From 078f5bfae7ee174177791defcfd350117a503a6d Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 26 Jan 2022 09:28:46 +0100 Subject: services: zabbix-server: Do not write database password to the store. * gnu/services/monitoring.scm (zabbix-front-end-config): Read the secret file from zabbix.conf.php at runtime instead of embedding the contents. --- gnu/services/monitoring.scm | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm index 5337161462..1b49dbd3cb 100644 --- a/gnu/services/monitoring.scm +++ b/gnu/services/monitoring.scm @@ -577,7 +577,7 @@ (define (zabbix-front-end-config config) $DB['PORT'] = '" (number->string db-port) "'; $DB['DATABASE'] = '" db-name "'; $DB['USER'] = '" db-user "'; -$DB['PASSWORD'] = '" (let ((file (location-file %location)) +$DB['PASSWORD'] = " (let ((file (location-file %location)) (line (location-line %location)) (column (location-column %location))) (if (string-null? db-password) @@ -592,15 +592,14 @@ (define (zabbix-front-end-config config) (condition (&error-location (location %location))))) - (string-trim-both - (with-input-from-file db-secret-file - read-string))) + (string-append "trim(file_get_contents('" + db-secret-file "'));\n")) (begin (display-hint (format #f (G_ "~a:~a:~a: ~a: Consider using @code{db-secret-file} instead of @code{db-password} for better security.") file line column 'zabbix-front-end-configuration)) - db-password))) "'; - + db-password))) +" // Schema name. Used for IBM DB2 and PostgreSQL. $DB['SCHEMA'] = ''; -- cgit v1.2.3