forked from mirrors/nixpkgs
b788467ec4
This fixes an issue with a recent addition of a config file
check in c28ded36ef
.
Previously it was possible to supply a path as a string
to `configFile`. Now it will fail checking the config file
during evaluation of the module due to sandboxing.
A toggle to disable the check, more informative log messages
and handling for various configFile values are added.
71 lines
2.1 KiB
Nix
71 lines
2.1 KiB
Nix
{ config, lib, pkgs, options }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
logPrefix = "services.prometheus.exporter.blackbox";
|
|
cfg = config.services.prometheus.exporters.blackbox;
|
|
|
|
# This ensures that we can deal with string paths, path types and
|
|
# store-path strings with context.
|
|
coerceConfigFile = file:
|
|
if (builtins.isPath file) || (lib.isStorePath file) then
|
|
file
|
|
else
|
|
(lib.warn ''
|
|
${logPrefix}: configuration file "${file}" is being copied to the nix-store.
|
|
If you would like to avoid that, please set enableConfigCheck to false.
|
|
'' /. + file);
|
|
checkConfigLocation = file:
|
|
if lib.hasPrefix "/tmp/" file then
|
|
throw
|
|
"${logPrefix}: configuration file must not reside within /tmp - it won't be visible to the systemd service."
|
|
else
|
|
true;
|
|
checkConfig = file:
|
|
pkgs.runCommand "checked-blackbox-exporter.conf" {
|
|
preferLocalBuild = true;
|
|
buildInputs = [ pkgs.buildPackages.prometheus-blackbox-exporter ];
|
|
} ''
|
|
ln -s ${coerceConfigFile file} $out
|
|
blackbox_exporter --config.check --config.file $out
|
|
'';
|
|
in {
|
|
port = 9115;
|
|
extraOpts = {
|
|
configFile = mkOption {
|
|
type = types.path;
|
|
description = ''
|
|
Path to configuration file.
|
|
'';
|
|
};
|
|
enableConfigCheck = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description = ''
|
|
Whether to run a correctness check for the configuration file. This depends
|
|
on the configuration file residing in the nix-store. Paths passed as string will
|
|
be copied to the store.
|
|
'';
|
|
};
|
|
};
|
|
|
|
serviceOpts = let
|
|
adjustedConfigFile = if cfg.enableConfigCheck then
|
|
checkConfig cfg.configFile
|
|
else
|
|
checkConfigLocation cfg.configFile;
|
|
in {
|
|
serviceConfig = {
|
|
AmbientCapabilities = [ "CAP_NET_RAW" ]; # for ping probes
|
|
ExecStart = ''
|
|
${pkgs.prometheus-blackbox-exporter}/bin/blackbox_exporter \
|
|
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
|
--config.file ${adjustedConfigFile} \
|
|
${concatStringsSep " \\\n " cfg.extraFlags}
|
|
'';
|
|
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
|
};
|
|
};
|
|
}
|