From da7aeb1b7d24eb166201aa186092e1e2907a3b50 Mon Sep 17 00:00:00 2001 From: Enno Lohmeier Date: Mon, 18 Feb 2019 21:52:13 +0100 Subject: [PATCH] prometheus: add tls_config --- .../monitoring/prometheus/default.nix | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/nixos/modules/services/monitoring/prometheus/default.nix b/nixos/modules/services/monitoring/prometheus/default.nix index 25385be97043d2..0d73551dc071ea 100644 --- a/nixos/modules/services/monitoring/prometheus/default.nix +++ b/nixos/modules/services/monitoring/prometheus/default.nix @@ -237,6 +237,14 @@ let Optional http login credentials for metrics scraping. ''; }; + tls_config = mkOption { + type = types.nullOr promTypes.tls_config; + default = null; + apply = x: mapNullable _filter x; + description = '' + Configures the scrape request's TLS settings. + ''; + }; dns_sd_configs = mkOption { type = types.listOf promTypes.dns_sd_config; default = []; @@ -431,6 +439,48 @@ let }; }; + promTypes.tls_config = types.submodule { + options = { + ca_file = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + CA certificate to validate API server certificate with. + ''; + }; + cert_file = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Certificate file for client cert authentication to the server. + ''; + }; + key_file = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Key file for client cert authentication to the server. + ''; + }; + server_name = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + ServerName extension to indicate the name of the server. + http://tools.ietf.org/html/rfc4366#section-3.1 + ''; + }; + insecure_skip_verify = mkOption { + type = types.bool; + default = false; + description = '' + Disable validation of the server certificate. + ''; + }; + }; + }; + + in { options = { services.prometheus = {