometheus server";
  512. arguments = mkArgumentsOption "sidecar";
  513. };
  514. store = paramsToOptions params.store // {
  515. enable = mkEnableOption
  516. "the Thanos store node giving access to blocks in a bucket provider.";
  517. arguments = mkArgumentsOption "store";
  518. };
  519. query = paramsToOptions params.query // {
  520. enable = mkEnableOption
  521. ("the Thanos query node exposing PromQL enabled Query API " +
  522. "with data retrieved from multiple store nodes");
  523. arguments = mkArgumentsOption "query";
  524. };
  525. rule = paramsToOptions params.rule // {
  526. enable = mkEnableOption
  527. ("the Thanos ruler service which evaluates Prometheus rules against" +
  528. " given Query nodes, exposing Store API and storing old blocks in bucket");
  529. arguments = mkArgumentsOption "rule";
  530. };
  531. compact = paramsToOptions params.compact // {
  532. enable = mkEnableOption
  533. "the Thanos compactor which continuously compacts blocks in an object store bucket";
  534. arguments = mkArgumentsOption "compact";
  535. };
  536. downsample = paramsToOptions params.downsample // {
  537. enable = mkEnableOption
  538. "the Thanos downsampler which continuously downsamples blocks in an object store bucket";
  539. arguments = mkArgumentsOption "downsample";
  540. };
  541. receive = paramsToOptions params.receive // {
  542. enable = mkEnableOption
  543. ("the Thanos receiver which accept Prometheus remote write API requests " +
  544. "and write to local tsdb (EXPERIMENTAL, this may change drastically without notice)");
  545. arguments = mkArgumentsOption "receive";
  546. };
  547. };
  548. config = mkMerge [
  549. (mkIf cfg.sidecar.enable {
  550. assertions = [
  551. {
  552. assertion = config.services.prometheus.enable;
  553. message =
  554. "Please enable services.prometheus when enabling services.thanos.sidecar.";
  555. }
  556. {
  557. assertion = !(config.services.prometheus.globalConfig.external_labels == null ||
  558. config.services.prometheus.globalConfig.external_labels == {});
  559. message =
  560. "services.thanos.sidecar requires uniquely identifying external labels " +
  561. "to be configured in the Prometheus server. " +
  562. "Please set services.prometheus.globalConfig.external_labels.";
  563. }
  564. ];
  565. systemd.services.thanos-sidecar = {
  566. wantedBy = [ "multi-user.target" ];
  567. after = [ "network.target" "prometheus.service" ];
  568. serviceConfig = {
  569. User = "prometheus";
  570. Restart = "always";
  571. ExecStart = thanos "sidecar";
  572. };
  573. };
  574. })
  575. (mkIf cfg.store.enable (mkMerge [
  576. (assertRelativeStateDir "store")
  577. {
  578. systemd.services.thanos-store = {
  579. wantedBy = [ "multi-user.target" ];
  580. after = [ "network.target" ];
  581. serviceConfig = {
  582. DynamicUser = true;
  583. StateDirectory = cfg.store.stateDir;
  584. Restart = "always";
  585. ExecStart = thanos "store";
  586. };
  587. };
  588. }
  589. ]))
  590. (mkIf cfg.query.enable {
  591. systemd.services.thanos-query = {
  592. wantedBy = [ "multi-user.target" ];
  593. after = [ "network.target" ];
  594. serviceConfig = {
  595. DynamicUser = true;
  596. Restart = "always";
  597. ExecStart = thanos "query";
  598. };
  599. };
  600. })
  601. (mkIf cfg.rule.enable (mkMerge [
  602. (assertRelativeStateDir "rule")
  603. {
  604. systemd.services.thanos-rule = {
  605. wantedBy = [ "multi-user.target" ];
  606. after = [ "network.target" ];
  607. serviceConfig = {
  608. DynamicUser = true;
  609. StateDirectory = cfg.rule.stateDir;
  610. Restart = "always";
  611. ExecStart = thanos "rule";
  612. };
  613. };
  614. }
  615. ]))
  616. (mkIf cfg.compact.enable (mkMerge [
  617. (assertRelativeStateDir "compact")
  618. {
  619. systemd.services.thanos-compact =
  620. let wait = cfg.compact.startAt == null; in {
  621. wantedBy = [ "multi-user.target" ];
  622. after = [ "network.target" ];
  623. serviceConfig = {
  624. Type = if wait then "simple" else "oneshot";
  625. Restart = if wait then "always" else "no";
  626. DynamicUser = true;
  627. StateDirectory = cfg.compact.stateDir;
  628. ExecStart = thanos "compact";
  629. };
  630. } // optionalAttrs (!wait) { inherit (cfg.compact) startAt; };
  631. }
  632. ]))
  633. (mkIf cfg.downsample.enable (mkMerge [
  634. (assertRelativeStateDir "downsample")
  635. {
  636. systemd.services.thanos-downsample = {
  637. wantedBy = [ "multi-user.target" ];
  638. after = [ "network.target" ];
  639. serviceConfig = {
  640. DynamicUser = true;
  641. StateDirectory = cfg.downsample.stateDir;
  642. Restart = "always";
  643. ExecStart = thanos "downsample";
  644. };
  645. };
  646. }
  647. ]))
  648. (mkIf cfg.receive.enable (mkMerge [
  649. (assertRelativeStateDir "receive")
  650. {
  651. systemd.services.thanos-receive = {
  652. wantedBy = [ "multi-user.target" ];
  653. after = [ "network.target" ];
  654. serviceConfig = {
  655. DynamicUser = true;
  656. StateDirectory = cfg.receive.stateDir;
  657. Restart = "always";
  658. ExecStart = thanos "receive";
  659. };
  660. };
  661. }
  662. ]))
  663. ];
  664. }