diff options
author | Enno Lohmeier <enno@nerdworks.de> | 2019-02-18 21:52:13 +0100 |
---|---|---|
committer | Enno Lohmeier <enno@nerdworks.de> | 2019-04-11 20:34:31 +0200 |
commit | da7aeb1b7d24eb166201aa186092e1e2907a3b50 (patch) | |
tree | 470a810513f93ba1114a9b724f05e6ae026959a6 /nixos/modules | |
parent | d95c4d799c4e1fc4c8667313a3c63f337f121870 (diff) | |
download | nixpkgs-da7aeb1b7d24eb166201aa186092e1e2907a3b50.tar nixpkgs-da7aeb1b7d24eb166201aa186092e1e2907a3b50.tar.gz nixpkgs-da7aeb1b7d24eb166201aa186092e1e2907a3b50.tar.bz2 nixpkgs-da7aeb1b7d24eb166201aa186092e1e2907a3b50.tar.lz nixpkgs-da7aeb1b7d24eb166201aa186092e1e2907a3b50.tar.xz nixpkgs-da7aeb1b7d24eb166201aa186092e1e2907a3b50.tar.zst nixpkgs-da7aeb1b7d24eb166201aa186092e1e2907a3b50.zip |
prometheus: add tls_config
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/default.nix | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/default.nix b/nixos/modules/services/monitoring/prometheus/default.nix index 25385be9704..0d73551dc07 100644 --- a/nixos/modules/services/monitoring/prometheus/default.nix +++ b/nixos/modules/services/monitoring/prometheus/default.nix @@ -237,6 +237,14 @@ let Optional http login credentials for metrics scraping. ''; }; + tls_config = mkOption { + type = types.nullOr promTypes.tls_config; + default = null; + apply = x: mapNullable _filter x; + description = '' + Configures the scrape request's TLS settings. + ''; + }; dns_sd_configs = mkOption { type = types.listOf promTypes.dns_sd_config; default = []; @@ -431,6 +439,48 @@ let }; }; + promTypes.tls_config = types.submodule { + options = { + ca_file = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + CA certificate to validate API server certificate with. + ''; + }; + cert_file = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Certificate file for client cert authentication to the server. + ''; + }; + key_file = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Key file for client cert authentication to the server. + ''; + }; + server_name = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + ServerName extension to indicate the name of the server. + http://tools.ietf.org/html/rfc4366#section-3.1 + ''; + }; + insecure_skip_verify = mkOption { + type = types.bool; + default = false; + description = '' + Disable validation of the server certificate. + ''; + }; + }; + }; + + in { options = { services.prometheus = { |