robin/palantir
1
0
Fork 0
mirror of https://codeberg.org/icewind/palantir.git synced 2026-06-03 10:14:09 +02:00
Code Issues Projects Releases Wiki Activity

fmt

Browse source
This commit is contained in:
Robin Appelman 2025-06-02 20:47:04 +02:00
commit 2f5cc229f3
5 changed files with 67 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

17
README.md
View file

@ -13,7 +13,9 @@ Opinionated system metrics exporter for prometheus
## Usage
- Download the binary for your architecture from the [releases](https://github.com/icewind1991/palantir/releases/) and place it at `/usr/local/bin/palantir`
- Download the binary for your architecture from the
[releases](https://github.com/icewind1991/palantir/releases/) and place it at
`/usr/local/bin/palantir`
- Place the [palantir.service](palantir.service) file in `/etc/systemd/system/`
- Create the `palantir` user: `sudo useradd -m palantir`
- Start enable enable the server: `sudo systemctl enable --now palantir`
@ -23,8 +25,10 @@ Some stats require additional permissions described below.
## Power monitoring permissions
In recent kernel versions, precise power monitoring is only accessible to root users to prevent using it as a side-channel attack.
In order to get the power monitoring output you'll need to give the `palantir` user access to this data using the following steps.
In recent kernel versions, precise power monitoring is only accessible to root
users to prevent using it as a side-channel attack. In order to get the power
monitoring output you'll need to give the `palantir` user access to this data
using the following steps.
- Create a group using
@ -59,7 +63,8 @@ In order to get the power monitoring output you'll need to give the `palantir` u
## Docker monitoring permissions
To enable monitoring of docker containers, add the `palantir` user to the `docker` group
To enable monitoring of docker containers, add the `palantir` user to the
`docker` group
```bash
sudo usermod -a -G docker palantir
@ -67,4 +72,6 @@ sudo usermod -a -G docker palantir
## Windows support
Palantir has limited windows support out of the box, additional sensors can be enabled by running [LibreHardwareMonitor](https://github.com/LibreHardwareMonitor/LibreHardwareMonitor).
Palantir has limited windows support out of the box, additional sensors can be
enabled by running
[LibreHardwareMonitor](https://github.com/LibreHardwareMonitor/LibreHardwareMonitor).

19
flake.nix
View file

@ -10,7 +10,8 @@
inputs.flakelight.follows = "flakelight";
};
};
outputs = { mill-scale, ... }: mill-scale ./. {
outputs = {mill-scale, ...}:
mill-scale ./. {
packages.palantir = import ./package.nix;
crossTargets = [
@ -21,16 +22,16 @@
"aarch64-unknown-linux-musl"
];
nixosModules = { outputs, ... }: {
default =
{ pkgs
, config
, lib
, ...
nixosModules = {outputs, ...}: {
default = {
pkgs,
config,
lib,
...
}: {
imports = [ ./module.nix ];
imports = [./module.nix];
config = lib.mkIf config.services.palantir.enable {
nixpkgs.overlays = [ outputs.overlays.default ];
nixpkgs.overlays = [outputs.overlays.default];
services.palantir.package = lib.mkDefault pkgs.palantir;
};
};

30
module.nix
View file

@ -1,12 +1,12 @@
{ config
, lib
, pkgs
, ...
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.palantir;
in
{
in {
options.services.palantir = {
enable = mkEnableOption "Enables the palantir service";
@ -69,13 +69,13 @@ in
networking.firewall.allowedTCPPorts = lib.optional cfg.openPort cfg.port;
networking.firewall.allowedUDPPorts = lib.optional cfg.openMDNSPort 5353;
users.groups.powermonitoring = { };
users.groups.powermonitoring = {};
services.udev.packages = [ cfg.package ];
services.udev.packages = [cfg.package];
systemd.services."palantir" = {
wantedBy = [ "multi-user.target" ];
after = [ "systemd-networkd-wait-online.service" ];
wantedBy = ["multi-user.target"];
after = ["systemd-networkd-wait-online.service"];
path = lib.optional cfg.zfs pkgs.zfs;
environment =
{
@ -88,7 +88,7 @@ in
then {
DISABLE_MDNS = "true";
}
else { }
else {}
);
serviceConfig = {
@ -110,12 +110,12 @@ in
ProtectHostname = true;
LockPersonality = true;
ProtectKernelTunables = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_NETLINK" ] ++ lib.optional cfg.docker "AF_UNIX"; # netlink is required to make `getifaddrs` not err
RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_NETLINK"] ++ lib.optional cfg.docker "AF_UNIX"; # netlink is required to make `getifaddrs` not err
RestrictRealtime = true;
SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
IPAddressAllow = [ "localhost" ] ++ lib.optional cfg.mdns "multicast";
SystemCallFilter = ["@system-service" "~@resources" "~@privileged"];
IPAddressAllow = ["localhost"] ++ lib.optional cfg.mdns "multicast";
UMask = "0077";
SupplementaryGroups = [ "powermonitoring" ] ++ lib.optional cfg.docker "docker";
SupplementaryGroups = ["powermonitoring"] ++ lib.optional cfg.docker "docker";
};
};
};

2
overlay.nix
View file

@ -1,3 +1,3 @@
final: prev: {
palantir = final.callPackage ./package.nix { };
palantir = final.callPackage ./package.nix {};
}

19
package.nix
View file

@ -1,16 +1,15 @@
{ stdenv
, rustPlatform
, coreutils
, lib
,
}:
let
{
stdenv,
rustPlatform,
coreutils,
lib,
}: let
inherit (lib.sources) sourceByRegex;
inherit (builtins) fromTOML readFile;
src = sourceByRegex ./. [ "Cargo.*" "(src|benches)(/.*)?" ];
src = sourceByRegex ./. ["Cargo.*" "(src|benches)(/.*)?"];
version = (fromTOML (readFile ./Cargo.toml)).package.version;
in
rustPlatform.buildRustPackage rec {
rustPlatform.buildRustPackage rec {
pname = "palantir";
inherit src version;
@ -26,4 +25,4 @@ rustPlatform.buildRustPackage rec {
echo 'SUBSYSTEM=="powercap", ACTION=="add", RUN+="${coreutils}/bin/chgrp -R powermonitoring /sys%p", RUN+="${coreutils}/bin/chmod -R g=u /sys%p"' >> $out/lib/udev/rules.d/51-palantir.rules
echo 'SUBSYSTEM=="powercap", ACTION=="change", ENV{TRIGGER}!="none", RUN+="${coreutils}/bin/chgrp -R powermonitoring /sys%p", RUN+="${coreutils}/bin/chmod -R g=u /sys%p"' >> $out/lib/udev/rules.d/51-palantir.rules
'';
}
}