movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

nixos/prometheus: Support environmentFile (#97933)

Browse source 
For the same reason Alertmanager supports environmentFile to pass
secrets along, it is useful to support the same for Prometheus'
configuration to store bearer tokens outside the Nix store.
This commit is contained in:
Philipp Kern 2020-10-31 20:52:13 +01:00 committed by GitHub
parent eaaf9254aa
commit ec6b0950ef
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 47 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

48
nixos/modules/services/monitoring/prometheus/default.nix
View file

@ -45,7 +45,7 @@ let
cmdlineArgs = cfg.extraFlags ++ [ cmdlineArgs = cfg.extraFlags ++ [
"--storage.tsdb.path=${workingDir}/data/" "--storage.tsdb.path=${workingDir}/data/"
"--config.file=${prometheusYml}" "--config.file=/run/prometheus/prometheus-substituted.yaml"
"--web.listen-address=${cfg.listenAddress}:${builtins.toString cfg.port}" "--web.listen-address=${cfg.listenAddress}:${builtins.toString cfg.port}"
"--alertmanager.notification-queue-capacity=${toString cfg.alertmanagerNotificationQueueCapacity}" "--alertmanager.notification-queue-capacity=${toString cfg.alertmanagerNotificationQueueCapacity}"
"--alertmanager.timeout=${toString cfg.alertmanagerTimeout}s" "--alertmanager.timeout=${toString cfg.alertmanagerTimeout}s"
@ -522,6 +522,45 @@ in {
''; '';
}; };
environmentFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/root/prometheus.env";
description = ''
Environment file as defined in <citerefentry>
<refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
Secrets may be passed to the service without adding them to the
world-readable Nix store, by specifying placeholder variables as
the option value in Nix and setting these variables accordingly in the
environment file.
Environment variables from this file will be interpolated into the
config file using envsubst with this syntax:
<literal>$ENVIRONMENT ''${VARIABLE}</literal>
<programlisting>
# Example scrape config entry handling an OAuth bearer token
{
job_name = "home_assistant";
metrics_path = "/api/prometheus";
scheme = "https";
bearer_token = "\''${HOME_ASSISTANT_BEARER_TOKEN}";
[...]
}
</programlisting>
<programlisting>
# Content of the environment file
HOME_ASSISTANT_BEARER_TOKEN=someoauthbearertoken
</programlisting>
Note that this file needs to be available on the host on which
<literal>Prometheus</literal> is running.
'';
};
configText = mkOption { configText = mkOption {
type = types.nullOr types.lines; type = types.nullOr types.lines;
default = null; default = null;
@ -662,12 +701,19 @@ in {
systemd.services.prometheus = { systemd.services.prometheus = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
preStart = ''
${lib.getBin pkgs.envsubst}/bin/envsubst -o "/run/prometheus/prometheus-substituted.yaml" \
-i "${prometheusYml}"
'';
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/prometheus" + ExecStart = "${cfg.package}/bin/prometheus" +
optionalString (length cmdlineArgs != 0) (" \\\n " + optionalString (length cmdlineArgs != 0) (" \\\n " +
concatStringsSep " \\\n " cmdlineArgs); concatStringsSep " \\\n " cmdlineArgs);
User = "prometheus"; User = "prometheus";
Restart = "always"; Restart = "always";
EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];
RuntimeDirectory = "prometheus";
RuntimeDirectoryMode = "0700";
WorkingDirectory = workingDir; WorkingDirectory = workingDir;
StateDirectory = cfg.stateDir; StateDirectory = cfg.stateDir;
}; };