diff options
| author | Katharina Fey <kookie@spacekookie.de> | 2019-10-23 12:12:59 +0000 |
|---|---|---|
| committer | Katharina Fey <kookie@spacekookie.de> | 2019-10-23 12:12:59 +0000 |
| commit | 3547597c8c5db5e40e66119587777910e780da3d (patch) | |
| tree | d5f54a723ee6bb380b918cea195762d271a98ba0 /nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix | |
| parent | 0f74f62ee25ac2d21bd67c29b8efc3ad079a72a8 (diff) | |
| parent | f35f0880f2cdbc8c1bc81492811251f120d7a9bc (diff) | |
Merge commit 'f35f0880f2cdbc8c1bc81492811251f120d7a9bc' into bump-nixpkgs
Diffstat (limited to 'nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix')
| -rw-r--r-- | nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix | 53 |
1 files changed, 43 insertions, 10 deletions
diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix index ca4366121e1..8a90afa9984 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix @@ -3,16 +3,34 @@ with lib; let + logPrefix = "services.prometheus.exporter.blackbox"; cfg = config.services.prometheus.exporters.blackbox; - checkConfig = file: pkgs.runCommand "checked-blackbox-exporter.conf" { - preferLocalBuild = true; - buildInputs = [ pkgs.buildPackages.prometheus-blackbox-exporter ]; } '' - ln -s ${file} $out - blackbox_exporter --config.check --config.file $out - ''; -in -{ + # This ensures that we can deal with string paths, path types and + # store-path strings with context. + coerceConfigFile = file: + if (builtins.isPath file) || (lib.isStorePath file) then + file + else + (lib.warn '' + ${logPrefix}: configuration file "${file}" is being copied to the nix-store. + If you would like to avoid that, please set enableConfigCheck to false. + '' /. + file); + checkConfigLocation = file: + if lib.hasPrefix "/tmp/" file then + throw + "${logPrefix}: configuration file must not reside within /tmp - it won't be visible to the systemd service." + else + true; + checkConfig = file: + pkgs.runCommand "checked-blackbox-exporter.conf" { + preferLocalBuild = true; + buildInputs = [ pkgs.buildPackages.prometheus-blackbox-exporter ]; + } '' + ln -s ${coerceConfigFile file} $out + blackbox_exporter --config.check --config.file $out + ''; +in { port = 9115; extraOpts = { configFile = mkOption { @@ -21,14 +39,29 @@ in Path to configuration file. ''; }; + enableConfigCheck = mkOption { + type = types.bool; + default = true; + description = '' + Whether to run a correctness check for the configuration file. This depends + on the configuration file residing in the nix-store. Paths passed as string will + be copied to the store. + ''; + }; }; - serviceOpts = { + + serviceOpts = let + adjustedConfigFile = if cfg.enableConfigCheck then + checkConfig cfg.configFile + else + checkConfigLocation cfg.configFile; + in { serviceConfig = { AmbientCapabilities = [ "CAP_NET_RAW" ]; # for ping probes ExecStart = '' ${pkgs.prometheus-blackbox-exporter}/bin/blackbox_exporter \ --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ - --config.file ${checkConfig cfg.configFile} \ + --config.file ${adjustedConfigFile} \ ${concatStringsSep " \\\n " cfg.extraFlags} ''; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; |