cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
nixpkgs/nixos/modules/services/tracing/tempo.nix
Maximilian Bosch 10c6be32e4
nixos/tempo: add extraFlags option 
Main use-case for me is to specify `-config.expand-env=true` which
allows me inject secrets via systemd's environment file mechanism[1]
like this:

    storage.trace.s3 = {
      /* all the other stuff */
      secret_key = "\${GARAGE_SECRET_KEY}";
    };

[1] https://grafana.com/docs/tempo/latest/configuration/#use-environment-variables-in-the-configuration
2023-08-14 18:07:24 +02:00

80 lines
2.1 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
inherit (lib) mkEnableOption mkIf mkOption types;
cfg = config.services.tempo;
settingsFormat = pkgs.formats.yaml {};
in {
options.services.tempo = {
enable = mkEnableOption (lib.mdDoc "Grafana Tempo");
settings = mkOption {
type = settingsFormat.type;
default = {};
description = lib.mdDoc ''
Specify the configuration for Tempo in Nix.
See https://grafana.com/docs/tempo/latest/configuration/ for available options.
'';
};
configFile = mkOption {
type = types.nullOr types.path;
default = null;
description = lib.mdDoc ''
Specify a path to a configuration file that Tempo should use.
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
example = lib.literalExpression
''
[ "-config.expand-env=true" ]
'';
description = lib.mdDoc ''
Additional flags to pass to the `ExecStart=` in `tempo.service`.
'';
};
};
config = mkIf cfg.enable {
# for tempo-cli and friends
environment.systemPackages = [ pkgs.tempo ];
assertions = [{
assertion = (
(cfg.settings == {}) != (cfg.configFile == null)
);
message = ''
Please specify a configuration for Tempo with either
'services.tempo.settings' or
'services.tempo.configFile'.
'';
}];
systemd.services.tempo = {
description = "Grafana Tempo Service Daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = let
conf = if cfg.configFile == null
then settingsFormat.generate "config.yaml" cfg.settings
else cfg.configFile;
in
{
ExecStart = "${pkgs.tempo}/bin/tempo --config.file=${conf} ${lib.escapeShellArgs cfg.extraFlags}";
DynamicUser = true;
Restart = "always";
ProtectSystem = "full";
DevicePolicy = "closed";
NoNewPrivileges = true;
WorkingDirectory = "/var/lib/tempo";
StateDirectory = "tempo";
};
};
};
}
Reference in a new issue View git blame Copy permalink