summary refs log tree commit diff
diff options
context:
space:
mode:
authorMaximilian Bosch <maximilian@mbosch.me>2021-03-05 13:35:16 +0100
committerMaximilian Bosch <maximilian@mbosch.me>2021-03-05 13:35:16 +0100
commit2838365903f0f9d363bad8a1a6da9d1f706c1bd6 (patch)
tree1cea47ce9c2bc55d4940027f0b74650dc414f9e6
parentb4bd584b640d0bee0ab5a2d8dbbaf4f5e4ee53db (diff)
downloadnixpkgs-2838365903f0f9d363bad8a1a6da9d1f706c1bd6.tar
nixpkgs-2838365903f0f9d363bad8a1a6da9d1f706c1bd6.tar.gz
nixpkgs-2838365903f0f9d363bad8a1a6da9d1f706c1bd6.tar.bz2
nixpkgs-2838365903f0f9d363bad8a1a6da9d1f706c1bd6.tar.lz
nixpkgs-2838365903f0f9d363bad8a1a6da9d1f706c1bd6.tar.xz
nixpkgs-2838365903f0f9d363bad8a1a6da9d1f706c1bd6.tar.zst
nixpkgs-2838365903f0f9d363bad8a1a6da9d1f706c1bd6.zip
nixos/prometheus/exporters: assert that `openFirewall` is `true` if `firewallFilter` is declared
Diffstat
-rw-r--r--nixos/modules/services/monitoring/prometheus/exporters.nix21


1 files changed, 14 insertions, 7 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix
index b453b2418f6..2c765318945 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters.nix
@@ -3,7 +3,7 @@
 let
   inherit (lib) concatStrings foldl foldl' genAttrs literalExample maintainers
                 mapAttrsToList mkDefault mkEnableOption mkIf mkMerge mkOption
-                optional types;
+                optional types mkOptionDefault flip attrNames;
 
   cfg = config.services.prometheus.exporters;
 
@@ -93,9 +93,8 @@ let
       '';
     };
     firewallFilter = mkOption {
-      type = types.str;
-      default = "-p tcp -m tcp --dport ${toString cfg.${name}.port}";
-      defaultText = "-p tcp -m tcp --dport ${toString port}";
+      type = types.nullOr types.str;
+      default = null;
       example = literalExample ''
         "-i eth0 -p tcp -m tcp --dport ${toString port}"
       '';
@@ -123,12 +122,14 @@ let
 
   mkSubModule = { name, port, extraOpts, imports }: {
     ${name} = mkOption {
-      type = types.submodule {
+      type = types.submodule [{
         inherit imports;
         options = (mkExporterOpts {
           inherit name port;
         } // extraOpts);
-      };
+      } ({ config, ... }: mkIf config.openFirewall {
+        firewallFilter = mkOptionDefault "-p tcp -m tcp --dport ${toString config.port}";
+      })];
       internal = true;
       default = {};
     };
@@ -233,7 +234,13 @@ in
         Please specify either 'services.prometheus.exporters.sql.configuration' or
           'services.prometheus.exporters.sql.configFile'
       '';
-    } ];
+    } ] ++ (flip map (attrNames cfg) (exporter: {
+      assertion = cfg.${exporter}.firewallFilter != null -> cfg.${exporter}.openFirewall;
+      message = ''
+        The `firewallFilter'-option of exporter ${exporter} doesn't have any effect unless
+        `openFirewall' is set to `true'!
+      '';
+    }));
   }] ++ [(mkIf config.services.minio.enable {
     services.prometheus.exporters.minio.minioAddress  = mkDefault "http://localhost:9000";
     services.prometheus.exporters.minio.minioAccessKey = mkDefault config.services.minio.accessKey;

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-05 23:25:38 +0000