fix(channel-scripts): push OTLP properly now

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 19:56:46 +02:00 · 2024-08-31 19:56:46 +02:00 · c2ad3d6d26
parent 4c7943349b
commit c2ad3d6d26
2 changed files with 11 additions and 51 deletions
--- a/flake.lock
+++ b/flake.lock
@ -108,11 +108,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1725126502,
-        "narHash": "sha256-Xyxyvb+Hr/Gn8MPb1b9QXJRTNOS2M52zz6rEjfcLsyU=",
+        "lastModified": 1725126704,
+        "narHash": "sha256-evjwB70VXzEmEs+07pf4MfAmM+Gtl2JYRfsW+9Jbhaw=",
        "ref": "refs/heads/main",
-        "rev": "3934bcbb39994cd99b2dbf919d2ec1d1f5ccd2cc",
-        "revCount": 259,
+        "rev": "6c79be63e7f08ccded0f792dfc15de987299c92b",
+        "revCount": 260,
        "type": "git",
        "url": "https://git.lix.systems/the-distro/channel-scripts.git"
      },
--- a/services/channel-scripts/default.nix
+++ b/services/channel-scripts/default.nix
@ -21,6 +21,8 @@ let
          cfg.releaseBucketCredentialsFile
        ];
        Environment = cfg.extraEnvironment;
+        # TODO: we should have our own secret for this.
+        LoadCredential = [ "password:${config.age.secrets.alloy-push-password.path}" ];
      };
      unitConfig.After = [ "networking.target" ];
      script =
@ -32,6 +34,8 @@ let
        fi
        GIT_DIR=$dir git config remote.origin.fetch '+refs/heads/*:refs/remotes/origin/*'

+        CREDENTIAL=$(echo -en "promtail:$(cat $CREDENTIALS_DIRECTORY/password)" | base64)
+        export OTEL_EXPORTER_OTLP_HEADERS="Authorization=Basic $CREDENTIAL"
        # TODO: use escapeShellArgs
        exec ${cfg.package}/bin/mirror-forkos -c ${configFile} ${concatStringsSep " " cfg.extraArgs} apply ${channelName} ${mainJob}
      '';
@ -138,6 +142,9 @@ in
  };

  config = mkIf cfg.enable {
+    bagel.nixpkgs.channel-scripts.extraEnvironment = mkIf cfg.otlp.enable [
+      ''OTEL_EXPORTER_OTLP_TRACES_ENDPOINT="https://tempo.forkos.org/v1/traces"''
+    ];
    bagel.nixpkgs.channel-scripts.settings = {
      hydra_uri = cfg.hydraUrl;
      binary_cache_uri = cfg.binaryCacheUrl;
@ -147,53 +154,6 @@ in
      s3_channel_bucket_name = cfg.s3.channel;
    };

-#     services.alloy = {
-#       enable = cfg.otlp.enable;
-#     };
-#
-#     bagel.services.channel-scripts.extraEnvironment = mkIf cfg.otlp.enable {
-#       OTLP_EXPORTER_OTLP_ENDPOINT = "127.0.0.1:9000";
-#       OTEL_EXPORTER_OTLP_PROTOCOL = "grpc";
-#     };
-#
-#     environment.etc."alloy/config.alloy".text = ''
-#       otelcol.auth.basic "forkos" {
-#         username = "promtail"
-#         password = env("/run/credentials/alloy.service/password")
-#       }
-#       otelcol.receiver.otlp "default" {
-#         grpc {
-#           endpoint = "127.0.0.1:9000"
-#         }
-#
-#         output {
-#           metrics = [otelcol.processor.batch.default.input]
-#           logs    = [otelcol.processor.batch.default.input]
-#           traces  = [otelcol.processor.batch.default.input]
-#         }
-#       }
-#
-#       otelcol.processor.batch "default" {
-#         output {
-#           metrics = [otelcol.exporter.otlp.default.input]
-#           logs    = [otelcol.exporter.otlp.default.input]
-#           traces  = [otelcol.exporter.otlp.default.input]
-#         }
-#       }
-#
-#       otelcol.exporter.otlp "default" {
-#         client {
-#           endpoint {
-#             url = "https://tempo.forkos.org"
-#             basic_auth {
-#               username = "promtail"
-#               password_file = "/run/credentials/alloy.service/password"
-#             }
-#           }
-#         }
-#       }
-#     '';
-#
    users.users.channel-scripts = {
      description = "Channel scripts user";
      isSystemUser = true;