services: zabbix-server: Do not write database password to the store.

* gnu/services/monitoring.scm (zabbix-front-end-config): Read the secret file from zabbix.conf.php at runtime instead of embedding the contents.
2022-01-26 09:28:46 +01:00 · 2022-01-26 09:28:46 +01:00 · 078f5bfae7
parent 440ad14128
commit 078f5bfae7
1 changed files with 5 additions and 6 deletions
--- a/gnu/services/monitoring.scm
+++ b/gnu/services/monitoring.scm
@ -577,7 +577,7 @@ $DB['SERVER']   = '" db-host "';
 $DB['PORT']     = '" (number->string db-port) "';
 $DB['DATABASE'] = '" db-name "';
 $DB['USER']     = '" db-user "';
-$DB['PASSWORD'] = '" (let ((file (location-file %location))
+$DB['PASSWORD'] = " (let ((file (location-file %location))
                           (line (location-line %location))
                           (column (location-column %location)))
                       (if (string-null? db-password)
@ -592,15 +592,14 @@ $DB['PASSWORD'] = '" (let ((file (location-file %location))
                                       (condition
                                        (&error-location
                                         (location %location)))))
-                               (string-trim-both
+                               (string-append "trim(file_get_contents('"
-                                (with-input-from-file db-secret-file
+                                              db-secret-file "'));\n"))
                                  read-string)))
                           (begin
                             (display-hint (format #f (G_ "~a:~a:~a: ~a:
 Consider using @code{db-secret-file} instead of @code{db-password} for better
 security.") file line column 'zabbix-front-end-configuration))
-                             db-password))) "';
+                             db-password)))
-
+"
 // Schema name. Used for IBM DB2 and PostgreSQL.
 $DB['SCHEMA'] = '';