mirror of
https://github.com/nmasur/dotfiles
synced 2024-11-09 23:22:57 +00:00
fix: vmagent updates
no longer require systemd manual attributes. the dynamicuser now uses loadcredential to retrieve secrets
This commit is contained in:
parent
0b9886f93e
commit
3e7955533e
@ -12,7 +12,7 @@ let
|
|||||||
|
|
||||||
username = "prometheus";
|
username = "prometheus";
|
||||||
|
|
||||||
prometheusConfig = (pkgs.formats.yaml { }).generate "prometheus.yml" {
|
prometheusConfig = {
|
||||||
scrape_configs = [
|
scrape_configs = [
|
||||||
{
|
{
|
||||||
job_name = config.networking.hostName;
|
job_name = config.networking.hostName;
|
||||||
@ -38,8 +38,6 @@ in
|
|||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
|
||||||
services.victoriametrics.extraOptions = [ "-promscrape.config=${prometheusConfig}" ];
|
|
||||||
|
|
||||||
systemd.services.vmauth = lib.mkIf config.services.victoriametrics.enable {
|
systemd.services.vmauth = lib.mkIf config.services.victoriametrics.enable {
|
||||||
description = "VictoriaMetrics basic auth proxy";
|
description = "VictoriaMetrics basic auth proxy";
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
@ -85,21 +83,18 @@ in
|
|||||||
|
|
||||||
# VMAgent
|
# VMAgent
|
||||||
|
|
||||||
services.vmagent.prometheusConfig = prometheusConfig; # Overwritten below
|
services.vmagent = {
|
||||||
systemd.services.vmagent.serviceConfig = lib.mkIf config.services.vmagent.enable {
|
prometheusConfig = prometheusConfig;
|
||||||
ExecStart = lib.mkForce ''
|
remoteWrite = {
|
||||||
${pkgs.victoriametrics}/bin/vmagent \
|
url = "https://${config.hostnames.prometheus}/api/v1/write";
|
||||||
-promscrape.config=${prometheusConfig} \
|
basicAuthUsername = username;
|
||||||
-remoteWrite.url="https://${config.hostnames.prometheus}/api/v1/write" \
|
basicAuthPasswordFile = config.secrets.vmagent.dest;
|
||||||
-remoteWrite.basicAuth.username=${username} \
|
};
|
||||||
-remoteWrite.basicAuth.passwordFile=${config.secrets.vmagent.dest}'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
secrets.vmagent = lib.mkIf config.services.vmagent.enable {
|
secrets.vmagent = lib.mkIf config.services.vmagent.enable {
|
||||||
source = ../../../private/prometheus.age;
|
source = ../../../private/prometheus.age;
|
||||||
dest = "${config.secretsDirectory}/vmagent";
|
dest = "${config.secretsDirectory}/vmagent";
|
||||||
owner = "vmagent";
|
|
||||||
group = "vmagent";
|
|
||||||
};
|
};
|
||||||
systemd.services.vmagent-secret = lib.mkIf config.services.vmagent.enable {
|
systemd.services.vmagent-secret = lib.mkIf config.services.vmagent.enable {
|
||||||
requiredBy = [ "vmagent.service" ];
|
requiredBy = [ "vmagent.service" ];
|
||||||
|
Loading…
Reference in New Issue
Block a user