commit 29a7ca7340702e0ce87f87563f8da23d5fc3f57a · pyrox.dev/nixpkgs

+39 -4
nixos/modules/services/databases/victorialogs.nix
···

       2
       2
        
         config,

     

       3
       3
        
         pkgs,

     

       4
       4
        
         lib,

     

       5
       5
       +
         utils,

     

       5
       6
        
         ...

     

       6
       7
        
       }:

     

       7
       8
        
       let

     
···

       24
       25
        
           "-storageDataPath=/var/lib/${cfg.stateDir}"

     

       25
       26
        
           "-httpListenAddr=${cfg.listenAddress}"

     

       26
       27
        
         ]

     

       27
       27
       -
         ++ cfg.extraOptions;

     

       28
       28
       +
         ++ lib.optionals (cfg.basicAuthUsername != null) [

     

       29
       29
       +
           "-httpAuth.username=${cfg.basicAuthUsername}"

     

       30
       30
       +
         ]

     

       31
       31
       +
         ++ lib.optionals (cfg.basicAuthPasswordFile != null) [

     

       32
       32
       +
           "-httpAuth.password=file://%d/basic_auth_password"

     

       33
       33
       +
         ];

     

       28
       34
        
       in

     

       29
       35
        
       {

     

       30
       36
        
         options.services.victorialogs = {

     
···

       45
       51
        
               This directory will be created automatically using systemd's StateDirectory mechanism.

     

       46
       52
        
             '';

     

       47
       53
        
           };

     

       54
       54
       +
           basicAuthUsername = lib.mkOption {

     

       55
       55
       +
             default = null;

     

       56
       56
       +
             type = lib.types.nullOr lib.types.str;

     

       57
       57
       +
             description = ''

     

       58
       58
       +
               Basic Auth username used to protect VictoriaLogs instance by authorization

     

       59
       59
       +
             '';

     

       60
       60
       +
           };

     

       61
       61
       +
       

     

       62
       62
       +
           basicAuthPasswordFile = lib.mkOption {

     

       63
       63
       +
             default = null;

     

       64
       64
       +
             type = lib.types.nullOr lib.types.str;

     

       65
       65
       +
             description = ''

     

       66
       66
       +
               File that contains the Basic Auth password used to protect VictoriaLogs instance by authorization

     

       67
       67
       +
             '';

     

       68
       68
       +
           };

     

       48
       69
        
           extraOptions = mkOption {

     

       49
       70
        
             type = types.listOf types.str;

     

       50
       71
        
             default = [ ];

     

       51
       72
        
             example = literalExpression ''

     

       52
       73
        
               [

     

       53
       53
       -
                 "-httpAuth.username=username"

     

       54
       54
       -
                 "-httpAuth.password=file:///abs/path/to/file"

     

       55
       74
        
                 "-loggerLevel=WARN"

     

       56
       75
        
               ]

     

       57
       76
        
             '';

     
···

       62
       81
        
           };

     

       63
       82
        
         };

     

       64
       83
        
         config = mkIf cfg.enable {

     

       84
       84
       +
       

     

       85
       85
       +
           assertions = [

     

       86
       86
       +
             {

     

       87
       87
       +
               assertion =

     

       88
       88
       +
                 (cfg.basicAuthUsername == null && cfg.basicAuthPasswordFile == null)

     

       89
       89
       +
                 || (cfg.basicAuthUsername != null && cfg.basicAuthPasswordFile != null);

     

       90
       90
       +
               message = "Both basicAuthUsername and basicAuthPasswordFile must be set together to enable basicAuth functionality, or neither should be set.";

     

       91
       91
       +
             }

     

       92
       92
       +
           ];

     

       93
       93
       +
       

     

       65
       94
        
           systemd.services.victorialogs = {

     

       66
       95
        
             description = "VictoriaLogs logs database";

     

       67
       96
        
             wantedBy = [ "multi-user.target" ];

     
···

       69
       98
        
             startLimitBurst = 5;

     

       70
       99
        
       

     

       71
       100
        
             serviceConfig = {

     

       72
       72
       -
               ExecStart = escapeShellArgs startCLIList;

     

       101
       101
       +
               ExecStart = lib.concatStringsSep " " [

     

       102
       102
       +
                 (escapeShellArgs startCLIList)

     

       103
       103
       +
                 (utils.escapeSystemdExecArgs cfg.extraOptions)

     

       104
       104
       +
               ];

     

       73
       105
        
               DynamicUser = true;

     

       106
       106
       +
               LoadCredential = lib.optional (

     

       107
       107
       +
                 cfg.basicAuthPasswordFile != null

     

       108
       108
       +
               ) "basic_auth_password:${cfg.basicAuthPasswordFile}";

     

       74
       109
        
               RestartSec = 1;

     

       75
       110
        
               Restart = "on-failure";

     

       76
       111
        
               RuntimeDirectory = "victorialogs";