···
cfg = config.services.longview;
+
runDir = "/run/longview";
+
configsDir = "${runDir}/longview.d";
···
example = "01234567-89AB-CDEF-0123456789ABCDEF";
Longview API key. To get this, look in Longview settings which
are found at https://manager.linode.com/longview/.
+
Warning: this secret is stored in the world-readable Nix store!
+
Use <option>apiKeyFile</option> instead.
+
apiKeyFile = mkOption {
+
type = types.nullOr types.path;
+
example = "/run/keys/longview-api-key";
+
A file containing the Longview API key.
+
To get this, look in Longview settings which
+
are found at https://manager.linode.com/longview/.
+
<option>apiKeyFile</option> takes precedence over <option>apiKey</option>.
···
mysqlPassword = mkOption {
+
The password corresponding to <option>mysqlUser</option>.
+
Warning: this is stored in cleartext in the Nix store!
+
Use <option>mysqlPasswordFile</option> instead.
+
mysqlPasswordFile = mkOption {
+
type = types.nullOr types.path;
+
example = "/run/keys/dbpassword";
+
A file containing the password corresponding to <option>mysqlUser</option>.
···
serviceConfig.Type = "forking";
serviceConfig.ExecStop = "-${pkgs.coreutils}/bin/kill -TERM $MAINPID";
serviceConfig.ExecReload = "-${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+
serviceConfig.PIDFile = "${runDir}/longview.pid";
serviceConfig.ExecStart = "${pkgs.longview}/bin/longview";
+
'' + (optionalString (cfg.apiKeyFile != null) ''
+
cp --no-preserve=all "${cfg.apiKeyFile}" ${runDir}/longview.key
+
'') + (optionalString (cfg.apacheStatusUrl != "") ''
+
cat > ${configsDir}/Apache.conf <<EOF
+
location ${cfg.apacheStatusUrl}?auto
+
'') + (optionalString (cfg.mysqlUser != "" && cfg.mysqlPasswordFile != null) ''
+
cat > ${configsDir}/MySQL.conf <<EOF
+
username ${cfg.mysqlUser}
+
password `head -n1 "${cfg.mysqlPasswordFile}"`
+
'') + (optionalString (cfg.nginxStatusUrl != "") ''
+
cat > ${configsDir}/Nginx.conf <<EOF
+
location ${cfg.nginxStatusUrl}
+
warnings = let warn = k: optional (cfg.${k} != "")
+
"config.services.longview.${k} is insecure. Use ${k}File instead.";
+
in concatMap warn [ "apiKey" "mysqlPassword" ];
+
{ assertion = cfg.apiKeyFile != null;
+
message = "Longview needs an API key configured";
+
# Create API key file if not configured.
+
services.longview.apiKeyFile = mkIf (cfg.apiKey != "")
+
(mkDefault (toString (pkgs.writeTextFile {
+
# Create MySQL password file if not configured.
+
services.longview.mysqlPasswordFile = mkDefault (toString (pkgs.writeTextFile {
+
name = "mysql-password-file";
+
text = cfg.mysqlPassword;
pyrox.dev