cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

nixos/prometheus/exporters: assert that openFirewall is true if firewallFilter is declared

Browse source
This commit is contained in:
Maximilian Bosch 2021-03-05 13:35:16 +01:00
parent b4bd584b64
commit 2838365903
No known key found for this signature in database
GPG key ID: 091DBF4D1FC46B8E
1 changed files with 14 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
nixos/modules/services/monitoring/prometheus/exporters.nix
View file

@ -3,7 +3,7 @@
let
inherit (lib) concatStrings foldl foldl' genAttrs literalExample maintainers
mapAttrsToList mkDefault mkEnableOption mkIf mkMerge mkOption
optional types;
optional types mkOptionDefault flip attrNames;
cfg = config.services.prometheus.exporters;
@ -93,9 +93,8 @@ let
'';
};
firewallFilter = mkOption {
type = types.str;
default = "-p tcp -m tcp --dport ${toString cfg.${name}.port}";
defaultText = "-p tcp -m tcp --dport ${toString port}";
type = types.nullOr types.str;
default = null;
example = literalExample ''
"-i eth0 -p tcp -m tcp --dport ${toString port}"
'';
@ -123,12 +122,14 @@ let
mkSubModule = { name, port, extraOpts, imports }: {
${name} = mkOption {
type = types.submodule {
type = types.submodule [{
inherit imports;
options = (mkExporterOpts {
inherit name port;
} // extraOpts);
};
} ({ config, ... }: mkIf config.openFirewall {
firewallFilter = mkOptionDefault "-p tcp -m tcp --dport ${toString config.port}";
})];
internal = true;
default = {};
};
@ -233,7 +234,13 @@ in
Please specify either 'services.prometheus.exporters.sql.configuration' or
'services.prometheus.exporters.sql.configFile'
'';
} ];
} ] ++ (flip map (attrNames cfg) (exporter: {
assertion = cfg.${exporter}.firewallFilter != null -> cfg.${exporter}.openFirewall;
message = ''
The `firewallFilter'-option of exporter ${exporter} doesn't have any effect unless
`openFirewall' is set to `true'!
'';
}));
}] ++ [(mkIf config.services.minio.enable {
services.prometheus.exporters.minio.minioAddress = mkDefault "http://localhost:9000";
services.prometheus.exporters.minio.minioAccessKey = mkDefault config.services.minio.accessKey;