robin/palantir
1
0
Fork 0
mirror of https://codeberg.org/icewind/palantir.git synced 2026-06-03 18:24:08 +02:00
Code Issues Projects Releases Wiki Activity

fmt

Browse source
This commit is contained in:
Robin Appelman 2025-06-02 20:47:04 +02:00
commit 2f5cc229f3
5 changed files with 67 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

17
README.md
View file

@ -13,7 +13,9 @@ Opinionated system metrics exporter for prometheus
## Usage ## Usage
- Download the binary for your architecture from the [releases](https://github.com/icewind1991/palantir/releases/) and place it at `/usr/local/bin/palantir` - Download the binary for your architecture from the
[releases](https://github.com/icewind1991/palantir/releases/) and place it at
`/usr/local/bin/palantir`
- Place the [palantir.service](palantir.service) file in `/etc/systemd/system/` - Place the [palantir.service](palantir.service) file in `/etc/systemd/system/`
- Create the `palantir` user: `sudo useradd -m palantir` - Create the `palantir` user: `sudo useradd -m palantir`
- Start enable enable the server: `sudo systemctl enable --now palantir` - Start enable enable the server: `sudo systemctl enable --now palantir`
@ -23,8 +25,10 @@ Some stats require additional permissions described below.
## Power monitoring permissions ## Power monitoring permissions
In recent kernel versions, precise power monitoring is only accessible to root users to prevent using it as a side-channel attack. In recent kernel versions, precise power monitoring is only accessible to root
In order to get the power monitoring output you'll need to give the `palantir` user access to this data using the following steps. users to prevent using it as a side-channel attack. In order to get the power
monitoring output you'll need to give the `palantir` user access to this data
using the following steps.
- Create a group using - Create a group using
@ -59,7 +63,8 @@ In order to get the power monitoring output you'll need to give the `palantir` u
## Docker monitoring permissions ## Docker monitoring permissions
To enable monitoring of docker containers, add the `palantir` user to the `docker` group To enable monitoring of docker containers, add the `palantir` user to the
`docker` group
```bash ```bash
sudo usermod -a -G docker palantir sudo usermod -a -G docker palantir
@ -67,4 +72,6 @@ sudo usermod -a -G docker palantir
## Windows support ## Windows support
Palantir has limited windows support out of the box, additional sensors can be enabled by running [LibreHardwareMonitor](https://github.com/LibreHardwareMonitor/LibreHardwareMonitor). Palantir has limited windows support out of the box, additional sensors can be
enabled by running
[LibreHardwareMonitor](https://github.com/LibreHardwareMonitor/LibreHardwareMonitor).

19
flake.nix
View file

@ -10,7 +10,8 @@
inputs.flakelight.follows = "flakelight"; inputs.flakelight.follows = "flakelight";
}; };
}; };
outputs = { mill-scale, ... }: mill-scale ./. { outputs = {mill-scale, ...}:
mill-scale ./. {
packages.palantir = import ./package.nix; packages.palantir = import ./package.nix;
crossTargets = [ crossTargets = [
@ -21,16 +22,16 @@
"aarch64-unknown-linux-musl" "aarch64-unknown-linux-musl"
]; ];
nixosModules = { outputs, ... }: { nixosModules = {outputs, ...}: {
default = default = {
{ pkgs pkgs,
, config config,
, lib lib,
, ... ...
}: { }: {
imports = [ ./module.nix ]; imports = [./module.nix];
config = lib.mkIf config.services.palantir.enable { config = lib.mkIf config.services.palantir.enable {
nixpkgs.overlays = [ outputs.overlays.default ]; nixpkgs.overlays = [outputs.overlays.default];
services.palantir.package = lib.mkDefault pkgs.palantir; services.palantir.package = lib.mkDefault pkgs.palantir;
}; };
}; };

30
module.nix
View file

@ -1,12 +1,12 @@
{ config {
, lib config,
, pkgs lib,
, ... pkgs,
...
}: }:
with lib; let with lib; let
cfg = config.services.palantir; cfg = config.services.palantir;
in in {
{
options.services.palantir = { options.services.palantir = {
enable = mkEnableOption "Enables the palantir service"; enable = mkEnableOption "Enables the palantir service";
@ -69,13 +69,13 @@ in
networking.firewall.allowedTCPPorts = lib.optional cfg.openPort cfg.port; networking.firewall.allowedTCPPorts = lib.optional cfg.openPort cfg.port;
networking.firewall.allowedUDPPorts = lib.optional cfg.openMDNSPort 5353; networking.firewall.allowedUDPPorts = lib.optional cfg.openMDNSPort 5353;
users.groups.powermonitoring = { }; users.groups.powermonitoring = {};
services.udev.packages = [ cfg.package ]; services.udev.packages = [cfg.package];
systemd.services."palantir" = { systemd.services."palantir" = {
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
after = [ "systemd-networkd-wait-online.service" ]; after = ["systemd-networkd-wait-online.service"];
path = lib.optional cfg.zfs pkgs.zfs; path = lib.optional cfg.zfs pkgs.zfs;
environment = environment =
{ {
@ -88,7 +88,7 @@ in
then { then {
DISABLE_MDNS = "true"; DISABLE_MDNS = "true";
} }
else { } else {}
); );
serviceConfig = { serviceConfig = {
@ -110,12 +110,12 @@ in
ProtectHostname = true; ProtectHostname = true;
LockPersonality = true; LockPersonality = true;
ProtectKernelTunables = true; ProtectKernelTunables = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_NETLINK" ] ++ lib.optional cfg.docker "AF_UNIX"; # netlink is required to make `getifaddrs` not err RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_NETLINK"] ++ lib.optional cfg.docker "AF_UNIX"; # netlink is required to make `getifaddrs` not err
RestrictRealtime = true; RestrictRealtime = true;
SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ]; SystemCallFilter = ["@system-service" "~@resources" "~@privileged"];
IPAddressAllow = [ "localhost" ] ++ lib.optional cfg.mdns "multicast"; IPAddressAllow = ["localhost"] ++ lib.optional cfg.mdns "multicast";
UMask = "0077"; UMask = "0077";
SupplementaryGroups = [ "powermonitoring" ] ++ lib.optional cfg.docker "docker"; SupplementaryGroups = ["powermonitoring"] ++ lib.optional cfg.docker "docker";
}; };
}; };
}; };

2
overlay.nix
View file

@ -1,3 +1,3 @@
final: prev: { final: prev: {
palantir = final.callPackage ./package.nix { }; palantir = final.callPackage ./package.nix {};
} }

19
package.nix
View file

@ -1,16 +1,15 @@
{ stdenv {
, rustPlatform stdenv,
, coreutils rustPlatform,
, lib coreutils,
, lib,
}: }: let
let
inherit (lib.sources) sourceByRegex; inherit (lib.sources) sourceByRegex;
inherit (builtins) fromTOML readFile; inherit (builtins) fromTOML readFile;
src = sourceByRegex ./. [ "Cargo.*" "(src|benches)(/.*)?" ]; src = sourceByRegex ./. ["Cargo.*" "(src|benches)(/.*)?"];
version = (fromTOML (readFile ./Cargo.toml)).package.version; version = (fromTOML (readFile ./Cargo.toml)).package.version;
in in
rustPlatform.buildRustPackage rec { rustPlatform.buildRustPackage rec {
pname = "palantir"; pname = "palantir";
inherit src version; inherit src version;
@ -26,4 +25,4 @@ rustPlatform.buildRustPackage rec {
echo 'SUBSYSTEM=="powercap", ACTION=="add", RUN+="${coreutils}/bin/chgrp -R powermonitoring /sys%p", RUN+="${coreutils}/bin/chmod -R g=u /sys%p"' >> $out/lib/udev/rules.d/51-palantir.rules echo 'SUBSYSTEM=="powercap", ACTION=="add", RUN+="${coreutils}/bin/chgrp -R powermonitoring /sys%p", RUN+="${coreutils}/bin/chmod -R g=u /sys%p"' >> $out/lib/udev/rules.d/51-palantir.rules
echo 'SUBSYSTEM=="powercap", ACTION=="change", ENV{TRIGGER}!="none", RUN+="${coreutils}/bin/chgrp -R powermonitoring /sys%p", RUN+="${coreutils}/bin/chmod -R g=u /sys%p"' >> $out/lib/udev/rules.d/51-palantir.rules echo 'SUBSYSTEM=="powercap", ACTION=="change", ENV{TRIGGER}!="none", RUN+="${coreutils}/bin/chgrp -R powermonitoring /sys%p", RUN+="${coreutils}/bin/chmod -R g=u /sys%p"' >> $out/lib/udev/rules.d/51-palantir.rules
''; '';
} }