about summary refs log tree commit diff
path: root/nixos/modules/services/monitoring
diff options
context:
space:
mode:
authorWilliButz <WilliButz@users.noreply.github.com>2023-12-18 15:09:35 +0100
committerGitHub <noreply@github.com>2023-12-18 15:09:35 +0100
commit92ad5c907c4bd00ad2af1ec36cc7894361dd88f0 (patch)
tree1c25ce790878f65dc3f85d871d087ac68790dcb9 /nixos/modules/services/monitoring
parent45052e5e525eda445180b39650e53d014dff5c55 (diff)
parent6430b7a181ddbe4774da00b30df9cf35d37ada30 (diff)
downloadnixlib-92ad5c907c4bd00ad2af1ec36cc7894361dd88f0.tar
nixlib-92ad5c907c4bd00ad2af1ec36cc7894361dd88f0.tar.gz
nixlib-92ad5c907c4bd00ad2af1ec36cc7894361dd88f0.tar.bz2
nixlib-92ad5c907c4bd00ad2af1ec36cc7894361dd88f0.tar.lz
nixlib-92ad5c907c4bd00ad2af1ec36cc7894361dd88f0.tar.xz
nixlib-92ad5c907c4bd00ad2af1ec36cc7894361dd88f0.tar.zst
nixlib-92ad5c907c4bd00ad2af1ec36cc7894361dd88f0.zip
Merge pull request #274543 from fugidev/sabnzbd-exporter-loadcredential
nixos/prometheus-sabnzbd-exporter: use LoadCredential for apiKeyFile
Diffstat (limited to 'nixos/modules/services/monitoring')
-rw-r--r--nixos/modules/services/monitoring/prometheus/exporters/sabnzbd.nix22
1 files changed, 16 insertions, 6 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/sabnzbd.nix b/nixos/modules/services/monitoring/prometheus/exporters/sabnzbd.nix
index 411277494013..b9ab305f7c08 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/sabnzbd.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/sabnzbd.nix
@@ -19,7 +19,11 @@ in
           };
           apiKeyFile = mkOption {
             type = types.str;
-            description = "File containing the API key.";
+            description = ''
+              The path to a file containing the API key.
+              The file is securely passed to the service by leveraging systemd credentials.
+              No special permissions need to be set on this file.
+            '';
             example = "/run/secrets/sabnzbd_apikey";
           };
         };
@@ -30,18 +34,24 @@ in
   serviceOpts =
     let
       servers = lib.zipAttrs cfg.servers;
-      apiKeys = lib.concatStringsSep "," (builtins.map (file: "$(cat ${file})") servers.apiKeyFile);
+      credentials = lib.imap0 (i: v: { name = "apikey-${toString i}"; path = v; }) servers.apiKeyFile;
     in
     {
+      serviceConfig.LoadCredential = builtins.map ({ name, path }: "${name}:${path}") credentials;
+
       environment = {
         METRICS_PORT = toString cfg.port;
         METRICS_ADDR = cfg.listenAddress;
         SABNZBD_BASEURLS = lib.concatStringsSep "," servers.baseUrl;
       };
 
-      script = ''
-        export SABNZBD_APIKEYS="${apiKeys}"
-        exec ${lib.getExe pkgs.prometheus-sabnzbd-exporter}
-      '';
+      script =
+        let
+          apiKeys = lib.concatStringsSep "," (builtins.map (cred: "$(< $CREDENTIALS_DIRECTORY/${cred.name})") credentials);
+        in
+        ''
+          export SABNZBD_APIKEYS="${apiKeys}"
+          exec ${lib.getExe pkgs.prometheus-sabnzbd-exporter}
+        '';
     };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-30 13:39:07 +0000