amazon-cloudwatch-agent: let users specify configuration file paths

NixOS · Nov 23, 2024 · 694515b · 694515b
1 parent 5bc0af1
commit 694515b
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 16 deletions.
diff --git a/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix b/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix
@@ -10,27 +10,52 @@ let
   tomlFormat = pkgs.formats.toml { };
   jsonFormat = pkgs.formats.json { };
 
-  commonConfigurationFile = tomlFormat.generate "common-config.toml" cfg.commonConfiguration;
-  configurationFile = jsonFormat.generate "amazon-cloudwatch-agent.json" cfg.configuration;
+  commonConfigurationFile =
+    if (cfg.commonConfigurationFile == null) then
+      (tomlFormat.generate "common-config.toml" cfg.commonConfiguration)
+    else
+      cfg.commonConfigurationFile;
+  configurationFile =
+    if (cfg.configurationFile == null) then
+      (jsonFormat.generate "amazon-cloudwatch-agent.json" cfg.configuration)
+    else
+      cfg.configurationFile;
   # See https://docs.aws.amazon.com/prescriptive-guidance/latest/implementing-logging-monitoring-cloudwatch/create-store-cloudwatch-configurations.html#store-cloudwatch-configuration-s3.
   #
   # We don't use the multiple JSON configuration files feature,
   # but "config-translator" will log a benign error if the "-input-dir" option is omitted or is a non-existent directory.
   #
   # Create an empty directory to hide this benign error log. This prevents false-positives if users filter for "error" in the agent logs.
   configurationDirectory = pkgs.runCommand "amazon-cloudwatch-agent.d" { } "mkdir $out";
+
+  # Import the resolved configuration file to get "agent.run_as_user".
+  configuration = lib.importJSON configurationFile;
 in
 {
   options.services.amazon-cloudwatch-agent = {
     enable = lib.mkEnableOption "Amazon CloudWatch Agent";
     package = lib.mkPackageOption pkgs "amazon-cloudwatch-agent" { };
+    commonConfigurationFile = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      default = null;
+      description = ''
+        Amazon CloudWatch Agent common configuration. See
+        <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-commandline-fleet.html#CloudWatch-Agent-profile-instance-first>
+        for supported values.
+
+        {option}`commonConfigurationFile` takes precedence over {option}`commonConfiguration`.
+      '';
+      example = /etc/amazon-cloudwatch-agent/amazon-cloudwatch-agent.json;
+    };
     commonConfiguration = lib.mkOption {
       type = tomlFormat.type;
       default = { };
       description = ''
         Amazon CloudWatch Agent common configuration. See
         <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-commandline-fleet.html#CloudWatch-Agent-profile-instance-first>
         for supported values.
+
+        {option}`commonConfigurationFile` takes precedence over {option}`commonConfiguration`.
       '';
       example = {
         credentials = {
@@ -44,13 +69,27 @@ in
         };
       };
     };
+    configurationFile = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      default = null;
+      description = ''
+        Amazon CloudWatch Agent configuration file. See
+        <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html>
+        for supported values.
+
+        {option}`configurationFile` takes precedence over {option}`configuration`.
+      '';
+      example = /etc/amazon-cloudwatch-agent/amazon-cloudwatch-agent.json;
+    };
     configuration = lib.mkOption {
       type = jsonFormat.type;
       default = { };
       description = ''
         Amazon CloudWatch Agent configuration. See
         <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html>
         for supported values.
+
+        {option}`configurationFile` takes precedence over {option}`configuration`.
       '';
       # Subset of "CloudWatch agent configuration file: Complete examples" and "CloudWatch agent configuration file: Traces section" in the description link.
       #
@@ -122,7 +161,7 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    # See https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300048.1/packaging/dependencies/amazon-cloudwatch-agent.service.
+    # See https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300049.1/packaging/dependencies/amazon-cloudwatch-agent.service.
     systemd.services.amazon-cloudwatch-agent = {
       description = "Amazon CloudWatch Agent";
       after = [ "network.target" ];
@@ -140,10 +179,7 @@ in
         # 3. Runs "amazon-cloudwatch-agent" with the paths to these generated files.
         #
         # Re-implementing with systemd options.
-        User = lib.attrByPath [
-          "agent"
-          "run_as_user"
-        ] "root" cfg.configuration;
+        User = configuration.agent.run_as_user or "root";
         RuntimeDirectory = "amazon-cloudwatch-agent";
         LogsDirectory = "amazon-cloudwatch-agent";
         ExecStartPre = ''
@@ -165,13 +201,17 @@ in
         Restart = "on-failure";
         RestartSec = 60;
       };
-      restartTriggers = [
-        cfg.package
-        commonConfigurationFile
-        configurationFile
-        configurationDirectory
-        cfg.mode
-      ];
+      restartTriggers =
+        [
+          cfg.package
+          cfg.mode
+          configurationDirectory
+        ]
+        # Use hashes instead of contents since contents may be long.
+        ++ (map (file: builtins.hashFile "sha256" file) [
+          commonConfigurationFile
+          configurationFile
+        ]);
     };
   };
 

diff --git a/pkgs/by-name/am/amazon-cloudwatch-agent/package.nix b/pkgs/by-name/am/amazon-cloudwatch-agent/package.nix
@@ -22,7 +22,7 @@ buildGoModule rec {
 
   vendorHash = "sha256-zsASHuTXL3brRlgLPNb4wFPHkYpUWbOdRDCXQUwZjIY=";
 
-  # See the list in https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300048.1/Makefile#L68-L77.
+  # See the list in https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300049.1/Makefile#L68-L77.
   subPackages = [
     "cmd/config-downloader"
     "cmd/config-translator"
@@ -32,7 +32,7 @@ buildGoModule rec {
     "cmd/amazon-cloudwatch-agent-config-wizard"
   ];
 
-  # See https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300048.1/Makefile#L57-L64.
+  # See https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300049.1/Makefile#L57-L64.
   #
   # Needed for "amazon-cloudwatch-agent -version" to not show "Unknown".
   postInstall = ''