From 10c6be32e42127c8fa3656c521dea02ac6717004 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Mon, 14 Aug 2023 18:05:25 +0200
Subject: [PATCH] nixos/tempo: add `extraFlags` option

Main use-case for me is to specify `-config.expand-env=true` which
allows me inject secrets via systemd's environment file mechanism[1]
like this:

    storage.trace.s3 = {
      /* all the other stuff */
      secret_key = "\${GARAGE_SECRET_KEY}";
    };

[1] https://grafana.com/docs/tempo/latest/configuration/#use-environment-variables-in-the-configuration
---
 nixos/modules/services/tracing/tempo.nix | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/tracing/tempo.nix b/nixos/modules/services/tracing/tempo.nix
index 4a098c31effe..0b9ca2398b16 100644
--- a/nixos/modules/services/tracing/tempo.nix
+++ b/nixos/modules/services/tracing/tempo.nix
@@ -27,6 +27,18 @@ in {
         Specify a path to a configuration file that Tempo should use.
       '';
     };
+
+    extraFlags = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      example = lib.literalExpression
+        ''
+          [ "-config.expand-env=true" ]
+        '';
+      description = lib.mdDoc ''
+        Additional flags to pass to the `ExecStart=` in `tempo.service`.
+      '';
+    };
   };
 
   config = mkIf cfg.enable {
@@ -54,7 +66,7 @@ in {
                else cfg.configFile;
       in
       {
-        ExecStart = "${pkgs.tempo}/bin/tempo --config.file=${conf}";
+        ExecStart = "${pkgs.tempo}/bin/tempo --config.file=${conf} ${lib.escapeShellArgs cfg.extraFlags}";
         DynamicUser = true;
         Restart = "always";
         ProtectSystem = "full";