JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nixos/prometheus/exporters: assert that openFirewall is true if firewallFilter is declared

Browse Source
This commit is contained in:
Maximilian Bosch 2021-03-05 13:35:16 +01:00
parent b4bd584b64
commit 2838365903
No known key found for this signature in database
GPG Key ID: 091DBF4D1FC46B8E
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
nixos/modules/services/monitoring/prometheus/exporters.nix
View File

@ -3,7 +3,7 @@
let let
inherit (lib) concatStrings foldl foldl' genAttrs literalExample maintainers inherit (lib) concatStrings foldl foldl' genAttrs literalExample maintainers
mapAttrsToList mkDefault mkEnableOption mkIf mkMerge mkOption mapAttrsToList mkDefault mkEnableOption mkIf mkMerge mkOption
optional types; optional types mkOptionDefault flip attrNames;
cfg = config.services.prometheus.exporters; cfg = config.services.prometheus.exporters;
@ -93,9 +93,8 @@ let
''; '';
}; };
firewallFilter = mkOption { firewallFilter = mkOption {
type = types.str; type = types.nullOr types.str;
default = "-p tcp -m tcp --dport ${toString cfg.${name}.port}"; default = null;
defaultText = "-p tcp -m tcp --dport ${toString port}";
example = literalExample '' example = literalExample ''
"-i eth0 -p tcp -m tcp --dport ${toString port}" "-i eth0 -p tcp -m tcp --dport ${toString port}"
''; '';
@ -123,12 +122,14 @@ let
mkSubModule = { name, port, extraOpts, imports }: { mkSubModule = { name, port, extraOpts, imports }: {
${name} = mkOption { ${name} = mkOption {
type = types.submodule { type = types.submodule [{
inherit imports; inherit imports;
options = (mkExporterOpts { options = (mkExporterOpts {
inherit name port; inherit name port;
} // extraOpts); } // extraOpts);
}; } ({ config, ... }: mkIf config.openFirewall {
firewallFilter = mkOptionDefault "-p tcp -m tcp --dport ${toString config.port}";
})];
internal = true; internal = true;
default = {}; default = {};
}; };
@ -233,7 +234,13 @@ in
Please specify either 'services.prometheus.exporters.sql.configuration' or Please specify either 'services.prometheus.exporters.sql.configuration' or
'services.prometheus.exporters.sql.configFile' 'services.prometheus.exporters.sql.configFile'
''; '';
} ]; } ] ++ (flip map (attrNames cfg) (exporter: {
assertion = cfg.${exporter}.firewallFilter != null -> cfg.${exporter}.openFirewall;
message = ''
The `firewallFilter'-option of exporter ${exporter} doesn't have any effect unless
`openFirewall' is set to `true'!
'';
}));
}] ++ [(mkIf config.services.minio.enable { }] ++ [(mkIf config.services.minio.enable {
services.prometheus.exporters.minio.minioAddress = mkDefault "http://localhost:9000"; services.prometheus.exporters.minio.minioAddress = mkDefault "http://localhost:9000";
services.prometheus.exporters.minio.minioAccessKey = mkDefault config.services.minio.accessKey; services.prometheus.exporters.minio.minioAccessKey = mkDefault config.services.minio.accessKey;