pyrox.dev / nixpkgs
lol
fork atom

nixos/victorialogs: add basicAuth options

Shawn8901 29a7ca73 656a427a

options
unified split
Changed files
+39 -4
nixos
modules
services
databases
victorialogs.nix
+39 -4
nixos/modules/services/databases/victorialogs.nix 
···

       
2

       
 

       
  config,


     

       
3

       
 

       
  pkgs,


     

       
4

       
 

       
  lib,


     

       

       

       
     

       
5

       
 

       
  ...


     

       
6

       
 

       
}:


     

       
7

       
 

       
let


     
···

       
24

       
 

       
    "-storageDataPath=/var/lib/${cfg.stateDir}"


     

       
25

       
 

       
    "-httpListenAddr=${cfg.listenAddress}"


     

       
26

       
 

       
  ]


     

       
27

       
-

       
  ++ cfg.extraOptions;


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
28

       
 

       
in


     

       
29

       
 

       
{


     

       
30

       
 

       
  options.services.victorialogs = {


     
···

       
45

       
 

       
        This directory will be created automatically using systemd's StateDirectory mechanism.


     

       
46

       
 

       
      '';


     

       
47

       
 

       
    };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
48

       
 

       
    extraOptions = mkOption {


     

       
49

       
 

       
      type = types.listOf types.str;


     

       
50

       
 

       
      default = [ ];


     

       
51

       
 

       
      example = literalExpression ''


     

       
52

       
 

       
        [


     

       
53

       
-

       
          "-httpAuth.username=username"


     

       
54

       
-

       
          "-httpAuth.password=file:///abs/path/to/file"


     

       
55

       
 

       
          "-loggerLevel=WARN"


     

       
56

       
 

       
        ]


     

       
57

       
 

       
      '';


     
···

       
62

       
 

       
    };


     

       
63

       
 

       
  };


     

       
64

       
 

       
  config = mkIf cfg.enable {


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
65

       
 

       
    systemd.services.victorialogs = {


     

       
66

       
 

       
      description = "VictoriaLogs logs database";


     

       
67

       
 

       
      wantedBy = [ "multi-user.target" ];


     
···

       
69

       
 

       
      startLimitBurst = 5;


     

       
70

       
 

       



     

       
71

       
 

       
      serviceConfig = {


     

       
72

       
-

       
        ExecStart = escapeShellArgs startCLIList;


     

       

       

       
     

       

       

       
     

       

       

       
     

       
73

       
 

       
        DynamicUser = true;


     

       

       

       
     

       

       

       
     

       

       

       
     

       
74

       
 

       
        RestartSec = 1;


     

       
75

       
 

       
        Restart = "on-failure";


     

       
76

       
 

       
        RuntimeDirectory = "victorialogs";


     
···

       
2

       
 

       
  config,


     

       
3

       
 

       
  pkgs,


     

       
4

       
 

       
  lib,


     

       
5

       
+

       
  utils,


     

       
6

       
 

       
  ...


     

       
7

       
 

       
}:


     

       
8

       
 

       
let


     
···

       
25

       
 

       
    "-storageDataPath=/var/lib/${cfg.stateDir}"


     

       
26

       
 

       
    "-httpListenAddr=${cfg.listenAddress}"


     

       
27

       
 

       
  ]


     

       
28

       
+

       
  ++ lib.optionals (cfg.basicAuthUsername != null) [


     

       
29

       
+

       
    "-httpAuth.username=${cfg.basicAuthUsername}"


     

       
30

       
+

       
  ]


     

       
31

       
+

       
  ++ lib.optionals (cfg.basicAuthPasswordFile != null) [


     

       
32

       
+

       
    "-httpAuth.password=file://%d/basic_auth_password"


     

       
33

       
+

       
  ];


     

       
34

       
 

       
in


     

       
35

       
 

       
{


     

       
36

       
 

       
  options.services.victorialogs = {


     
···

       
51

       
 

       
        This directory will be created automatically using systemd's StateDirectory mechanism.


     

       
52

       
 

       
      '';


     

       
53

       
 

       
    };


     

       
54

       
+

       
    basicAuthUsername = lib.mkOption {


     

       
55

       
+

       
      default = null;


     

       
56

       
+

       
      type = lib.types.nullOr lib.types.str;


     

       
57

       
+

       
      description = ''


     

       
58

       
+

       
        Basic Auth username used to protect VictoriaLogs instance by authorization


     

       
59

       
+

       
      '';


     

       
60

       
+

       
    };


     

       
61

       
+

       



     

       
62

       
+

       
    basicAuthPasswordFile = lib.mkOption {


     

       
63

       
+

       
      default = null;


     

       
64

       
+

       
      type = lib.types.nullOr lib.types.str;


     

       
65

       
+

       
      description = ''


     

       
66

       
+

       
        File that contains the Basic Auth password used to protect VictoriaLogs instance by authorization


     

       
67

       
+

       
      '';


     

       
68

       
+

       
    };


     

       
69

       
 

       
    extraOptions = mkOption {


     

       
70

       
 

       
      type = types.listOf types.str;


     

       
71

       
 

       
      default = [ ];


     

       
72

       
 

       
      example = literalExpression ''


     

       
73

       
 

       
        [


     

       

       

       
     

       

       

       
     

       
74

       
 

       
          "-loggerLevel=WARN"


     

       
75

       
 

       
        ]


     

       
76

       
 

       
      '';


     
···

       
81

       
 

       
    };


     

       
82

       
 

       
  };


     

       
83

       
 

       
  config = mkIf cfg.enable {


     

       
84

       
+

       



     

       
85

       
+

       
    assertions = [


     

       
86

       
+

       
      {


     

       
87

       
+

       
        assertion =


     

       
88

       
+

       
          (cfg.basicAuthUsername == null && cfg.basicAuthPasswordFile == null)


     

       
89

       
+

       
          || (cfg.basicAuthUsername != null && cfg.basicAuthPasswordFile != null);


     

       
90

       
+

       
        message = "Both basicAuthUsername and basicAuthPasswordFile must be set together to enable basicAuth functionality, or neither should be set.";


     

       
91

       
+

       
      }


     

       
92

       
+

       
    ];


     

       
93

       
+

       



     

       
94

       
 

       
    systemd.services.victorialogs = {


     

       
95

       
 

       
      description = "VictoriaLogs logs database";


     

       
96

       
 

       
      wantedBy = [ "multi-user.target" ];


     
···

       
98

       
 

       
      startLimitBurst = 5;


     

       
99

       
 

       



     

       
100

       
 

       
      serviceConfig = {


     

       
101

       
+

       
        ExecStart = lib.concatStringsSep " " [


     

       
102

       
+

       
          (escapeShellArgs startCLIList)


     

       
103

       
+

       
          (utils.escapeSystemdExecArgs cfg.extraOptions)


     

       
104

       
+

       
        ];


     

       
105

       
 

       
        DynamicUser = true;


     

       
106

       
+

       
        LoadCredential = lib.optional (


     

       
107

       
+

       
          cfg.basicAuthPasswordFile != null


     

       
108

       
+

       
        ) "basic_auth_password:${cfg.basicAuthPasswordFile}";


     

       
109

       
 

       
        RestartSec = 1;


     

       
110

       
 

       
        Restart = "on-failure";


     

       
111

       
 

       
        RuntimeDirectory = "victorialogs";