movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-14 06:00:33 +03:00
Code Activity

Merge pull request #24341 from LumiGuide/cadviser-storageDriverPasswordFile

Browse source 
cadviser: add storageDriverPasswordFile option
This commit is contained in:
Michael Raskin 2017-05-01 02:01:49 +02:00 committed by GitHub
commit 01ba1a40d3
1 changed files with 59 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

87
nixos/modules/services/monitoring/cadvisor.nix
View file

@ -54,7 +54,29 @@ in {
storageDriverPassword = mkOption { storageDriverPassword = mkOption {
default = "root"; default = "root";
type = types.str; type = types.str;
description = "Cadvisor storage driver password."; description = ''
Cadvisor storage driver password.
Warning: this password is stored in the world-readable Nix store. It's
recommended to use the <option>storageDriverPasswordFile</option> option
since that gives you control over the security of the password.
<option>storageDriverPasswordFile</option> also takes precedence over <option>storageDriverPassword</option>.
'';
};
storageDriverPasswordFile = mkOption {
type = types.str;
description = ''
File that contains the cadvisor storage driver password.
<option>storageDriverPasswordFile</option> takes precedence over <option>storageDriverPassword</option>
Warning: when <option>storageDriverPassword</option> is non-empty this defaults to a file in the
world-readable Nix store that contains the value of <option>storageDriverPassword</option>.
It's recommended to override this with a path not in the Nix store.
Tip: use <link xlink:href='https://nixos.org/nixops/manual/#idm140737318306400'>nixops key management</link>
'';
}; };
storageDriverSecure = mkOption { storageDriverSecure = mkOption {
@ -65,35 +87,44 @@ in {
}; };
}; };
config = mkIf cfg.enable { config = mkMerge [
systemd.services.cadvisor = { { services.cadvisor.storageDriverPasswordFile = mkIf (cfg.storageDriverPassword != "") (
wantedBy = [ "multi-user.target" ]; mkDefault (toString (pkgs.writeTextFile {
after = [ "network.target" "docker.service" "influxdb.service" ]; name = "cadvisor-storage-driver-password";
text = cfg.storageDriverPassword;
}))
);
}
postStart = mkBefore '' (mkIf cfg.enable {
until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do systemd.services.cadvisor = {
sleep 1; wantedBy = [ "multi-user.target" ];
done after = [ "network.target" "docker.service" "influxdb.service" ];
'';
serviceConfig = { postStart = mkBefore ''
ExecStart = ''${pkgs.cadvisor}/bin/cadvisor \ until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do
-logtostderr=true \ sleep 1;
-listen_ip=${cfg.listenAddress} \ done
-port=${toString cfg.port} \
${optionalString (cfg.storageDriver != null) ''
-storage_driver ${cfg.storageDriver} \
-storage_driver_user ${cfg.storageDriverHost} \
-storage_driver_db ${cfg.storageDriverDb} \
-storage_driver_user ${cfg.storageDriverUser} \
-storage_driver_password ${cfg.storageDriverPassword} \
${optionalString cfg.storageDriverSecure "-storage_driver_secure"}
''}
''; '';
TimeoutStartSec=300;
};
};
virtualisation.docker.enable = mkDefault true; script = ''
}; exec ${pkgs.cadvisor}/bin/cadvisor \
-logtostderr=true \
-listen_ip="${cfg.listenAddress}" \
-port="${toString cfg.port}" \
${optionalString (cfg.storageDriver != null) ''
-storage_driver "${cfg.storageDriver}" \
-storage_driver_user "${cfg.storageDriverHost}" \
-storage_driver_db "${cfg.storageDriverDb}" \
-storage_driver_user "${cfg.storageDriverUser}" \
-storage_driver_password "$(cat "${cfg.storageDriverPasswordFile}")" \
${optionalString cfg.storageDriverSecure "-storage_driver_secure"}
''}
'';
serviceConfig.TimeoutStartSec=300;
};
virtualisation.docker.enable = mkDefault true;
})
];
} }