nixos/pyroscope: init (#434658)

2026-03-08 01:24:09 +01:00 · 2026-03-04 01:17:26 +00:00 · 2026-03-04 01:17:26 +00:00 · 91108f3a7c
commit 91108f3a7c
parent 823f8a0b4a 8d367a5f2b
3 changed files with 120 additions and 0 deletions
--- a/nixos/doc/manual/release-notes/rl-2605.section.md
+++ b/nixos/doc/manual/release-notes/rl-2605.section.md
@ -42,6 +42,8 @@

 - [DankMaterialShell](https://danklinux.com), a complete desktop shell for Wayland compositors built with Quickshell. Available as [programs.dms-shell](#opt-programs.dms-shell.enable).

+- [pyroscope](https://github.com/grafana/pyroscope), a continuous profiling platform. that allows for performance debugging. Available as [services.pyroscope](#opt-services.pyroscope.enable)
+
 - [dms-greeter](https://danklinux.com), a modern display manager greeter for DankMaterialShell that works with greetd and supports multiple Wayland compositors. Available as [services.displayManager.dms-greeter](#opt-services.displayManager.dms-greeter.enable).

 - [dsearch](https://github.com/AvengeMedia/danksearch), a fast filesystem search service with fuzzy matching. Available as [programs.dsearch](#opt-programs.dsearch.enable).
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -1049,6 +1049,7 @@
  ./services/monitoring/prometheus/pushgateway.nix
  ./services/monitoring/prometheus/sachet.nix
  ./services/monitoring/prometheus/xmpp-alerts.nix
+  ./services/monitoring/pyroscope.nix
  ./services/monitoring/riemann-dash.nix
  ./services/monitoring/riemann-tools.nix
  ./services/monitoring/riemann.nix
--- a/nixos/modules/services/monitoring/pyroscope.nix
+++ b/nixos/modules/services/monitoring/pyroscope.nix
@ -0,0 +1,117 @@
+{
+  lib,
+  pkgs,
+  config,
+  utils,
+  ...
+}:
+
+let
+  cfg = config.services.pyroscope;
+  settingsFormat = pkgs.formats.yaml { };
+in
+{
+  meta.maintainers = [ lib.maintainers.kashw2 ];
+
+  options.services.pyroscope = {
+    enable = lib.mkEnableOption "Pyroscope";
+
+    package = lib.mkPackageOption pkgs "pyroscope" { };
+
+    openFirewall = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Whether or not to open the firewall for this service";
+    };
+
+    settings = lib.mkOption {
+      type = lib.types.submodule {
+        freeformType = settingsFormat.type;
+        options = {
+          server = {
+            http_listen_address = lib.mkOption {
+              type = lib.types.str;
+              default = "127.0.0.1";
+              description = "The server listen address";
+            };
+            http_listen_port = lib.mkOption {
+              type = lib.types.port;
+              default = 4040;
+              description = "The port that Pyroscope should run on";
+            };
+          };
+        };
+      };
+      default = { };
+      description = ''
+        Specify the configuration for Pyroscope in Nix.
+
+        See <https://grafana.com/docs/pyroscope/latest/configure-server/reference-configuration-parameters/> for available options.
+      '';
+    };
+
+    configFile = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      default = null;
+      description = "Specify a path to a configuration file that Pyroscope should use.";
+    };
+
+    extraFlags = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+      description = "Additional arguments to pass to pyroscope";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    # Pyroscope and it's CLI
+    environment.systemPackages = [ cfg.package ];
+
+    assertions = [
+      {
+        assertion = ((cfg.settings == { }) != (cfg.configFile == null));
+        message = ''
+          Please specify a configuration for Pyroscope with either
+          'services.pyroscope.settings' or
+          'services.pyroscope.configFile'.
+        '';
+      }
+    ];
+
+    systemd.services.pyroscope = {
+      description = "Grafana Pyroscope Service Daemon";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig =
+        let
+          conf =
+            if cfg.configFile == null then
+              settingsFormat.generate "config.yaml" cfg.settings
+            else
+              cfg.configFile;
+        in
+        {
+          ExecStart = utils.escapeSystemdExecArgs (
+            [
+              "${lib.getExe cfg.package}"
+              "--config.file=${conf}"
+            ]
+            ++ cfg.extraFlags
+          );
+          DynamicUser = true;
+          ProtectSystem = "full";
+          DevicePolicy = "closed";
+          WorkingDirectory = "/var/lib/pyroscope";
+          StateDirectory = "pyroscope";
+          Restart = "on-failure";
+        };
+    };
+
+    networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [
+      cfg.settings.server.http_listen_port
+    ];
+
+  };
+
+}