diff options
author | Cole Helbling <cole.helbling@determinate.systems> | 2022-05-12 10:40:26 -0700 |
---|---|---|
committer | Cole Helbling <cole.e.helbling@outlook.com> | 2022-05-17 10:45:49 -0700 |
commit | c0723eef37468a1783d3e2fde84e25b3e502f45c (patch) | |
tree | df04d1df6ffdcde503cccfca90281a11481b1822 | |
parent | 1ce150625545392bdb2e0de707653edda40ac18b (diff) | |
download | nixpkgs-c0723eef37468a1783d3e2fde84e25b3e502f45c.tar nixpkgs-c0723eef37468a1783d3e2fde84e25b3e502f45c.tar.gz nixpkgs-c0723eef37468a1783d3e2fde84e25b3e502f45c.tar.bz2 nixpkgs-c0723eef37468a1783d3e2fde84e25b3e502f45c.tar.lz nixpkgs-c0723eef37468a1783d3e2fde84e25b3e502f45c.tar.xz nixpkgs-c0723eef37468a1783d3e2fde84e25b3e502f45c.tar.zst nixpkgs-c0723eef37468a1783d3e2fde84e25b3e502f45c.zip |
nixos/prometheus: enable checking syntax only
This allows config checking with external files to not fail inside the sandbox.
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/default.nix | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/default.nix b/nixos/modules/services/monitoring/prometheus/default.nix index ceb2db1faef..41848c1c6d3 100644 --- a/nixos/modules/services/monitoring/prometheus/default.nix +++ b/nixos/modules/services/monitoring/prometheus/default.nix @@ -5,6 +5,9 @@ with lib; let json = pkgs.formats.json { }; cfg = config.services.prometheus; + checkConfigEnabled = + (lib.isBool cfg.checkConfig && cfg.checkConfig) + || cfg.checkConfig == "syntax-only"; workingDir = "/var/lib/" + cfg.stateDir; @@ -27,7 +30,7 @@ let # a wrapper that verifies that the configuration is valid promtoolCheck = what: name: file: - if cfg.checkConfig then + if checkConfigEnabled then pkgs.runCommandLocal "${name}-${replaceStrings [" "] [""] what}-checked" { buildInputs = [ cfg.package ]; } '' @@ -58,7 +61,7 @@ let pkgs.writeText "prometheus.yml" cfg.configText else generatedPrometheusYml; in - promtoolCheck "check config" "prometheus.yml" yml; + promtoolCheck "check config ${lib.optionalString (cfg.checkConfig == "syntax-only") "--syntax-only"}" "prometheus.yml" yml; cmdlineArgs = cfg.extraFlags ++ [ "--storage.tsdb.path=${workingDir}/data/" @@ -1726,16 +1729,20 @@ in }; checkConfig = mkOption { - type = types.bool; + type = with types; either bool (enum [ "syntax-only" ]); default = true; + example = "syntax-only"; description = '' Check configuration with <literal>promtool check</literal>. The call to <literal>promtool</literal> is - subject to sandboxing by Nix. When credentials are stored in - external files (<literal>password_file</literal>, - <literal>bearer_token_file</literal>, etc), they will not be - visible to <literal>promtool</literal> and it will report - errors, despite a correct configuration. + subject to sandboxing by Nix. + + If you use credentials stored in external files + (<literal>password_file</literal>, <literal>bearer_token_file</literal>, etc), + they will not be visible to <literal>promtool</literal> + and it will report errors, despite a correct configuration. + To resolve this, you may set this option to <literal>"syntax-only"</literal> + in order to only syntax check the Prometheus configuration. ''; }; |