nixos/prometheus/exporters: assert that openFirewall is true if firewallFilter is declared
				
					
				
			This commit is contained in:
		
							parent
							
								
									b4bd584b64
								
							
						
					
					
						commit
						2838365903
					
				| @ -3,7 +3,7 @@ | |||||||
| let | let | ||||||
|   inherit (lib) concatStrings foldl foldl' genAttrs literalExample maintainers |   inherit (lib) concatStrings foldl foldl' genAttrs literalExample maintainers | ||||||
|                 mapAttrsToList mkDefault mkEnableOption mkIf mkMerge mkOption |                 mapAttrsToList mkDefault mkEnableOption mkIf mkMerge mkOption | ||||||
|                 optional types; |                 optional types mkOptionDefault flip attrNames; | ||||||
| 
 | 
 | ||||||
|   cfg = config.services.prometheus.exporters; |   cfg = config.services.prometheus.exporters; | ||||||
| 
 | 
 | ||||||
| @ -93,9 +93,8 @@ let | |||||||
|       ''; |       ''; | ||||||
|     }; |     }; | ||||||
|     firewallFilter = mkOption { |     firewallFilter = mkOption { | ||||||
|       type = types.str; |       type = types.nullOr types.str; | ||||||
|       default = "-p tcp -m tcp --dport ${toString cfg.${name}.port}"; |       default = null; | ||||||
|       defaultText = "-p tcp -m tcp --dport ${toString port}"; |  | ||||||
|       example = literalExample '' |       example = literalExample '' | ||||||
|         "-i eth0 -p tcp -m tcp --dport ${toString port}" |         "-i eth0 -p tcp -m tcp --dport ${toString port}" | ||||||
|       ''; |       ''; | ||||||
| @ -123,12 +122,14 @@ let | |||||||
| 
 | 
 | ||||||
|   mkSubModule = { name, port, extraOpts, imports }: { |   mkSubModule = { name, port, extraOpts, imports }: { | ||||||
|     ${name} = mkOption { |     ${name} = mkOption { | ||||||
|       type = types.submodule { |       type = types.submodule [{ | ||||||
|         inherit imports; |         inherit imports; | ||||||
|         options = (mkExporterOpts { |         options = (mkExporterOpts { | ||||||
|           inherit name port; |           inherit name port; | ||||||
|         } // extraOpts); |         } // extraOpts); | ||||||
|       }; |       } ({ config, ... }: mkIf config.openFirewall { | ||||||
|  |         firewallFilter = mkOptionDefault "-p tcp -m tcp --dport ${toString config.port}"; | ||||||
|  |       })]; | ||||||
|       internal = true; |       internal = true; | ||||||
|       default = {}; |       default = {}; | ||||||
|     }; |     }; | ||||||
| @ -233,7 +234,13 @@ in | |||||||
|         Please specify either 'services.prometheus.exporters.sql.configuration' or |         Please specify either 'services.prometheus.exporters.sql.configuration' or | ||||||
|           'services.prometheus.exporters.sql.configFile' |           'services.prometheus.exporters.sql.configFile' | ||||||
|       ''; |       ''; | ||||||
|     } ]; |     } ] ++ (flip map (attrNames cfg) (exporter: { | ||||||
|  |       assertion = cfg.${exporter}.firewallFilter != null -> cfg.${exporter}.openFirewall; | ||||||
|  |       message = '' | ||||||
|  |         The `firewallFilter'-option of exporter ${exporter} doesn't have any effect unless | ||||||
|  |         `openFirewall' is set to `true'! | ||||||
|  |       ''; | ||||||
|  |     })); | ||||||
|   }] ++ [(mkIf config.services.minio.enable { |   }] ++ [(mkIf config.services.minio.enable { | ||||||
|     services.prometheus.exporters.minio.minioAddress  = mkDefault "http://localhost:9000"; |     services.prometheus.exporters.minio.minioAddress  = mkDefault "http://localhost:9000"; | ||||||
|     services.prometheus.exporters.minio.minioAccessKey = mkDefault config.services.minio.accessKey; |     services.prometheus.exporters.minio.minioAccessKey = mkDefault config.services.minio.accessKey; | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Maximilian Bosch
						Maximilian Bosch