nixos/prometheus: add checkConfig

Workaround for https://github.com/prometheus/prometheus/issues/5222
This commit is contained in:
Andrew Childs 2019-11-17 14:35:33 +09:00 committed by Alyssa Ross
parent e271476a4e
commit 01f03f30db

View File

@ -9,12 +9,13 @@ let
# a wrapper that verifies that the configuration is valid # a wrapper that verifies that the configuration is valid
promtoolCheck = what: name: file: promtoolCheck = what: name: file:
if cfg.checkConfig then
pkgs.runCommand pkgs.runCommand
"${name}-${replaceStrings [" "] [""] what}-checked" "${name}-${replaceStrings [" "] [""] what}-checked"
{ buildInputs = [ cfg.package ]; } '' { buildInputs = [ cfg.package ]; } ''
ln -s ${file} $out ln -s ${file} $out
promtool ${what} $out promtool ${what} $out
''; '' else file;
# Pretty-print JSON to a file # Pretty-print JSON to a file
writePrettyJSON = name: x: writePrettyJSON = name: x:
@ -601,6 +602,20 @@ in {
if Prometheus is served via a reverse proxy). if Prometheus is served via a reverse proxy).
''; '';
}; };
checkConfig = mkOption {
type = types.bool;
default = true;
description = ''
Check configuration with <literal>promtool
check</literal>. The call to <literal>promtool</literal> is
subject to sandboxing by Nix. When credentials are stored in
external files (<literal>password_file</literal>,
<literal>bearer_token_file</literal>, etc), they will not be
visible to <literal>promtool</literal> and it will report
errors, despite a correct configuration.
'';
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {