diff options
| author | Maximilian Bosch <maximilian@mbosch.me> | 2021-03-05 13:35:16 +0100 |
|---|---|---|
| committer | Maximilian Bosch <maximilian@mbosch.me> | 2021-03-05 13:35:16 +0100 |
| commit | 2838365903f0f9d363bad8a1a6da9d1f706c1bd6 (patch) | |
| tree | 1cea47ce9c2bc55d4940027f0b74650dc414f9e6 /nixos | |
| parent | b4bd584b640d0bee0ab5a2d8dbbaf4f5e4ee53db (diff) | |
nixos/prometheus/exporters: assert that `openFirewall` is `true` if `firewallFilter` is declared
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/monitoring/prometheus/exporters.nix | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index b453b2418f65..2c7653189454 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -3,7 +3,7 @@ let inherit (lib) concatStrings foldl foldl' genAttrs literalExample maintainers mapAttrsToList mkDefault mkEnableOption mkIf mkMerge mkOption - optional types; + optional types mkOptionDefault flip attrNames; cfg = config.services.prometheus.exporters; @@ -93,9 +93,8 @@ let ''; }; firewallFilter = mkOption { - type = types.str; - default = "-p tcp -m tcp --dport ${toString cfg.${name}.port}"; - defaultText = "-p tcp -m tcp --dport ${toString port}"; + type = types.nullOr types.str; + default = null; example = literalExample '' "-i eth0 -p tcp -m tcp --dport ${toString port}" ''; @@ -123,12 +122,14 @@ let mkSubModule = { name, port, extraOpts, imports }: { ${name} = mkOption { - type = types.submodule { + type = types.submodule [{ inherit imports; options = (mkExporterOpts { inherit name port; } // extraOpts); - }; + } ({ config, ... }: mkIf config.openFirewall { + firewallFilter = mkOptionDefault "-p tcp -m tcp --dport ${toString config.port}"; + })]; internal = true; default = {}; }; @@ -233,7 +234,13 @@ in Please specify either 'services.prometheus.exporters.sql.configuration' or 'services.prometheus.exporters.sql.configFile' ''; - } ]; + } ] ++ (flip map (attrNames cfg) (exporter: { + assertion = cfg.${exporter}.firewallFilter != null -> cfg.${exporter}.openFirewall; + message = '' + The `firewallFilter'-option of exporter ${exporter} doesn't have any effect unless + `openFirewall' is set to `true'! + ''; + })); }] ++ [(mkIf config.services.minio.enable { services.prometheus.exporters.minio.minioAddress = mkDefault "http://localhost:9000"; services.prometheus.exporters.minio.minioAccessKey = mkDefault config.services.minio.accessKey; |