commit 0e4abb0df773cf7d9ff8dc2792358c0b8508d5eb · pyrox.dev/nixpkgs

nixos/doc/manual/from_md/release-notes/rl-2111.section.xml

···

       1805
        
             </listitem>

     

       1806
        
             <listitem>

     

       1807
        
               <para>

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       1808
        
                 Dokuwiki now supports caddy! However

     

       1809
        
               </para>

     

       1810
        
               <itemizedlist spacing="compact">

···

       1805
        
             </listitem>

     

       1806
        
             <listitem>

     

       1807
        
               <para>

     

       1808
       +
                 The option

     

       1809
       +
                 <literal>services.prometheus.environmentFile</literal> has

     

       1810
       +
                 been removed since it was causing

     

       1811
       +
                 <link xlink:href="https://github.com/NixOS/nixpkgs/issues/126083">issues</link>

     

       1812
       +
                 and Prometheus now has native support for secret files.

     

       1813
       +
               </para>

     

       1814
       +
             </listitem>

     

       1815
       +
             <listitem>

     

       1816
       +
               <para>

     

       1817
        
                 Dokuwiki now supports caddy! However

     

       1818
        
               </para>

     

       1819
        
               <itemizedlist spacing="compact">

nixos/doc/manual/release-notes/rl-2111.section.md

···

       508
        
       

     

       509
        
       - A new option `services.prometheus.enableReload` has been added which can be enabled to reload the prometheus service when its config file changes instead of restarting.

     

       510
        
       

     

       0
        
       
     

       0
        
       
     

       511
        
       - Dokuwiki now supports caddy! However

     

       512
        
         - the nginx option has been removed, in the new configuration, please use the `dokuwiki.webserver = "nginx"` instead.

     

       513
        
         - The "${hostname}" option has been deprecated, please use `dokuwiki.sites = [ "${hostname}" ]` instead

···

       508
        
       

     

       509
        
       - A new option `services.prometheus.enableReload` has been added which can be enabled to reload the prometheus service when its config file changes instead of restarting.

     

       510
        
       

     

       511
       +
       - The option `services.prometheus.environmentFile` has been removed since it was causing [issues](https://github.com/NixOS/nixpkgs/issues/126083) and Prometheus now has native support for secret files.

     

       512
       +
       

     

       513
        
       - Dokuwiki now supports caddy! However

     

       514
        
         - the nginx option has been removed, in the new configuration, please use the `dokuwiki.webserver = "nginx"` instead.

     

       515
        
         - The "${hostname}" option has been deprecated, please use `dokuwiki.sites = [ "${hostname}" ]` instead

+9 -82

nixos/modules/services/monitoring/prometheus/default.nix

···

       9
        
       

     

       10
        
         prometheusYmlOut = "${workingDir}/prometheus-substituted.yaml";

     

       11
        
       

     

       12
       -
         writeConfig = pkgs.writeShellScriptBin "write-prometheus-config" ''

     

       13
       -
           PATH="${makeBinPath (with pkgs; [ coreutils envsubst ])}"

     

       14
       -
           touch '${prometheusYmlOut}'

     

       15
       -
           chmod 600 '${prometheusYmlOut}'

     

       16
       -
           envsubst -o '${prometheusYmlOut}' -i '${prometheusYml}'

     

       17
       -
         '';

     

       18
       -
       

     

       19
        
         triggerReload = pkgs.writeShellScriptBin "trigger-reload-prometheus" ''

     

       20
        
           PATH="${makeBinPath (with pkgs; [ systemd ])}"

     

       21
        
           if systemctl -q is-active prometheus.service; then

     
···

       76
        
           "--storage.tsdb.path=${workingDir}/data/"

     

       77
        
           "--config.file=${

     

       78
        
             if cfg.enableReload

     

       79
       -
             then prometheusYmlOut

     

       80
       -
             else "/run/prometheus/prometheus-substituted.yaml"

     

       81
        
           }"

     

       82
        
           "--web.listen-address=${cfg.listenAddress}:${builtins.toString cfg.port}"

     

       83
        
           "--alertmanager.notification-queue-capacity=${toString cfg.alertmanagerNotificationQueueCapacity}"

     
···

       1625
        
               (<literal>switch-to-configuration</literal>) that changes the prometheus

     

       1626
        
               configuration only finishes successully when prometheus has finished

     

       1627
        
               loading the new configuration.

     

       1628
       -
       

     

       1629
       -
               Note that prometheus will also get reloaded when the location of the

     

       1630
       -
               <option>environmentFile</option> changes but not when its contents

     

       1631
       -
               changes. So when you change it contents make sure to reload prometheus

     

       1632
       -
               manually or include the hash of <option>environmentFile</option> in its

     

       1633
       -
               name.

     

       1634
       -
             '';

     

       1635
       -
           };

     

       1636
       -
       

     

       1637
       -
           environmentFile = mkOption {

     

       1638
       -
             type = types.nullOr types.path;

     

       1639
       -
             default = null;

     

       1640
       -
             example = "/root/prometheus.env";

     

       1641
       -
             description = ''

     

       1642
       -
               Environment file as defined in <citerefentry>

     

       1643
       -
               <refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum>

     

       1644
       -
               </citerefentry>.

     

       1645
       -
       

     

       1646
       -
               Secrets may be passed to the service without adding them to the

     

       1647
       -
               world-readable Nix store, by specifying placeholder variables as

     

       1648
       -
               the option value in Nix and setting these variables accordingly in the

     

       1649
       -
               environment file.

     

       1650
       -
       

     

       1651
       -
               Environment variables from this file will be interpolated into the

     

       1652
       -
               config file using envsubst with this syntax:

     

       1653
       -
               <literal>$ENVIRONMENT ''${VARIABLE}</literal>

     

       1654
       -
       

     

       1655
       -
               <programlisting>

     

       1656
       -
                 # Example scrape config entry handling an OAuth bearer token

     

       1657
       -
                 {

     

       1658
       -
                   job_name = "home_assistant";

     

       1659
       -
                   metrics_path = "/api/prometheus";

     

       1660
       -
                   scheme = "https";

     

       1661
       -
                   bearer_token = "\''${HOME_ASSISTANT_BEARER_TOKEN}";

     

       1662
       -
                   [...]

     

       1663
       -
                 }

     

       1664
       -
               </programlisting>

     

       1665
       -
       

     

       1666
       -
               <programlisting>

     

       1667
       -
                 # Content of the environment file

     

       1668
       -
                 HOME_ASSISTANT_BEARER_TOKEN=someoauthbearertoken

     

       1669
       -
               </programlisting>

     

       1670
       -
       

     

       1671
       -
               Note that this file needs to be available on the host on which

     

       1672
       -
               <literal>Prometheus</literal> is running.

     

       1673
        
             '';

     

       1674
        
           };

     

       1675
        
       

     
···

       1830
        
             uid = config.ids.uids.prometheus;

     

       1831
        
             group = "prometheus";

     

       1832
        
           };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       1833
        
           systemd.services.prometheus = {

     

       1834
        
             wantedBy = [ "multi-user.target" ];

     

       1835
        
             after = [ "network.target" ];

     

       1836
       -
             preStart = mkIf (!cfg.enableReload) ''

     

       1837
       -
               ${lib.getBin pkgs.envsubst}/bin/envsubst -o "/run/prometheus/prometheus-substituted.yaml" \

     

       1838
       -
                                                        -i "${prometheusYml}"

     

       1839
       -
             '';

     

       1840
        
             serviceConfig = {

     

       1841
        
               ExecStart = "${cfg.package}/bin/prometheus" +

     

       1842
        
                 optionalString (length cmdlineArgs != 0) (" \\\n  " +

     
···

       1844
        
               ExecReload = mkIf cfg.enableReload "+${reload}/bin/reload-prometheus";

     

       1845
        
               User = "prometheus";

     

       1846
        
               Restart = "always";

     

       1847
       -
               EnvironmentFile = mkIf (cfg.environmentFile != null && !cfg.enableReload) [ cfg.environmentFile ];

     

       1848
        
               RuntimeDirectory = "prometheus";

     

       1849
        
               RuntimeDirectoryMode = "0700";

     

       1850
        
               WorkingDirectory = workingDir;

     
···

       1852
        
               StateDirectoryMode = "0700";

     

       1853
        
             };

     

       1854
        
           };

     

       1855
       -
           systemd.services.prometheus-config-write = mkIf cfg.enableReload {

     

       1856
       -
             wantedBy = [ "prometheus.service" ];

     

       1857
       -
             before = [ "prometheus.service" ];

     

       1858
       -
             serviceConfig = {

     

       1859
       -
               Type = "oneshot";

     

       1860
       -
               User = "prometheus";

     

       1861
       -
               StateDirectory = cfg.stateDir;

     

       1862
       -
               StateDirectoryMode = "0700";

     

       1863
       -
               EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];

     

       1864
       -
               ExecStart = "${writeConfig}/bin/write-prometheus-config";

     

       1865
       -
             };

     

       1866
       -
           };

     

       1867
        
           # prometheus-config-reload will activate after prometheus. However, what we

     

       1868
        
           # don't want is that on startup it immediately reloads prometheus because

     

       1869
        
           # prometheus itself might have just started.

     
···

       1873
        
           # harmless message and then stay active (RemainAfterExit).

     

       1874
        
           #

     

       1875
        
           # Then, when the config file has changed, switch-to-configuration notices

     

       1876
       -
           # that this service has changed and needs to be reloaded

     

       1877
       -
           # (reloadIfChanged). The reload command then actually writes the new config

     

       1878
       -
           # and reloads prometheus.

     

       1879
        
           systemd.services.prometheus-config-reload = mkIf cfg.enableReload {

     

       1880
        
             wantedBy = [ "prometheus.service" ];

     

       1881
        
             after = [ "prometheus.service" ];

     

       1882
        
             reloadIfChanged = true;

     

       0
        
       
     

       1883
        
             serviceConfig = {

     

       1884
        
               Type = "oneshot";

     

       1885
       -
               User = "prometheus";

     

       1886
       -
               StateDirectory = cfg.stateDir;

     

       1887
       -
               StateDirectoryMode = "0700";

     

       1888
       -
               EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];

     

       1889
        
               RemainAfterExit = true;

     

       1890
        
               TimeoutSec = 60;

     

       1891
        
               ExecStart = "${pkgs.logger}/bin/logger 'prometheus-config-reload will only reload prometheus when reloaded itself.'";

     

       1892
       -
               ExecReload = [

     

       1893
       -
                 "${writeConfig}/bin/write-prometheus-config"

     

       1894
       -
                 "+${triggerReload}/bin/trigger-reload-prometheus"

     

       1895
       -
               ];

     

       1896
        
             };

     

       1897
        
           };

     

       1898
        
         };

···

       9
        
       

     

       10
        
         prometheusYmlOut = "${workingDir}/prometheus-substituted.yaml";

     

       11
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       12
        
         triggerReload = pkgs.writeShellScriptBin "trigger-reload-prometheus" ''

     

       13
        
           PATH="${makeBinPath (with pkgs; [ systemd ])}"

     

       14
        
           if systemctl -q is-active prometheus.service; then

     
···

       69
        
           "--storage.tsdb.path=${workingDir}/data/"

     

       70
        
           "--config.file=${

     

       71
        
             if cfg.enableReload

     

       72
       +
             then "/etc/prometheus/prometheus.yaml"

     

       73
       +
             else prometheusYml

     

       74
        
           }"

     

       75
        
           "--web.listen-address=${cfg.listenAddress}:${builtins.toString cfg.port}"

     

       76
        
           "--alertmanager.notification-queue-capacity=${toString cfg.alertmanagerNotificationQueueCapacity}"

     
···

       1618
        
               (<literal>switch-to-configuration</literal>) that changes the prometheus

     

       1619
        
               configuration only finishes successully when prometheus has finished

     

       1620
        
               loading the new configuration.

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       1621
        
             '';

     

       1622
        
           };

     

       1623
        
       

     
···

       1778
        
             uid = config.ids.uids.prometheus;

     

       1779
        
             group = "prometheus";

     

       1780
        
           };

     

       1781
       +
           environment.etc."prometheus/prometheus.yaml" = mkIf cfg.enableReload {

     

       1782
       +
             source = prometheusYml;

     

       1783
       +
           };

     

       1784
        
           systemd.services.prometheus = {

     

       1785
        
             wantedBy = [ "multi-user.target" ];

     

       1786
        
             after = [ "network.target" ];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       1787
        
             serviceConfig = {

     

       1788
        
               ExecStart = "${cfg.package}/bin/prometheus" +

     

       1789
        
                 optionalString (length cmdlineArgs != 0) (" \\\n  " +

     
···

       1791
        
               ExecReload = mkIf cfg.enableReload "+${reload}/bin/reload-prometheus";

     

       1792
        
               User = "prometheus";

     

       1793
        
               Restart = "always";

     

       0
        
       
     

       1794
        
               RuntimeDirectory = "prometheus";

     

       1795
        
               RuntimeDirectoryMode = "0700";

     

       1796
        
               WorkingDirectory = workingDir;

     
···

       1798
        
               StateDirectoryMode = "0700";

     

       1799
        
             };

     

       1800
        
           };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       1801
        
           # prometheus-config-reload will activate after prometheus. However, what we

     

       1802
        
           # don't want is that on startup it immediately reloads prometheus because

     

       1803
        
           # prometheus itself might have just started.

     
···

       1807
        
           # harmless message and then stay active (RemainAfterExit).

     

       1808
        
           #

     

       1809
        
           # Then, when the config file has changed, switch-to-configuration notices

     

       1810
       +
           # that this service has changed (restartTriggers) and needs to be reloaded

     

       1811
       +
           # (reloadIfChanged). The reload command then reloads prometheus.

     

       0
        
       
     

       1812
        
           systemd.services.prometheus-config-reload = mkIf cfg.enableReload {

     

       1813
        
             wantedBy = [ "prometheus.service" ];

     

       1814
        
             after = [ "prometheus.service" ];

     

       1815
        
             reloadIfChanged = true;

     

       1816
       +
             restartTriggers = [ prometheusYml ];

     

       1817
        
             serviceConfig = {

     

       1818
        
               Type = "oneshot";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       1819
        
               RemainAfterExit = true;

     

       1820
        
               TimeoutSec = 60;

     

       1821
        
               ExecStart = "${pkgs.logger}/bin/logger 'prometheus-config-reload will only reload prometheus when reloaded itself.'";

     

       1822
       +
               ExecReload = [ "${triggerReload}/bin/trigger-reload-prometheus" ];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       1823
        
             };

     

       1824
        
           };

     

       1825
        
         };

+1 -10

nixos/tests/prometheus.nix

···

       130
        
       

     

       131
        
                   # This configuration just adds a new prometheus job

     

       132
        
                   # to scrape the node_exporter metrics of the s3 machine.

     

       133
       -
                   # We also use an environmentFile to test if that works correctly.

     

       134
        
                   services.prometheus = {

     

       135
       -
                     environmentFile = pkgs.writeText "prometheus-config-env-file" ''

     

       136
       -
                       JOB_NAME=s3-node_exporter

     

       137
       -
                     '';

     

       138
        
                     scrapeConfigs = [

     

       139
        
                       {

     

       140
       -
                         job_name = "$JOB_NAME";

     

       141
        
                         static_configs = [

     

       142
        
                           {

     

       143
        
                             targets = [ "s3:9100" ];

     
···

       231
        
       

     

       232
        
           # Check if prometheus responds to requests:

     

       233
        
           prometheus.wait_for_unit("prometheus.service")

     

       234
       -
       

     

       235
       -
           # Check if prometheus' config file is correctly locked down because it could contain secrets.

     

       236
       -
           prometheus.succeed(

     

       237
       -
               "stat -c '%a %U' /var/lib/prometheus2/prometheus-substituted.yaml | grep '600 prometheus'"

     

       238
       -
           )

     

       239
        
       

     

       240
        
           prometheus.wait_for_open_port(${toString queryPort})

     

       241
        
           prometheus.succeed("curl -sf http://127.0.0.1:${toString queryPort}/metrics")

···

       130
        
       

     

       131
        
                   # This configuration just adds a new prometheus job

     

       132
        
                   # to scrape the node_exporter metrics of the s3 machine.

     

       0
        
       
     

       133
        
                   services.prometheus = {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       134
        
                     scrapeConfigs = [

     

       135
        
                       {

     

       136
       +
                         job_name = "s3-node_exporter";

     

       137
        
                         static_configs = [

     

       138
        
                           {

     

       139
        
                             targets = [ "s3:9100" ];

     
···

       227
        
       

     

       228
        
           # Check if prometheus responds to requests:

     

       229
        
           prometheus.wait_for_unit("prometheus.service")

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       230
        
       

     

       231
        
           prometheus.wait_for_open_port(${toString queryPort})

     

       232
        
           prometheus.succeed("curl -sf http://127.0.0.1:${toString queryPort}/metrics")