diff options
| author | Maximilian Bosch <maximilian@mbosch.me> | 2023-08-14 18:05:25 +0200 |
|---|---|---|
| committer | Maximilian Bosch <maximilian@mbosch.me> | 2023-08-14 18:07:24 +0200 |
| commit | 10c6be32e42127c8fa3656c521dea02ac6717004 (patch) | |
| tree | 08f22b5e15415a320d7f68b3ce8bb0a1c32ddafb /nixos/modules/services/tracing | |
| parent | afde5d87aae5fe3438f120a44d88c5ab4c59abcb (diff) | |
nixos/tempo: add `extraFlags` option
Main use-case for me is to specify `-config.expand-env=true` which
allows me inject secrets via systemd's environment file mechanism[1]
like this:
storage.trace.s3 = {
/* all the other stuff */
secret_key = "\${GARAGE_SECRET_KEY}";
};
[1] https://grafana.com/docs/tempo/latest/configuration/#use-environment-variables-in-the-configuration
Diffstat (limited to 'nixos/modules/services/tracing')
| -rw-r--r-- | nixos/modules/services/tracing/tempo.nix | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/nixos/modules/services/tracing/tempo.nix b/nixos/modules/services/tracing/tempo.nix index 4a098c31effeb..0b9ca2398b161 100644 --- a/nixos/modules/services/tracing/tempo.nix +++ b/nixos/modules/services/tracing/tempo.nix @@ -27,6 +27,18 @@ in { Specify a path to a configuration file that Tempo should use. ''; }; + + extraFlags = mkOption { + type = types.listOf types.str; + default = []; + example = lib.literalExpression + '' + [ "-config.expand-env=true" ] + ''; + description = lib.mdDoc '' + Additional flags to pass to the `ExecStart=` in `tempo.service`. + ''; + }; }; config = mkIf cfg.enable { @@ -54,7 +66,7 @@ in { else cfg.configFile; in { - ExecStart = "${pkgs.tempo}/bin/tempo --config.file=${conf}"; + ExecStart = "${pkgs.tempo}/bin/tempo --config.file=${conf} ${lib.escapeShellArgs cfg.extraFlags}"; DynamicUser = true; Restart = "always"; ProtectSystem = "full"; |