diff options
| author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2024-02-09 02:08:02 +0100 |
|---|---|---|
| committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2024-02-09 02:24:48 +0100 |
| commit | a43d9cd69a2d02561217b56415edc95a9366a09e (patch) | |
| tree | a69f7a44251de3da6087a3150790df6946d1a0a9 /nixos/modules/services/monitoring/prometheus | |
| parent | f1f689a8e8cec16394a26b1f4dda0e6bc3859bbe (diff) | |
nixos/prometheus-fastly-exporter: fix runtime environment
- Make the token a required option - Drop the proto from the listen parameter - Use systemd credentials to pass the token file - Drop debug flag, use extraArgs instead - Actually hook up extraArgs - Escape shell arguments - Drop overly broad `with lib` statement
Diffstat (limited to 'nixos/modules/services/monitoring/prometheus')
| -rw-r--r-- | nixos/modules/services/monitoring/prometheus/exporters/fastly.nix | 51 |
1 files changed, 32 insertions, 19 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/fastly.nix b/nixos/modules/services/monitoring/prometheus/exporters/fastly.nix index 36409caccf2e3..2a8b7fc0818d5 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/fastly.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/fastly.nix @@ -1,41 +1,54 @@ -{ config, lib, pkgs, options }: +{ config +, lib +, pkgs +, options +}: -with lib; +let + inherit (lib) + escapeShellArgs + mkOption + optionals + types + ; -let cfg = config.services.prometheus.exporters.fastly; + cfg = config.services.prometheus.exporters.fastly; in { port = 9118; - extraOpts = { - debug = mkEnableOption (lib.mdDoc "Debug logging mode for fastly-exporter"); - + extraOpts = with types; { configFile = mkOption { - type = types.nullOr types.path; + type = nullOr path; default = null; - description = lib.mdDoc '' + example = "./fastly-exporter-config.txt"; + description = '' Path to a fastly-exporter configuration file. Example one can be generated with `fastly-exporter --config-file-example`. ''; - example = "./fastly-exporter-config.txt"; }; tokenPath = mkOption { - type = types.nullOr types.path; - apply = final: if final == null then null else toString final; - description = lib.mdDoc '' + type = path; + description = '' A run-time path to the token file, which is supposed to be provisioned outside of Nix store. ''; }; }; serviceOpts = { - script = '' - ${optionalString (cfg.tokenPath != null) - "export FASTLY_API_TOKEN=$(cat ${toString cfg.tokenPath})"} - ${pkgs.prometheus-fastly-exporter}/bin/fastly-exporter \ - -listen http://${cfg.listenAddress}:${toString cfg.port} - ${optionalString cfg.debug "-debug true"} \ - ${optionalString (cfg.configFile != null) "-config-file ${cfg.configFile}"} + serviceConfig = { + LoadCredential = "fastly-api-token:${cfg.tokenPath}"; + }; + script = let + call = escapeShellArgs ([ + "${pkgs.prometheus-fastly-exporter}/bin/fastly-exporter" + "-listen" "${cfg.listenAddress}:${toString cfg.port}" + ] ++ optionals (cfg.configFile != null) [ + "--config-file" cfg.configFile + ] ++ cfg.extraFlags); + in '' + export FASTLY_API_TOKEN="$(cat $CREDENTIALS_DIRECTORY/fastly-api-token)" + ${call} ''; }; } |