commit dcf2b9c0a0b992bf41b281472c0ebd402bd7b85f · pyrox.dev/nixpkgs

+34 -2

nixos/modules/services/databases/victoriametrics.nix

···

       73
       73
        
             '';

     

       74
       74
        
           };

     

       75
       75
        
       

     

       76
       76
       +
           basicAuthUsername = lib.mkOption {

     

       77
       77
       +
             default = null;

     

       78
       78
       +
             type = lib.types.nullOr lib.types.str;

     

       79
       79
       +
             description = ''

     

       80
       80
       +
               Basic Auth username used to protect VictoriaMetrics instance by authorization

     

       81
       81
       +
             '';

     

       82
       82
       +
           };

     

       83
       83
       +
       

     

       84
       84
       +
           basicAuthPasswordFile = lib.mkOption {

     

       85
       85
       +
             default = null;

     

       86
       86
       +
             type = lib.types.nullOr lib.types.path;

     

       87
       87
       +
             description = ''

     

       88
       88
       +
               File that contains the Basic Auth password used to protect VictoriaMetrics instance by authorization

     

       89
       89
       +
             '';

     

       90
       90
       +
           };

     

       91
       91
       +
       

     

       76
       92
        
           prometheusConfig = lib.mkOption {

     

       77
       93
        
             type = lib.types.submodule { freeformType = settingsFormat.type; };

     

       78
       94
        
             default = { };

     
···

       118
       134
        
             default = [ ];

     

       119
       135
        
             example = literalExpression ''

     

       120
       136
        
               [

     

       121
       121
       -
                 "-httpAuth.username=username"

     

       122
       122
       -
                 "-httpAuth.password=file:///abs/path/to/file"

     

       123
       137
        
                 "-loggerLevel=WARN"

     

       124
       138
        
               ]

     

       125
       139
        
             '';

     
···

       143
       157
        
         };

     

       144
       158
        
       

     

       145
       159
        
         config = lib.mkIf cfg.enable {

     

       160
       160
       +
       

     

       161
       161
       +
           assertions = [

     

       162
       162
       +
             {

     

       163
       163
       +
               assertion =

     

       164
       164
       +
                 (cfg.basicAuthUsername == null && cfg.basicAuthPasswordFile == null)

     

       165
       165
       +
                 || (cfg.basicAuthUsername != null && cfg.basicAuthPasswordFile != null);

     

       166
       166
       +
               message = "Both basicAuthUsername and basicAuthPasswordFile must be set together to enable basicAuth functionality, or neither should be set.";

     

       167
       167
       +
             }

     

       168
       168
       +
           ];

     

       169
       169
       +
       

     

       146
       170
        
           systemd.services.victoriametrics = {

     

       147
       171
        
             description = "VictoriaMetrics time series database";

     

       148
       172
        
             wantedBy = [ "multi-user.target" ];

     
···

       153
       177
        
               ExecStart = lib.escapeShellArgs (

     

       154
       178
        
                 startCLIList

     

       155
       179
        
                 ++ lib.optionals (cfg.prometheusConfig != { }) [ "-promscrape.config=${prometheusConfigYml}" ]

     

       180
       180
       +
                 ++ lib.optional (cfg.basicAuthUsername != null) "-httpAuth.username=${cfg.basicAuthUsername}"

     

       181
       181
       +
                 ++ lib.optional (

     

       182
       182
       +
                   cfg.basicAuthPasswordFile != null

     

       183
       183
       +
                 ) "-httpAuth.password=file://%d/basic_auth_password"

     

       156
       184
        
               );

     

       157
       185
        
       

     

       158
       186
        
               DynamicUser = true;

     

       187
       187
       +
               LoadCredential = lib.optionals (cfg.basicAuthPasswordFile != null) [

     

       188
       188
       +
                 "basic_auth_password:${cfg.basicAuthPasswordFile}"

     

       189
       189
       +
               ];

     

       190
       190
       +
       

     

       159
       191
        
               RestartSec = 1;

     

       160
       192
        
               Restart = "on-failure";

     

       161
       193
        
               RuntimeDirectory = "victoriametrics";

+2 -4

nixos/tests/victoriametrics/remote-write.nix

···

       22
       22
        
               networking.firewall.allowedTCPPorts = [ 8428 ];

     

       23
       23
        
               services.victoriametrics = {

     

       24
       24
        
                 enable = true;

     

       25
       25
       -
                 extraOptions = [

     

       26
       26
       -
                   "-httpAuth.username=${username}"

     

       27
       27
       -
                   "-httpAuth.password=file://${toString passwordFile}"

     

       28
       28
       -
                 ];

     

       25
       25
       +
                 basicAuthUsername = username;

     

       26
       26
       +
                 basicAuthPasswordFile = toString passwordFile;

     

       29
       27
        
               };

     

       30
       28
        
             };

     

       31
       29