Loading nixos/modules/services/databases/victoriametrics.nix +34 −2 Original line number Diff line number Diff line Loading @@ -73,6 +73,22 @@ in ''; }; basicAuthUsername = lib.mkOption { default = null; type = lib.types.nullOr lib.types.str; description = '' Basic Auth username used to protect VictoriaMetrics instance by authorization ''; }; basicAuthPasswordFile = lib.mkOption { default = null; type = lib.types.nullOr lib.types.path; description = '' File that contains the Basic Auth password used to protect VictoriaMetrics instance by authorization ''; }; prometheusConfig = lib.mkOption { type = lib.types.submodule { freeformType = settingsFormat.type; }; default = { }; Loading Loading @@ -118,8 +134,6 @@ in default = [ ]; example = literalExpression '' [ "-httpAuth.username=username" "-httpAuth.password=file:///abs/path/to/file" "-loggerLevel=WARN" ] ''; Loading @@ -143,6 +157,16 @@ in }; config = lib.mkIf cfg.enable { assertions = [ { assertion = (cfg.basicAuthUsername == null && cfg.basicAuthPasswordFile == null) || (cfg.basicAuthUsername != null && cfg.basicAuthPasswordFile != null); message = "Both basicAuthUsername and basicAuthPasswordFile must be set together to enable basicAuth functionality, or neither should be set."; } ]; systemd.services.victoriametrics = { description = "VictoriaMetrics time series database"; wantedBy = [ "multi-user.target" ]; Loading @@ -153,9 +177,17 @@ in ExecStart = lib.escapeShellArgs ( startCLIList ++ lib.optionals (cfg.prometheusConfig != { }) [ "-promscrape.config=${prometheusConfigYml}" ] ++ lib.optional (cfg.basicAuthUsername != null) "-httpAuth.username=${cfg.basicAuthUsername}" ++ lib.optional ( cfg.basicAuthPasswordFile != null ) "-httpAuth.password=file://%d/basic_auth_password" ); DynamicUser = true; LoadCredential = lib.optionals (cfg.basicAuthPasswordFile != null) [ "basic_auth_password:${cfg.basicAuthPasswordFile}" ]; RestartSec = 1; Restart = "on-failure"; RuntimeDirectory = "victoriametrics"; Loading nixos/tests/victoriametrics/remote-write.nix +2 −4 Original line number Diff line number Diff line Loading @@ -22,10 +22,8 @@ in networking.firewall.allowedTCPPorts = [ 8428 ]; services.victoriametrics = { enable = true; extraOptions = [ "-httpAuth.username=${username}" "-httpAuth.password=file://${toString passwordFile}" ]; basicAuthUsername = username; basicAuthPasswordFile = toString passwordFile; }; }; Loading Loading
nixos/modules/services/databases/victoriametrics.nix +34 −2 Original line number Diff line number Diff line Loading @@ -73,6 +73,22 @@ in ''; }; basicAuthUsername = lib.mkOption { default = null; type = lib.types.nullOr lib.types.str; description = '' Basic Auth username used to protect VictoriaMetrics instance by authorization ''; }; basicAuthPasswordFile = lib.mkOption { default = null; type = lib.types.nullOr lib.types.path; description = '' File that contains the Basic Auth password used to protect VictoriaMetrics instance by authorization ''; }; prometheusConfig = lib.mkOption { type = lib.types.submodule { freeformType = settingsFormat.type; }; default = { }; Loading Loading @@ -118,8 +134,6 @@ in default = [ ]; example = literalExpression '' [ "-httpAuth.username=username" "-httpAuth.password=file:///abs/path/to/file" "-loggerLevel=WARN" ] ''; Loading @@ -143,6 +157,16 @@ in }; config = lib.mkIf cfg.enable { assertions = [ { assertion = (cfg.basicAuthUsername == null && cfg.basicAuthPasswordFile == null) || (cfg.basicAuthUsername != null && cfg.basicAuthPasswordFile != null); message = "Both basicAuthUsername and basicAuthPasswordFile must be set together to enable basicAuth functionality, or neither should be set."; } ]; systemd.services.victoriametrics = { description = "VictoriaMetrics time series database"; wantedBy = [ "multi-user.target" ]; Loading @@ -153,9 +177,17 @@ in ExecStart = lib.escapeShellArgs ( startCLIList ++ lib.optionals (cfg.prometheusConfig != { }) [ "-promscrape.config=${prometheusConfigYml}" ] ++ lib.optional (cfg.basicAuthUsername != null) "-httpAuth.username=${cfg.basicAuthUsername}" ++ lib.optional ( cfg.basicAuthPasswordFile != null ) "-httpAuth.password=file://%d/basic_auth_password" ); DynamicUser = true; LoadCredential = lib.optionals (cfg.basicAuthPasswordFile != null) [ "basic_auth_password:${cfg.basicAuthPasswordFile}" ]; RestartSec = 1; Restart = "on-failure"; RuntimeDirectory = "victoriametrics"; Loading
nixos/tests/victoriametrics/remote-write.nix +2 −4 Original line number Diff line number Diff line Loading @@ -22,10 +22,8 @@ in networking.firewall.allowedTCPPorts = [ 8428 ]; services.victoriametrics = { enable = true; extraOptions = [ "-httpAuth.username=${username}" "-httpAuth.password=file://${toString passwordFile}" ]; basicAuthUsername = username; basicAuthPasswordFile = toString passwordFile; }; }; Loading
