From 62f35da2a1d8bee6fcbf650e282f09e161b98c88 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 4 Jan 2025 17:48:56 +0100 Subject: [PATCH] nixos/prometheus-exporters/fastly: fix secret handling The exporter expects the token as an environment variable, not a path to the file containing the token. --- .../services/monitoring/prometheus/exporters/fastly.nix | 9 ++++----- nixos/tests/prometheus-exporters.nix | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/monitoring/prometheus/exporters/fastly.nix b/nixos/modules/services/monitoring/prometheus/exporters/fastly.nix index e470ebe2eb592..dab8b7a283b82 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/fastly.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/fastly.nix @@ -31,18 +31,17 @@ in ''; }; - tokenPath = mkOption { + environmentFile = mkOption { type = path; description = '' - A run-time path to the token file, which is supposed to be provisioned - outside of Nix store. + An environment file containg at least the FASTLY_API_TOKEN= environment + variable. ''; }; }; serviceOpts = { serviceConfig = { - LoadCredential = "fastly-api-token:${cfg.tokenPath}"; - Environment = [ "FASTLY_API_TOKEN=%d/fastly-api-token" ]; + EnvironmentFile = cfg.environmentFile; ExecStart = escapeSystemdExecArgs ( [ (getExe pkgs.prometheus-fastly-exporter) diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix index c15a3fd20b021..c20b3e4f99fe9 100644 --- a/nixos/tests/prometheus-exporters.nix +++ b/nixos/tests/prometheus-exporters.nix @@ -399,7 +399,7 @@ let fastly = { exporterConfig = { enable = true; - tokenPath = pkgs.writeText "token" "abc123"; + environmentFile = pkgs.writeText "fastly-exporter-env" "FASTLY_API_TOKEN=abc123"; }; exporterTest = ''