pyrox.dev / nixpkgs
lol
fork atom

nixos/prometheus-*-exporter: escape shell args

Martin Milata 0ac24ccf 99a29107

options
unified split
Changed files
+19 -19
nixos
modules
services
monitoring
prometheus
exporters
blackbox.nix
collectd.nix
dnsmasq.nix
dovecot.nix
json.nix
mail.nix
minio.nix
nextcloud.nix
postfix.nix
snmp.nix
unifi.nix
varnish.nix
wireguard.nix
+1 -1
nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix 
···

       
61

       
61

       
 

       
      ExecStart = ''


     

       
62

       
62

       
 

       
        ${pkgs.prometheus-blackbox-exporter}/bin/blackbox_exporter \


     

       
63

       
63

       
 

       
          --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \


     

       
64

       

       
-

       
          --config.file ${adjustedConfigFile} \


     

       

       
64

       
+

       
          --config.file ${escapeShellArg adjustedConfigFile} \


     

       
65

       
65

       
 

       
          ${concatStringsSep " \\\n  " cfg.extraFlags}


     

       
66

       
66

       
 

       
      '';


     

       
67

       
67

       
 

       
      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+1 -1
nixos/modules/services/monitoring/prometheus/exporters/collectd.nix 
···

       
66

       
66

       
 

       
    serviceConfig = {


     

       
67

       
67

       
 

       
      ExecStart = ''


     

       
68

       
68

       
 

       
        ${pkgs.prometheus-collectd-exporter}/bin/collectd_exporter \


     

       
69

       

       
-

       
          -log.format ${cfg.logFormat} \


     

       

       
69

       
+

       
          -log.format ${escapeShellArg cfg.logFormat} \


     

       
70

       
70

       
 

       
          -log.level ${cfg.logLevel} \


     

       
71

       
71

       
 

       
          -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \


     

       
72

       
72

       
 

       
          ${collectSettingsArgs} \
+1 -1
nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix 
···

       
30

       
30

       
 

       
        ${pkgs.prometheus-dnsmasq-exporter}/bin/dnsmasq_exporter \


     

       
31

       
31

       
 

       
          --listen ${cfg.listenAddress}:${toString cfg.port} \


     

       
32

       
32

       
 

       
          --dnsmasq ${cfg.dnsmasqListenAddress} \


     

       
33

       

       
-

       
          --leases_path ${cfg.leasesPath} \


     

       

       
33

       
+

       
          --leases_path ${escapeShellArg cfg.leasesPath} \


     

       
34

       
34

       
 

       
          ${concatStringsSep " \\\n  " cfg.extraFlags}


     

       
35

       
35

       
 

       
      '';


     

       
36

       
36

       
 

       
    };
+1 -1
nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix 
···

       
64

       
64

       
 

       
        ${pkgs.prometheus-dovecot-exporter}/bin/dovecot_exporter \


     

       
65

       
65

       
 

       
          --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \


     

       
66

       
66

       
 

       
          --web.telemetry-path ${cfg.telemetryPath} \


     

       
67

       

       
-

       
          --dovecot.socket-path ${cfg.socketPath} \


     

       

       
67

       
+

       
          --dovecot.socket-path ${escapeShellArg cfg.socketPath} \


     

       
68

       
68

       
 

       
          --dovecot.scopes ${concatStringsSep "," cfg.scopes} \


     

       
69

       
69

       
 

       
          ${concatStringsSep " \\\n  " cfg.extraFlags}


     

       
70

       
70

       
 

       
      '';
+1 -1
nixos/modules/services/monitoring/prometheus/exporters/json.nix 
···

       
27

       
27

       
 

       
      ExecStart = ''


     

       
28

       
28

       
 

       
        ${pkgs.prometheus-json-exporter}/bin/prometheus-json-exporter \


     

       
29

       
29

       
 

       
          --port ${toString cfg.port} \


     

       
30

       

       
-

       
          ${cfg.url} ${cfg.configFile} \


     

       

       
30

       
+

       
          ${cfg.url} ${escapeShellArg cfg.configFile} \


     

       
31

       
31

       
 

       
          ${concatStringsSep " \\\n  " cfg.extraFlags}


     

       
32

       
32

       
 

       
      '';


     

       
33

       
33

       
 

       
    };
+1 -1
nixos/modules/services/monitoring/prometheus/exporters/mail.nix 
···

       
148

       
148

       
 

       
        ${pkgs.prometheus-mail-exporter}/bin/mailexporter \


     

       
149

       
149

       
 

       
          --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \


     

       
150

       
150

       
 

       
          --config.file ${


     

       
151

       

       
-

       
            if cfg.configuration != {} then configurationFile else cfg.configFile


     

       

       
151

       
+

       
            if cfg.configuration != {} then configurationFile else (escapeShellArg cfg.configFile)


     

       
152

       
152

       
 

       
          } \


     

       
153

       
153

       
 

       
          ${concatStringsSep " \\\n  " cfg.extraFlags}


     

       
154

       
154

       
 

       
      '';
+2 -2
nixos/modules/services/monitoring/prometheus/exporters/minio.nix 
···

       
54

       
54

       
 

       
        ${pkgs.prometheus-minio-exporter}/bin/minio-exporter \


     

       
55

       
55

       
 

       
          -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \


     

       
56

       
56

       
 

       
          -minio.server ${cfg.minioAddress} \


     

       
57

       

       
-

       
          -minio.access-key ${cfg.minioAccessKey} \


     

       
58

       

       
-

       
          -minio.access-secret ${cfg.minioAccessSecret} \


     

       

       
57

       
+

       
          -minio.access-key ${escapeShellArg cfg.minioAccessKey} \


     

       

       
58

       
+

       
          -minio.access-secret ${escapeShellArg cfg.minioAccessSecret} \


     

       
59

       
59

       
 

       
          ${optionalString cfg.minioBucketStats "-minio.bucket-stats"} \


     

       
60

       
60

       
 

       
          ${concatStringsSep " \\\n  " cfg.extraFlags}


     

       
61

       
61

       
 

       
      '';
+1 -1
nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix 
···

       
50

       
50

       
 

       
          -u ${cfg.username} \


     

       
51

       
51

       
 

       
          -t ${cfg.timeout} \


     

       
52

       
52

       
 

       
          -l ${cfg.url} \


     

       
53

       

       
-

       
          -p @${cfg.passwordFile} \


     

       

       
53

       
+

       
          -p ${escapeShellArg "@${cfg.passwordFile}"} \


     

       
54

       
54

       
 

       
          ${concatStringsSep " \\\n  " cfg.extraFlags}


     

       
55

       
55

       
 

       
      '';


     

       
56

       
56

       
 

       
    };
+3 -3
nixos/modules/services/monitoring/prometheus/exporters/postfix.nix 
···

       
67

       
67

       
 

       
        ${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \


     

       
68

       
68

       
 

       
          --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \


     

       
69

       
69

       
 

       
          --web.telemetry-path ${cfg.telemetryPath} \


     

       
70

       

       
-

       
          --postfix.showq_path ${cfg.showqPath} \


     

       

       
70

       
+

       
          --postfix.showq_path ${escapeShellArg cfg.showqPath} \


     

       
71

       
71

       
 

       
          ${concatStringsSep " \\\n  " (cfg.extraFlags


     

       
72

       
72

       
 

       
          ++ optional cfg.systemd.enable "--systemd.enable"


     

       
73

       
73

       
 

       
          ++ optional cfg.systemd.enable (if cfg.systemd.slice != null


     

       
74

       
74

       
 

       
                                          then "--systemd.slice ${cfg.systemd.slice}"


     

       
75

       
75

       
 

       
                                          else "--systemd.unit ${cfg.systemd.unit}")


     

       
76

       
76

       
 

       
          ++ optional (cfg.systemd.enable && (cfg.systemd.journalPath != null))


     

       
77

       

       
-

       
                       "--systemd.journal_path ${cfg.systemd.journalPath}"


     

       
78

       

       
-

       
          ++ optional (!cfg.systemd.enable) "--postfix.logfile_path ${cfg.logfilePath}")}


     

       

       
77

       
+

       
                       "--systemd.journal_path ${escapeShellArg cfg.systemd.journalPath}"


     

       

       
78

       
+

       
          ++ optional (!cfg.systemd.enable) "--postfix.logfile_path ${escapeShellArg cfg.logfilePath}")}


     

       
79

       
79

       
 

       
      '';


     

       
80

       
80

       
 

       
    };


     

       
81

       
81

       
 

       
  };
+2 -2
nixos/modules/services/monitoring/prometheus/exporters/snmp.nix 
···

       
59

       
59

       
 

       
    serviceConfig = {


     

       
60

       
60

       
 

       
      ExecStart = ''


     

       
61

       
61

       
 

       
        ${pkgs.prometheus-snmp-exporter.bin}/bin/snmp_exporter \


     

       
62

       

       
-

       
          --config.file=${configFile} \


     

       
63

       

       
-

       
          --log.format=${cfg.logFormat} \


     

       

       
62

       
+

       
          --config.file=${escapeShellArg configFile} \


     

       

       
63

       
+

       
          --log.format=${escapeShellArg cfg.logFormat} \


     

       
64

       
64

       
 

       
          --log.level=${cfg.logLevel} \


     

       
65

       
65

       
 

       
          --web.listen-address=${cfg.listenAddress}:${toString cfg.port} \


     

       
66

       
66

       
 

       
          ${concatStringsSep " \\\n  " cfg.extraFlags}
+2 -2
nixos/modules/services/monitoring/prometheus/exporters/unifi.nix 
···

       
55

       
55

       
 

       
        ${pkgs.prometheus-unifi-exporter}/bin/unifi_exporter \


     

       
56

       
56

       
 

       
          -telemetry.addr ${cfg.listenAddress}:${toString cfg.port} \


     

       
57

       
57

       
 

       
          -unifi.addr ${cfg.unifiAddress} \


     

       
58

       

       
-

       
          -unifi.username ${cfg.unifiUsername} \


     

       
59

       

       
-

       
          -unifi.password ${cfg.unifiPassword} \


     

       

       
58

       
+

       
          -unifi.username ${escapeShellArg cfg.unifiUsername} \


     

       

       
59

       
+

       
          -unifi.password ${escapeShellArg cfg.unifiPassword} \


     

       
60

       
60

       
 

       
          -unifi.timeout ${cfg.unifiTimeout} \


     

       
61

       
61

       
 

       
          ${optionalString cfg.unifiInsecure "-unifi.insecure" } \


     

       
62

       
62

       
 

       
          ${concatStringsSep " \\\n  " cfg.extraFlags}
+2 -2
nixos/modules/services/monitoring/prometheus/exporters/varnish.nix 
···

       
74

       
74

       
 

       
        ${pkgs.prometheus-varnish-exporter}/bin/prometheus_varnish_exporter \


     

       
75

       
75

       
 

       
          --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \


     

       
76

       
76

       
 

       
          --web.telemetry-path ${cfg.telemetryPath} \


     

       
77

       

       
-

       
          --varnishstat-path ${cfg.varnishStatPath} \


     

       

       
77

       
+

       
          --varnishstat-path ${escapeShellArg cfg.varnishStatPath} \


     

       
78

       
78

       
 

       
          ${concatStringsSep " \\\n  " (cfg.extraFlags


     

       
79

       
79

       
 

       
            ++ optional (cfg.healthPath != null) "--web.health-path ${cfg.healthPath}"


     

       
80

       

       
-

       
            ++ optional (cfg.instance != null) "-n ${cfg.instance}"


     

       

       
80

       
+

       
            ++ optional (cfg.instance != null) "-n ${escapeShellArg cfg.instance}"


     

       
81

       
81

       
 

       
            ++ optional cfg.noExit "--no-exit"


     

       
82

       
82

       
 

       
            ++ optional cfg.withGoMetrics "--with-go-metrics"


     

       
83

       
83

       
 

       
            ++ optional cfg.verbose "--verbose"
+1 -1
nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix 
···

       
59

       
59

       
 

       
          ${optionalString cfg.verbose "-v"} \


     

       
60

       
60

       
 

       
          ${optionalString cfg.singleSubnetPerField "-s"} \


     

       
61

       
61

       
 

       
          ${optionalString cfg.withRemoteIp "-r"} \


     

       
62

       

       
-

       
          ${optionalString (cfg.wireguardConfig != null) "-n ${cfg.wireguardConfig}"}


     

       

       
62

       
+

       
          ${optionalString (cfg.wireguardConfig != null) "-n ${escapeShellArg cfg.wireguardConfig}"}


     

       
63

       
63

       
 

       
      '';


     

       
64

       
64

       
 

       
    };


     

       
65

       
65

       
 

       
  };