summary refs log tree commit diff
path: root/gnu/services
diff options
context:
space:
mode:
authorMarius Bakke <marius@gnu.org>2022-01-26 09:28:46 +0100
committerMarius Bakke <marius@gnu.org>2022-01-26 09:31:46 +0100
commit078f5bfae7ee174177791defcfd350117a503a6d (patch)
treea5a783e7dc702078de884630c49d8aa7afa2c665 /gnu/services
parent440ad14128f27d511f3b8ec4cce964b94304e4dc (diff)
downloadguix-078f5bfae7ee174177791defcfd350117a503a6d.tar.gz
services: zabbix-server: Do not write database password to the store.
* gnu/services/monitoring.scm (zabbix-front-end-config): Read the secret file
from zabbix.conf.php at runtime instead of embedding the contents.
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/monitoring.scm11
1 files changed, 5 insertions, 6 deletions
diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm
index 5337161462..1b49dbd3cb 100644
--- a/gnu/services/monitoring.scm
+++ b/gnu/services/monitoring.scm
@@ -577,7 +577,7 @@ $DB['SERVER']   = '" db-host "';
 $DB['PORT']     = '" (number->string db-port) "';
 $DB['DATABASE'] = '" db-name "';
 $DB['USER']     = '" db-user "';
-$DB['PASSWORD'] = '" (let ((file (location-file %location))
+$DB['PASSWORD'] = " (let ((file (location-file %location))
                            (line (location-line %location))
                            (column (location-column %location)))
                        (if (string-null? db-password)
@@ -592,15 +592,14 @@ $DB['PASSWORD'] = '" (let ((file (location-file %location))
                                        (condition
                                         (&error-location
                                          (location %location)))))
-                               (string-trim-both
-                                (with-input-from-file db-secret-file
-                                  read-string)))
+                               (string-append "trim(file_get_contents('"
+                                              db-secret-file "'));\n"))
                            (begin
                              (display-hint (format #f (G_ "~a:~a:~a: ~a:
 Consider using @code{db-secret-file} instead of @code{db-password} for better
 security.") file line column 'zabbix-front-end-configuration))
-                             db-password))) "';
-
+                             db-password)))
+"
 // Schema name. Used for IBM DB2 and PostgreSQL.
 $DB['SCHEMA'] = '';