fix: vmagent updates

no longer require systemd manual attributes. the dynamicuser now uses
loadcredential to retrieve secrets
This commit is contained in:
Noah Masur 2024-06-23 08:55:39 -04:00
parent 0b9886f93e
commit 3e7955533e
No known key found for this signature in database

View File

@ -12,7 +12,7 @@ let
username = "prometheus"; username = "prometheus";
prometheusConfig = (pkgs.formats.yaml { }).generate "prometheus.yml" { prometheusConfig = {
scrape_configs = [ scrape_configs = [
{ {
job_name = config.networking.hostName; job_name = config.networking.hostName;
@ -38,8 +38,6 @@ in
config = { config = {
services.victoriametrics.extraOptions = [ "-promscrape.config=${prometheusConfig}" ];
systemd.services.vmauth = lib.mkIf config.services.victoriametrics.enable { systemd.services.vmauth = lib.mkIf config.services.victoriametrics.enable {
description = "VictoriaMetrics basic auth proxy"; description = "VictoriaMetrics basic auth proxy";
after = [ "network.target" ]; after = [ "network.target" ];
@ -85,21 +83,18 @@ in
# VMAgent # VMAgent
services.vmagent.prometheusConfig = prometheusConfig; # Overwritten below services.vmagent = {
systemd.services.vmagent.serviceConfig = lib.mkIf config.services.vmagent.enable { prometheusConfig = prometheusConfig;
ExecStart = lib.mkForce '' remoteWrite = {
${pkgs.victoriametrics}/bin/vmagent \ url = "https://${config.hostnames.prometheus}/api/v1/write";
-promscrape.config=${prometheusConfig} \ basicAuthUsername = username;
-remoteWrite.url="https://${config.hostnames.prometheus}/api/v1/write" \ basicAuthPasswordFile = config.secrets.vmagent.dest;
-remoteWrite.basicAuth.username=${username} \ };
-remoteWrite.basicAuth.passwordFile=${config.secrets.vmagent.dest}'';
}; };
secrets.vmagent = lib.mkIf config.services.vmagent.enable { secrets.vmagent = lib.mkIf config.services.vmagent.enable {
source = ../../../private/prometheus.age; source = ../../../private/prometheus.age;
dest = "${config.secretsDirectory}/vmagent"; dest = "${config.secretsDirectory}/vmagent";
owner = "vmagent";
group = "vmagent";
}; };
systemd.services.vmagent-secret = lib.mkIf config.services.vmagent.enable { systemd.services.vmagent-secret = lib.mkIf config.services.vmagent.enable {
requiredBy = [ "vmagent.service" ]; requiredBy = [ "vmagent.service" ];