diff options
| author | Marius Bakke <marius@gnu.org> | 2022-01-26 09:28:46 +0100 |
|---|---|---|
| committer | Marius Bakke <marius@gnu.org> | 2022-01-26 09:31:46 +0100 |
| commit | 078f5bfae7ee174177791defcfd350117a503a6d (patch) | |
| tree | a5a783e7dc702078de884630c49d8aa7afa2c665 | |
| parent | 440ad14128f27d511f3b8ec4cce964b94304e4dc (diff) | |
| download | guix-patches-078f5bfae7ee174177791defcfd350117a503a6d.tar guix-patches-078f5bfae7ee174177791defcfd350117a503a6d.tar.gz | |
services: zabbix-server: Do not write database password to the store.
* gnu/services/monitoring.scm (zabbix-front-end-config): Read the secret file
from zabbix.conf.php at runtime instead of embedding the contents.
| -rw-r--r-- | gnu/services/monitoring.scm | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm index 5337161462..1b49dbd3cb 100644 --- a/gnu/services/monitoring.scm +++ b/gnu/services/monitoring.scm @@ -577,7 +577,7 @@ $DB['SERVER'] = '" db-host "'; $DB['PORT'] = '" (number->string db-port) "'; $DB['DATABASE'] = '" db-name "'; $DB['USER'] = '" db-user "'; -$DB['PASSWORD'] = '" (let ((file (location-file %location)) +$DB['PASSWORD'] = " (let ((file (location-file %location)) (line (location-line %location)) (column (location-column %location))) (if (string-null? db-password) @@ -592,15 +592,14 @@ $DB['PASSWORD'] = '" (let ((file (location-file %location)) (condition (&error-location (location %location))))) - (string-trim-both - (with-input-from-file db-secret-file - read-string))) + (string-append "trim(file_get_contents('" + db-secret-file "'));\n")) (begin (display-hint (format #f (G_ "~a:~a:~a: ~a: Consider using @code{db-secret-file} instead of @code{db-password} for better security.") file line column 'zabbix-front-end-configuration)) - db-password))) "'; - + db-password))) +" // Schema name. Used for IBM DB2 and PostgreSQL. $DB['SCHEMA'] = ''; |