diff --git a/nixos/modules/services/monitoring/telegraf.nix b/nixos/modules/services/monitoring/telegraf.nix index 5d131557e8b..1fc17ec72da 100644 --- a/nixos/modules/services/monitoring/telegraf.nix +++ b/nixos/modules/services/monitoring/telegraf.nix @@ -5,14 +5,8 @@ with lib; let cfg = config.services.telegraf; - configFile = pkgs.runCommand "config.toml" { - buildInputs = [ pkgs.remarshal ]; - preferLocalBuild = true; - } '' - remarshal -if json -of toml \ - < ${pkgs.writeText "config.json" (builtins.toJSON cfg.extraConfig)} \ - > $out - ''; + settingsFormat = pkgs.formats.toml {}; + configFile = settingsFormat.generate "config.toml" cfg.extraConfig; in { ###### interface options = { @@ -26,10 +20,23 @@ in { type = types.package; }; + environmentFiles = mkOption { + type = types.nullOr (types.listOf types.path); + default = []; + example = "/run/keys/telegraf.env"; + description = '' + File to load as environment file. Environment variables + from this file will be interpolated into the config file + using envsubst with this syntax: + $ENVIRONMENT ''${VARIABLE} + This is useful to avoid putting secrets into the nix store. + ''; + }; + extraConfig = mkOption { default = {}; description = "Extra configuration options for telegraf"; - type = types.attrs; + type = settingsFormat.type; example = { outputs = { influxdb = { @@ -51,15 +58,28 @@ in { ###### implementation config = mkIf config.services.telegraf.enable { - systemd.services.telegraf = { + systemd.services.telegraf = let + finalConfigFile = if config.services.telegraf.environmentFiles == [] + then configFile + else "/var/run/telegraf/config.toml"; + in { description = "Telegraf Agent"; wantedBy = [ "multi-user.target" ]; after = [ "network-online.target" ]; serviceConfig = { - ExecStart=''${cfg.package}/bin/telegraf -config "${configFile}"''; + EnvironmentFile = config.services.telegraf.environmentFiles; + ExecStartPre = lib.optional (config.services.telegraf.environmentFiles != []) + (pkgs.writeShellScript "pre-start" '' + umask 077 + ${pkgs.envsubst}/bin/envsubst -i "${configFile}" > /var/run/telegraf/config.toml + ''); + ExecStart=''${cfg.package}/bin/telegraf -config ${finalConfigFile}''; ExecReload="${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + RuntimeDirectory = "telegraf"; User = "telegraf"; Restart = "on-failure"; + # for ping probes + AmbientCapabilities = [ "CAP_NET_RAW" ]; }; }; diff --git a/nixos/tests/telegraf.nix b/nixos/tests/telegraf.nix index 73f741b1135..938bbd518b5 100644 --- a/nixos/tests/telegraf.nix +++ b/nixos/tests/telegraf.nix @@ -6,12 +6,15 @@ import ./make-test-python.nix ({ pkgs, ...} : { machine = { ... }: { services.telegraf.enable = true; + services.telegraf.environmentFiles = [pkgs.writeText "secrets" '' + SECRET=example + '']; services.telegraf.extraConfig = { agent.interval = "1s"; agent.flush_interval = "1s"; inputs.exec = { commands = [ - "${pkgs.runtimeShell} -c 'echo example,tag=a i=42i'" + "${pkgs.runtimeShell} -c 'echo $SECRET,tag=a i=42i'" ]; timeout = "5s"; data_format = "influx"; diff --git a/pkgs/servers/monitoring/telegraf/default.nix b/pkgs/servers/monitoring/telegraf/default.nix index a12b9e50adb..fa94a3332a8 100644 --- a/pkgs/servers/monitoring/telegraf/default.nix +++ b/pkgs/servers/monitoring/telegraf/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "telegraf"; - version = "1.15.2"; + version = "1.16.2"; excludedPackages = "test"; @@ -12,19 +12,10 @@ buildGoModule rec { owner = "influxdata"; repo = "telegraf"; rev = "v${version}"; - sha256 = "045wjpq29dr0s48ns3a4p8pw1j0ssfcw6m91iim4pkrppj7bm2di"; + sha256 = "sha256-XdlXUwGn2isGn7SqCGaAjntposBEd6WbbdfN6dEycDI="; }; - patches = [ - # https://github.com/influxdata/telegraf/pull/7988 - # fix broken cgo vendoring - (fetchpatch { - url = "https://github.com/influxdata/telegraf/commit/63e1f41d8ff246d191d008ff7f69d69cc34b4fae.patch"; - sha256 = "0ikifc4414bid3g6hhxz18cw71z63s5g805klx98vrndjlpbqkzw"; - }) - ]; - - vendorSha256 = "0f95xigpkindd7dmci8kqpqq5dlirimbqh8ai73142asbrd5h4yr"; + vendorSha256 = "02fqx817w6f9grfc69ri06a6qygbr5chan6w9waq2y0mxvmypz28"; buildFlagsArray = [ ''-ldflags= -w -s -X main.version=${version}