summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authorSilvan Mosberger <contact@infinisil.com>2020-01-24 18:48:59 +0100
committerGitHub <noreply@github.com>2020-01-24 18:48:59 +0100
commit342bc51089ac8da4c812cee61795fb9bd8030703 (patch)
tree2a20cd0e0575e9de5b3354c0aec0bae5580ed133 /nixos
parent7c08ba312b0b26835c26506b6b754613e658f5ba (diff)
parented6e4a936c116fe4e9822b9b5b247aa013012ef7 (diff)
downloadnixpkgs-342bc51089ac8da4c812cee61795fb9bd8030703.tar
nixpkgs-342bc51089ac8da4c812cee61795fb9bd8030703.tar.gz
nixpkgs-342bc51089ac8da4c812cee61795fb9bd8030703.tar.bz2
nixpkgs-342bc51089ac8da4c812cee61795fb9bd8030703.tar.lz
nixpkgs-342bc51089ac8da4c812cee61795fb9bd8030703.tar.xz
nixpkgs-342bc51089ac8da4c812cee61795fb9bd8030703.tar.zst
nixpkgs-342bc51089ac8da4c812cee61795fb9bd8030703.zip
Merge pull request #78358 from serokell/yorickvp/alertmanager-secret
nixos/alertmanager: add environmentFile, envsubst for secrets
Diffstat (limited to 'nixos')
-rw-r--r--nixos/modules/services/monitoring/prometheus/alertmanager.nix21
1 files changed, 19 insertions, 2 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/alertmanager.nix b/nixos/modules/services/monitoring/prometheus/alertmanager.nix
index 9af6b1d94f3..2e8433fbc88 100644
--- a/nixos/modules/services/monitoring/prometheus/alertmanager.nix
+++ b/nixos/modules/services/monitoring/prometheus/alertmanager.nix
@@ -18,7 +18,7 @@ let
     in checkedConfig yml;
 
   cmdlineArgs = cfg.extraFlags ++ [
-    "--config.file ${alertmanagerYml}"
+    "--config.file /tmp/alert-manager-substituted.yaml"
     "--web.listen-address ${cfg.listenAddress}:${toString cfg.port}"
     "--log.level ${cfg.logLevel}"
     ] ++ (optional (cfg.webExternalUrl != null)
@@ -127,6 +127,18 @@ in {
           Extra commandline options when launching the Alertmanager.
         '';
       };
+
+      environmentFile = mkOption {
+        type = types.nullOr types.path;
+        default = null;
+        example = "/root/alertmanager.env";
+        description = ''
+          File to load as environment file. Environment variables
+          from this file will be interpolated into the config file
+          using envsubst with this syntax:
+          <literal>$ENVIRONMENT ''${VARIABLE}</literal>
+        '';
+      };
     };
   };
 
@@ -144,9 +156,14 @@ in {
       systemd.services.alertmanager = {
         wantedBy = [ "multi-user.target" ];
         after    = [ "network.target" ];
+        preStart = ''
+           ${lib.getBin pkgs.envsubst}/bin/envsubst -o /tmp/alert-manager-substituted.yaml" \
+                                                    -i ${alertmanagerYml}"
+        '';
         serviceConfig = {
           Restart  = "always";
-          DynamicUser = true;
+          DynamicUser = true; # implies PrivateTmp
+          EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
           WorkingDirectory = "/tmp";
           ExecStart = "${cfg.package}/bin/alertmanager" +
             optionalString (length cmdlineArgs != 0) (" \\\n  " +
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-02 20:48:41 +0000