From 41387135ddb01d84049d1931292cacabbde54a34 Mon Sep 17 00:00:00 2001 From: talyz Date: Fri, 4 Jun 2021 18:19:04 +0200 Subject: [PATCH] nixos/grafana: Add error handling to service script Without this, the services starts even if files are missing or prerequisite commands fail, which can lead to incorrect initial state. --- nixos/modules/services/monitoring/grafana.nix | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/monitoring/grafana.nix b/nixos/modules/services/monitoring/grafana.nix index 1dd740014fa8..b243e24591e6 100644 --- a/nixos/modules/services/monitoring/grafana.nix +++ b/nixos/modules/services/monitoring/grafana.nix @@ -640,20 +640,28 @@ in { QT_QPA_PLATFORM = "offscreen"; } // mapAttrs' (n: v: nameValuePair "GF_${n}" (toString v)) envOptions; script = '' + set -o errexit -o pipefail -o nounset -o errtrace + shopt -s inherit_errexit + ${optionalString (cfg.auth.google.clientSecretFile != null) '' - export GF_AUTH_GOOGLE_CLIENT_SECRET="$(cat ${escapeShellArg cfg.auth.google.clientSecretFile})" + GF_AUTH_GOOGLE_CLIENT_SECRET="$(<${escapeShellArg cfg.auth.google.clientSecretFile})" + export GF_AUTH_GOOGLE_CLIENT_SECRET ''} ${optionalString (cfg.database.passwordFile != null) '' - export GF_DATABASE_PASSWORD="$(cat ${escapeShellArg cfg.database.passwordFile})" + GF_DATABASE_PASSWORD="$(<${escapeShellArg cfg.database.passwordFile})" + export GF_DATABASE_PASSWORD ''} ${optionalString (cfg.security.adminPasswordFile != null) '' - export GF_SECURITY_ADMIN_PASSWORD="$(cat ${escapeShellArg cfg.security.adminPasswordFile})" + GF_SECURITY_ADMIN_PASSWORD="$(<${escapeShellArg cfg.security.adminPasswordFile})" + export GF_SECURITY_ADMIN_PASSWORD ''} ${optionalString (cfg.security.secretKeyFile != null) '' - export GF_SECURITY_SECRET_KEY="$(cat ${escapeShellArg cfg.security.secretKeyFile})" + GF_SECURITY_SECRET_KEY="$(<${escapeShellArg cfg.security.secretKeyFile})" + export GF_SECURITY_SECRET_KEY ''} ${optionalString (cfg.smtp.passwordFile != null) '' - export GF_SMTP_PASSWORD="$(cat ${escapeShellArg cfg.smtp.passwordFile})" + GF_SMTP_PASSWORD="$(<${escapeShellArg cfg.smtp.passwordFile})" + export GF_SMTP_PASSWORD ''} ${optionalString cfg.provision.enable '' export GF_PATHS_PROVISIONING=${provisionConfDir};