diff options
author | WilliButz <WilliButz@users.noreply.github.com> | 2023-12-18 15:09:35 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-12-18 15:09:35 +0100 |
commit | 92ad5c907c4bd00ad2af1ec36cc7894361dd88f0 (patch) | |
tree | 1c25ce790878f65dc3f85d871d087ac68790dcb9 /nixos/modules/services/monitoring | |
parent | 45052e5e525eda445180b39650e53d014dff5c55 (diff) | |
parent | 6430b7a181ddbe4774da00b30df9cf35d37ada30 (diff) | |
download | nixlib-92ad5c907c4bd00ad2af1ec36cc7894361dd88f0.tar nixlib-92ad5c907c4bd00ad2af1ec36cc7894361dd88f0.tar.gz nixlib-92ad5c907c4bd00ad2af1ec36cc7894361dd88f0.tar.bz2 nixlib-92ad5c907c4bd00ad2af1ec36cc7894361dd88f0.tar.lz nixlib-92ad5c907c4bd00ad2af1ec36cc7894361dd88f0.tar.xz nixlib-92ad5c907c4bd00ad2af1ec36cc7894361dd88f0.tar.zst nixlib-92ad5c907c4bd00ad2af1ec36cc7894361dd88f0.zip |
Merge pull request #274543 from fugidev/sabnzbd-exporter-loadcredential
nixos/prometheus-sabnzbd-exporter: use LoadCredential for apiKeyFile
Diffstat (limited to 'nixos/modules/services/monitoring')
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/exporters/sabnzbd.nix | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/sabnzbd.nix b/nixos/modules/services/monitoring/prometheus/exporters/sabnzbd.nix index 411277494013..b9ab305f7c08 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/sabnzbd.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/sabnzbd.nix @@ -19,7 +19,11 @@ in }; apiKeyFile = mkOption { type = types.str; - description = "File containing the API key."; + description = '' + The path to a file containing the API key. + The file is securely passed to the service by leveraging systemd credentials. + No special permissions need to be set on this file. + ''; example = "/run/secrets/sabnzbd_apikey"; }; }; @@ -30,18 +34,24 @@ in serviceOpts = let servers = lib.zipAttrs cfg.servers; - apiKeys = lib.concatStringsSep "," (builtins.map (file: "$(cat ${file})") servers.apiKeyFile); + credentials = lib.imap0 (i: v: { name = "apikey-${toString i}"; path = v; }) servers.apiKeyFile; in { + serviceConfig.LoadCredential = builtins.map ({ name, path }: "${name}:${path}") credentials; + environment = { METRICS_PORT = toString cfg.port; METRICS_ADDR = cfg.listenAddress; SABNZBD_BASEURLS = lib.concatStringsSep "," servers.baseUrl; }; - script = '' - export SABNZBD_APIKEYS="${apiKeys}" - exec ${lib.getExe pkgs.prometheus-sabnzbd-exporter} - ''; + script = + let + apiKeys = lib.concatStringsSep "," (builtins.map (cred: "$(< $CREDENTIALS_DIRECTORY/${cred.name})") credentials); + in + '' + export SABNZBD_APIKEYS="${apiKeys}" + exec ${lib.getExe pkgs.prometheus-sabnzbd-exporter} + ''; }; } |