diff --git a/module.nix b/module.nix index 2e76d69..b8c38cb 100644 --- a/module.nix +++ b/module.nix @@ -103,6 +103,25 @@ in ``` ''; }; + + worker = { + listenHTTP = mkOption { + type = types.str; + default = "[::1]:9001"; + description = '' + Listen address for the HTTP server of the worker. + Overrides the default listen setting that's also used by the server. + ''; + }; + listenMetrics = mkOption { + type = types.str; + default = "[::1]:9301"; + description = '' + Listen address for the metrics server of the worker. + Overrides the default listen setting that's also used by the server. + ''; + }; + }; }; # LDAP oupost @@ -295,7 +314,14 @@ in preStart = '' ln -svf ${config.services.authentik.authentikComponents.staticWorkdirDeps}/* /run/authentik/ ''; - environment = mkMerge [ environment { TZ = tz; } ]; + environment = mkMerge [ + environment + { + TZ = tz; + AUTHENTIK_LISTEN__LISTEN_HTTP = cfg.worker.listenHTTP; + AUTHENTIK_LISTEN__LISTEN_METRICS = cfg.worker.listenMetrics; + } + ]; serviceConfig = mkMerge [ serviceDefaults { diff --git a/tests/minimal-vmtest.nix b/tests/minimal-vmtest.nix index dfb7c52..12c35df 100644 --- a/tests/minimal-vmtest.nix +++ b/tests/minimal-vmtest.nix @@ -91,5 +91,12 @@ pkgs.nixosTest { machine.succeed("su - alice -c 'firefox http://localhost/' >&2 &") machine.wait_for_text("authentik") machine.screenshot("5_nginx_proxies_requests") + + with subtest("metrics & worker"): + machine.wait_for_open_port(9300) + machine.wait_for_open_port(9301) + + print(machine.succeed("curl -L localhost:9300/metrics | grep authentik_outpost_connection | grep 'Embedded'")) + print(machine.succeed("curl -L localhost:9301/metrics | grep authentik_tasks_total")) ''; }