Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: dbcc39372083
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 3ddf0b3a7235
Choose a head ref
  • 1 commit
  • 1 file changed
  • 1 contributor

Commits on Oct 18, 2019

  1. prometheus-blackbox-exporter: fixing path issue 

    This fixes an issue with a recent addition of a config file
check in c28ded3.

Previously it was possible to supply a path as a string
to `configFile`. Now it will fail checking the config file
during evaluation of the module due to sandboxing.

A toggle to disable the check, more informative log messages
and handling for various configFile values are added.

(cherry picked from commit b788467)
    @d-goldin @WilliButz
    d-goldin authored and WilliButz committed Oct 18, 2019

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    rycee Robert Helgesson
    GPG key ID: 36BDAA14C2797E89
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    3ddf0b3 View commit details
Showing with 43 additions and 10 deletions.
  1. +43 −10 nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix
53 changes: 43 additions & 10 deletions nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix
View file
Original file line number Diff line number Diff line change
@@ -3,16 +3,34 @@
with lib;

let
logPrefix = "services.prometheus.exporter.blackbox";
cfg = config.services.prometheus.exporters.blackbox;

checkConfig = file: pkgs.runCommand "checked-blackbox-exporter.conf" {
preferLocalBuild = true;
buildInputs = [ pkgs.buildPackages.prometheus-blackbox-exporter ]; } ''
ln -s ${file} $out
blackbox_exporter --config.check --config.file $out
'';
in
{
# This ensures that we can deal with string paths, path types and
# store-path strings with context.
coerceConfigFile = file:
if (builtins.isPath file) || (lib.isStorePath file) then
file
else
(lib.warn ''
${logPrefix}: configuration file "${file}" is being copied to the nix-store.
If you would like to avoid that, please set enableConfigCheck to false.
'' /. + file);
checkConfigLocation = file:
if lib.hasPrefix "/tmp/" file then
throw
"${logPrefix}: configuration file must not reside within /tmp - it won't be visible to the systemd service."
else
true;
checkConfig = file:
pkgs.runCommand "checked-blackbox-exporter.conf" {
preferLocalBuild = true;
buildInputs = [ pkgs.buildPackages.prometheus-blackbox-exporter ];
} ''
ln -s ${coerceConfigFile file} $out
blackbox_exporter --config.check --config.file $out
'';
in {
port = 9115;
extraOpts = {
configFile = mkOption {
@@ -21,14 +39,29 @@ in
Path to configuration file.
'';
};
enableConfigCheck = mkOption {
type = types.bool;
default = true;
description = ''
Whether to run a correctness check for the configuration file. This depends
on the configuration file residing in the nix-store. Paths passed as string will
be copied to the store.
'';
};
};
serviceOpts = {

serviceOpts = let
adjustedConfigFile = if cfg.enableConfigCheck then
checkConfig cfg.configFile
else
checkConfigLocation cfg.configFile;
in {
serviceConfig = {
AmbientCapabilities = [ "CAP_NET_RAW" ]; # for ping probes
ExecStart = ''
${pkgs.prometheus-blackbox-exporter}/bin/blackbox_exporter \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
--config.file ${checkConfig cfg.configFile} \
--config.file ${adjustedConfigFile} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";