diff options
| author | Jörg Thalheim <joerg@thalheim.io> | 2020-08-22 11:31:34 +0100 |
|---|---|---|
| committer | Jörg Thalheim <joerg@thalheim.io> | 2020-11-14 16:33:42 +0100 |
| commit | 157d7354d6e66153352e5ef2c054ef4398c67187 (patch) | |
| tree | 08c0b83cf0a2ed68afcc54c4f2c3a48a3a78f2b5 | |
| parent | 9750813b89bfa38d2c319a28d8537d8754047d05 (diff) | |
nixos/telegraf: add environmentFile option
| -rw-r--r-- | nixos/modules/services/monitoring/telegraf.nix | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/nixos/modules/services/monitoring/telegraf.nix b/nixos/modules/services/monitoring/telegraf.nix index c6b0b8906fd6d..c0733f6b89cf2 100644 --- a/nixos/modules/services/monitoring/telegraf.nix +++ b/nixos/modules/services/monitoring/telegraf.nix @@ -26,6 +26,19 @@ in { type = types.package; }; + environmentFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/keys/telegraf.env"; + description = '' + File to load as environment file. Environment variables + from this file will be interpolated into the config file + using envsubst with this syntax: + <literal>$ENVIRONMENT ''${VARIABLE}</literal> + This is useful to avoid putting secrets into the nix store. + ''; + }; + extraConfig = mkOption { default = {}; description = "Extra configuration options for telegraf"; @@ -51,15 +64,23 @@ in { ###### implementation config = mkIf config.services.telegraf.enable { - systemd.services.telegraf = { + systemd.services.telegraf = let + finalConfigFile = if config.services.telegraf.environmentFile == null + then configFile + else "/tmp/config.toml"; + in { description = "Telegraf Agent"; wantedBy = [ "multi-user.target" ]; after = [ "network-online.target" ]; serviceConfig = { - ExecStart=''${cfg.package}/bin/telegraf -config "${configFile}"''; + EnvironmentFile = config.services.telegraf.environmentFile; + ExecStartPre = lib.optional (config.services.telegraf.environmentFile != null) + ''${pkgs.envsubst}/bin/envsubst -o /tmp/config.toml -i "${configFile}"''; + ExecStart=''${cfg.package}/bin/telegraf -config ${finalConfigFile}''; ExecReload="${pkgs.coreutils}/bin/kill -HUP $MAINPID"; User = "telegraf"; Restart = "on-failure"; + PrivateTmp = true; # for ping probes AmbientCapabilities = [ "CAP_NET_RAW" ]; }; |