From 3e7955533ee202acdea3df43acba1f21d20d8e4e Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sun, 23 Jun 2024 08:55:39 -0400
Subject: [PATCH] fix: vmagent updates

no longer require systemd manual attributes. the dynamicuser now uses
loadcredential to retrieve secrets
---
 modules/nixos/services/victoriametrics.nix | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/modules/nixos/services/victoriametrics.nix b/modules/nixos/services/victoriametrics.nix
index d24d506..5b84994 100644
--- a/modules/nixos/services/victoriametrics.nix
+++ b/modules/nixos/services/victoriametrics.nix
@@ -12,7 +12,7 @@ let
 
   username = "prometheus";
 
-  prometheusConfig = (pkgs.formats.yaml { }).generate "prometheus.yml" {
+  prometheusConfig = {
     scrape_configs = [
       {
         job_name = config.networking.hostName;
@@ -38,8 +38,6 @@ in
 
   config = {
 
-    services.victoriametrics.extraOptions = [ "-promscrape.config=${prometheusConfig}" ];
-
     systemd.services.vmauth = lib.mkIf config.services.victoriametrics.enable {
       description = "VictoriaMetrics basic auth proxy";
       after = [ "network.target" ];
@@ -85,21 +83,18 @@ in
 
     # VMAgent
 
-    services.vmagent.prometheusConfig = prometheusConfig; # Overwritten below
-    systemd.services.vmagent.serviceConfig = lib.mkIf config.services.vmagent.enable {
-      ExecStart = lib.mkForce ''
-        ${pkgs.victoriametrics}/bin/vmagent \
-                -promscrape.config=${prometheusConfig} \
-                -remoteWrite.url="https://${config.hostnames.prometheus}/api/v1/write" \
-                -remoteWrite.basicAuth.username=${username} \
-                -remoteWrite.basicAuth.passwordFile=${config.secrets.vmagent.dest}'';
+    services.vmagent = {
+      prometheusConfig = prometheusConfig;
+      remoteWrite = {
+        url = "https://${config.hostnames.prometheus}/api/v1/write";
+        basicAuthUsername = username;
+        basicAuthPasswordFile = config.secrets.vmagent.dest;
+      };
     };
 
     secrets.vmagent = lib.mkIf config.services.vmagent.enable {
       source = ../../../private/prometheus.age;
       dest = "${config.secretsDirectory}/vmagent";
-      owner = "vmagent";
-      group = "vmagent";
     };
     systemd.services.vmagent-secret = lib.mkIf config.services.vmagent.enable {
       requiredBy = [ "vmagent.service" ];