New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/kibana: add passwordFile option (#24288) #30662
Conversation
deb7c56
to
4fecf6d
Compare
Tested & fixed the expression producing an error when no password was set. |
4fecf6d
to
268325e
Compare
''} | ||
${optionalString (cfg.elasticsearch.passwordFile != null) '' | ||
ELASTIC_PASSWORD=$(head -n1 ${cfg.elasticsearch.passwordFile}) | ||
sed -e "s,PASSWORD_REPLACED_PRESTART,$ELASTIC_PASSWORD,g" -i ${cfgFileRun} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This fails if there are special characters like "
in the password. Is there a better approach?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this will fail, bash doesn't interpret the quotes in an expanded string.
${optionalString (cfg.elasticsearch.passwordFile == null) '' | ||
sed -e 's,"password":"PASSWORD_REPLACED_PRESTART"\,,,g' -i ${cfgFileRun} | ||
''} | ||
${optionalString (cfg.elasticsearch.passwordFile != null) '' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use
if (cfg.elasticsearch.passwordFile == null) then ''
sed ...
'' else ''
ELASTIC_PASSWORD=...
''
instead
''} | ||
${optionalString (cfg.elasticsearch.passwordFile != null) '' | ||
ELASTIC_PASSWORD=$(head -n1 ${cfg.elasticsearch.passwordFile}) | ||
sed -e "s,PASSWORD_REPLACED_PRESTART,$ELASTIC_PASSWORD,g" -i ${cfgFileRun} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this will fail, bash doesn't interpret the quotes in an expanded string.
Ping |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See @infinisil's comments
Sorry, I am no longer using Kibana on NixOS so I cannot maintain this pull request. If anyone wants to take over, please do! |
Motivation for this change
Added a warning if the elasticsearch password is stored in the nix store, added the
passwordFile
option to be used instead.Tested Kibana 5 by looking at the generated
/var/lib/kibana/config.json
, once with thepassword
option set and once using thepasswordFile
option.Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)