From 301e7b353cb83c61141c28896de9c57f0173a494 Mon Sep 17 00:00:00 2001 From: oddlama Date: Thu, 17 Aug 2023 10:51:47 +0200 Subject: [PATCH] fix: properly pass influx token to telegraf --- README.md | 2 -- modules/meta/telegraf.nix | 12 ++++++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 1325811..8d2a595 100644 --- a/README.md +++ b/README.md @@ -182,8 +182,6 @@ kanidm group add-members grafana-server-admins myuser kanidm group add-members web-sentinel-access myuser kanidm group add-members web-sentinel-adguardhome-access myuser kanidm group add-members web-sentinel-influxdb-access myuser - -# TODO influxdb temporary pw d0lRidLSqZ03W5BBjQ7Id3oM2zVE5jLrRUKcMXeYDk5WGabb ``` diff --git a/modules/meta/telegraf.nix b/modules/meta/telegraf.nix index 23b10a8..2ca47dc 100644 --- a/modules/meta/telegraf.nix +++ b/modules/meta/telegraf.nix @@ -106,7 +106,7 @@ in { services.telegraf = { enable = true; - environmentFiles = ["/run/telegraf/env"]; + environmentFiles = ["/dev/null"]; # Needed so the config file is copied to /run/telegraf extraConfig = { agent = { interval = "10s"; @@ -188,10 +188,14 @@ in { (mkIf cfg.scrapeSensors (pkgs.writeShellScriptBin "sensors" config.security.elewrap.telegraf-sensors.path)) ]; - preStart = mkAfter '' - echo "INFLUX_TOKEN=$(< ${config.age.secrets.telegraf-influxdb-token.path})" > /run/telegraf/env - ''; serviceConfig = { + Environment = "INFLUX_TOKEN=\$INFLUX_TOKEN"; # Required so the first envsubst in the original module doesn't change it + ExecStartPre = mkAfter [ + (pkgs.writeShellScript "pre-start-token" '' + export INFLUX_TOKEN=$(< ${config.age.secrets.telegraf-influxdb-token.path}) + ${pkgs.envsubst}/bin/envsubst -i /var/run/telegraf/config.toml -o /var/run/telegraf/config.toml + '') + ]; # For wireguard statistics AmbientCapabilities = ["CAP_NET_ADMIN"]; RestartSec = "600"; # Retry every 10 minutes