nixos/victoriametrics: check config, more tests, update desc

nixos/modules/services/databases/victoriametrics.nix

@@ -31,7 +31,15 @@ let
 in
 {
   options.services.victoriametrics = {
-    enable = mkEnableOption "VictoriaMetrics is a fast, cost-effective and scalable monitoring solution and time series database.";
+    enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Whether to enable VictoriaMetrics in single-node mode.
+
+        VictoriaMetrics is a fast, cost-effective and scalable monitoring solution and time series database.
+      '';
+    };
     package = mkPackageOption pkgs "victoriametrics" { };
 
     listenAddress = mkOption {

nixos/modules/services/monitoring/vmagent.nix

@@ -2,7 +2,32 @@
 
 let
   cfg = config.services.vmagent;
-  settingsFormat = pkgs.formats.json { };
+  settingsFormat = pkgs.formats.yaml {};
+
+  startCLIList =
+    [
+      "${cfg.package}/bin/vmagent"
+    ]
+    ++ lib.optionals (cfg.remoteWrite.url != null) [
+      "-remoteWrite.url=${cfg.remoteWrite.url}"
+      "-remoteWrite.tmpDataPath=%C/vmagent/remote_write_tmp"
+    ]
+    ++ lib.optional (
+      cfg.remoteWrite.basicAuthUsername != null
+    ) "-remoteWrite.basicAuth.username=${cfg.remoteWrite.basicAuthUsername}"
+    ++ lib.optional (
+      cfg.remoteWrite.basicAuthPasswordFile != null
+    ) "-remoteWrite.basicAuth.passwordFile=\${CREDENTIALS_DIRECTORY}/remote_write_basic_auth_password"
+    ++ cfg.extraArgs;
+  prometheusConfigYml = checkedConfig (
+    settingsFormat.generate "prometheusConfig.yaml" cfg.prometheusConfig
+  );
+
+  checkedConfig = file:
+    pkgs.runCommand "checked-config" {nativeBuildInputs = [cfg.package];} ''
+      ln -s ${file} $out
+      ${lib.escapeShellArgs startCLIList} -promscrape.config=${file} -dryRun
+    '';
 in {
   imports = [
     (lib.mkRemovedOptionModule [ "services" "vmagent" "dataDir" ] "dataDir has been deprecated in favor of systemd provided CacheDirectory")
@@ -12,7 +37,15 @@ in {
   ];
 
   options.services.vmagent = {
-    enable = lib.mkEnableOption "vmagent";
+    enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Whether to enable VictoriaMetrics's `vmagent`.
+
+        vmagent efficiently scrape metrics from Prometheus-compatible exporters
+      '';
+    };
 
     package = lib.mkPackageOption pkgs "vmagent" { };
 
@@ -69,18 +102,7 @@ in {
   config = lib.mkIf cfg.enable {
     networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ 8429 ];
 
-    systemd.services.vmagent = let
-      prometheusConfig = settingsFormat.generate "prometheusConfig.yaml" cfg.prometheusConfig;
-      startCommandLine = lib.concatStringsSep " " ([
-        "${cfg.package}/bin/vmagent"
-        "-promscrape.config=${prometheusConfig}"
-      ] ++ cfg.extraArgs
-        ++ lib.optionals (cfg.remoteWrite.url != null) [
-        "-remoteWrite.url=${cfg.remoteWrite.url}"
-        "-remoteWrite.tmpDataPath=%C/vmagent/remote_write_tmp"
-      ] ++ lib.optional (cfg.remoteWrite.basicAuthUsername != null) "-remoteWrite.basicAuth.username=${cfg.remoteWrite.basicAuthUsername}"
-        ++ lib.optional (cfg.remoteWrite.basicAuthPasswordFile != null) "-remoteWrite.basicAuth.passwordFile=\${CREDENTIALS_DIRECTORY}/remote_write_basic_auth_password");
-    in {
+    systemd.services.vmagent = {
       wantedBy = [ "multi-user.target" ];
       after = [ "network.target" ];
       description = "vmagent system service";
@@ -91,7 +113,10 @@ in {
         Type = "simple";
         Restart = "on-failure";
         CacheDirectory = "vmagent";
-        ExecStart = startCommandLine;
+        ExecStart = lib.escapeShellArgs (
+          startCLIList
+          ++ lib.optionals (cfg.prometheusConfig != null) ["-promscrape.config=${prometheusConfigYml}"]
+        );
         LoadCredential = lib.optional (cfg.remoteWrite.basicAuthPasswordFile != null) [
           "remote_write_basic_auth_password:${cfg.remoteWrite.basicAuthPasswordFile}"
         ];

nixos/modules/services/monitoring/vmalert.nix

@@ -20,7 +20,15 @@ in
 {
   # interface
   options.services.vmalert = {
-    enable = mkEnableOption "vmalert";
+    enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Wether to enable VictoriaMetrics's `vmalert`.
+
+        `vmalert` evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.
+      '';
+    };
 
     package = mkPackageOption pkgs "victoriametrics" { };
 

nixos/tests/all-tests.nix

@@ -1105,7 +1105,7 @@ in {
   vaultwarden = discoverTests (import ./vaultwarden.nix);
   vector = handleTest ./vector {};
   vengi-tools = handleTest ./vengi-tools.nix {};
-  victoriametrics = handleTest ./victoriametrics.nix {};
+  victoriametrics = handleTest ./victoriametrics {};
   vikunja = handleTest ./vikunja.nix {};
   virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {};
   vscode-remote-ssh = handleTestOn ["x86_64-linux"] ./vscode-remote-ssh.nix {};

nixos/tests/victoriametrics/default.nix

@@ -0,0 +1,10 @@
+{
+  system ? builtins.currentSystem,
+  config ? { },
+  pkgs ? import ../../.. { inherit system config; },
+}:
+
+{
+  remote-write = import ./remote-write.nix { inherit system pkgs; };
+  vmalert = import ./vmalert.nix { inherit system pkgs; };
+}

nixos/tests/victoriametrics/remote-write.nix

@@ -0,0 +1,103 @@
+# Primarily reference the implementation of <nixos/tests/prometheus/remote-write.nix>
+import ../make-test-python.nix (
+  {
+    lib,
+    pkgs,
+    ...
+  }:
+  let
+    username = "vmtest";
+    password = "fsddfy8233rb"; # random string
+    passwordFile = pkgs.writeText "password-file" password;
+  in
+  {
+    name = "victoriametrics-remote-write";
+    meta = with pkgs.lib.maintainers; {
+      maintainers = [
+        yorickvp
+        ryan4yin
+      ];
+    };
+
+    nodes = {
+      victoriametrics =
+        {
+          config,
+          pkgs,
+          ...
+        }:
+        {
+          environment.systemPackages = [ pkgs.jq ];
+          networking.firewall.allowedTCPPorts = [ 8428 ];
+          services.victoriametrics = {
+            enable = true;
+            extraOptions = [
+              "-httpAuth.username=${username}"
+              "-httpAuth.password=file://${toString passwordFile}"
+            ];
+          };
+        };
+
+      vmagent =
+        {
+          config,
+          pkgs,
+          ...
+        }:
+        {
+          environment.systemPackages = [ pkgs.jq ];
+          services.vmagent = {
+            enable = true;
+            remoteWrite = {
+              url = "http://victoriametrics:8428/api/v1/write";
+              basicAuthUsername = username;
+              basicAuthPasswordFile = passwordFile;
+            };
+
+            prometheusConfig = {
+              global = {
+                scrape_interval = "2s";
+              };
+              scrape_configs = [
+                {
+                  job_name = "node";
+                  static_configs = [
+                    {
+                      targets = [
+                        "node:${toString config.services.prometheus.exporters.node.port}"
+                      ];
+                    }
+                  ];
+                }
+              ];
+            };
+          };
+        };
+
+      node =
+        { ... }:
+        {
+          services.prometheus.exporters.node = {
+            enable = true;
+            openFirewall = true;
+          };
+        };
+    };
+
+    testScript = ''
+      node.wait_for_unit("prometheus-node-exporter")
+      node.wait_for_open_port(9100)
+
+      victoriametrics.wait_for_unit("victoriametrics")
+      victoriametrics.wait_for_open_port(8428)
+
+      vmagent.wait_for_unit("vmagent")
+
+      # check remote write
+      victoriametrics.wait_until_succeeds(
+        "curl --user '${username}:${password}' -sf 'http://localhost:8428/api/v1/query?query=node_exporter_build_info\{instance=\"node:9100\"\}' | "
+        + "jq '.data.result[0].value[1]' | grep '\"1\"'"
+      )
+    '';
+  }
+)