summary refs log tree commit diff
path: root/nixos/modules/services/monitoring/prometheus/default.nix
diff options
context:
space:
mode:
authorAndrew Childs <lorne@cons.org.nz>2019-11-17 14:35:33 +0900
committerAlyssa Ross <hi@alyssa.is>2020-03-14 04:40:55 +0000
commit01f03f30db5755349b857b6939100bbb4c32303e (patch)
tree1f3fa19b245a386f6589175b936985a7df2d1a3f /nixos/modules/services/monitoring/prometheus/default.nix
parente271476a4ebdfcf655c1d7d63d3bc81c79da7559 (diff)
downloadnixpkgs-01f03f30db5755349b857b6939100bbb4c32303e.tar
nixpkgs-01f03f30db5755349b857b6939100bbb4c32303e.tar.gz
nixpkgs-01f03f30db5755349b857b6939100bbb4c32303e.tar.bz2
nixpkgs-01f03f30db5755349b857b6939100bbb4c32303e.tar.lz
nixpkgs-01f03f30db5755349b857b6939100bbb4c32303e.tar.xz
nixpkgs-01f03f30db5755349b857b6939100bbb4c32303e.tar.zst
nixpkgs-01f03f30db5755349b857b6939100bbb4c32303e.zip
nixos/prometheus: add checkConfig
Workaround for https://github.com/prometheus/prometheus/issues/5222
Diffstat (limited to 'nixos/modules/services/monitoring/prometheus/default.nix')
-rw-r--r--nixos/modules/services/monitoring/prometheus/default.nix27
1 files changed, 21 insertions, 6 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/default.nix b/nixos/modules/services/monitoring/prometheus/default.nix
index b67f697ca0d..6b1a4be44d1 100644
--- a/nixos/modules/services/monitoring/prometheus/default.nix
+++ b/nixos/modules/services/monitoring/prometheus/default.nix
@@ -9,12 +9,13 @@ let
 
   # a wrapper that verifies that the configuration is valid
   promtoolCheck = what: name: file:
-    pkgs.runCommand
-      "${name}-${replaceStrings [" "] [""] what}-checked"
-      { buildInputs = [ cfg.package ]; } ''
-    ln -s ${file} $out
-    promtool ${what} $out
-  '';
+    if cfg.checkConfig then
+      pkgs.runCommand
+        "${name}-${replaceStrings [" "] [""] what}-checked"
+        { buildInputs = [ cfg.package ]; } ''
+      ln -s ${file} $out
+      promtool ${what} $out
+    '' else file;
 
   # Pretty-print JSON to a file
   writePrettyJSON = name: x:
@@ -601,6 +602,20 @@ in {
         if Prometheus is served via a reverse proxy).
       '';
     };
+
+    checkConfig = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Check configuration with <literal>promtool
+        check</literal>. The call to <literal>promtool</literal> is
+        subject to sandboxing by Nix. When credentials are stored in
+        external files (<literal>password_file</literal>,
+        <literal>bearer_token_file</literal>, etc), they will not be
+        visible to <literal>promtool</literal> and it will report
+        errors, despite a correct configuration.
+      '';
+    };
   };
 
   config = mkIf cfg.enable {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-11 21:21:59 +0000