diff options
author | Frederik Rietdijk <fridh@fridh.nl> | 2019-08-02 23:27:18 +0200 |
---|---|---|
committer | Frederik Rietdijk <fridh@fridh.nl> | 2019-08-02 23:27:18 +0200 |
commit | d20a59d2e575f84b300a8a1cb7747fea2a890b72 (patch) | |
tree | b3a2606b0bb21d4657be92a193f0de359276a474 /nixos/modules/services/monitoring/prometheus/exporters.nix | |
parent | 92f3ea646e287535e4978d5875b80e393ea8ea4e (diff) | |
parent | 66644848cb2e801740970c89dc72a2c3a715bce2 (diff) | |
download | nixlib-d20a59d2e575f84b300a8a1cb7747fea2a890b72.tar nixlib-d20a59d2e575f84b300a8a1cb7747fea2a890b72.tar.gz nixlib-d20a59d2e575f84b300a8a1cb7747fea2a890b72.tar.bz2 nixlib-d20a59d2e575f84b300a8a1cb7747fea2a890b72.tar.lz nixlib-d20a59d2e575f84b300a8a1cb7747fea2a890b72.tar.xz nixlib-d20a59d2e575f84b300a8a1cb7747fea2a890b72.tar.zst nixlib-d20a59d2e575f84b300a8a1cb7747fea2a890b72.zip |
Merge master into staging-next
Diffstat (limited to 'nixos/modules/services/monitoring/prometheus/exporters.nix')
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/exporters.nix | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index 03f3da75b148..2ab8910ff9db 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -33,6 +33,7 @@ let "nginx" "node" "postfix" + "postgres" "snmp" "surfboard" "tor" @@ -87,7 +88,7 @@ let }; user = mkOption { type = types.str; - default = "nobody"; + default = "${name}-exporter"; description = '' User name under which the ${name} exporter shall be run. Has no effect when <option>systemd.services.prometheus-${name}-exporter.serviceConfig.DynamicUser</option> is true. @@ -95,7 +96,7 @@ let }; group = mkOption { type = types.str; - default = "nobody"; + default = "${name}-exporter"; description = '' Group under which the ${name} exporter shall be run. Has no effect when <option>systemd.services.prometheus-${name}-exporter.serviceConfig.DynamicUser</option> is true. @@ -126,8 +127,23 @@ let ); mkExporterConf = { name, conf, serviceOpts }: + let + enableDynamicUser = serviceOpts.serviceConfig.DynamicUser or true; + in mkIf conf.enable { warnings = conf.warnings or []; + users.users = (mkIf (conf.user == "${name}-exporter" && !enableDynamicUser) { + "${name}-exporter" = { + description = '' + Prometheus ${name} exporter service user + ''; + isSystemUser = true; + inherit (conf) group; + }; + }); + users.groups = (mkIf (conf.group == "${name}-exporter" && !enableDynamicUser) { + "${name}-exporter" = {}; + }); networking.firewall.extraCommands = mkIf conf.openFirewall (concatStrings [ "ip46tables -A nixos-fw ${conf.firewallFilter} " "-m comment --comment ${name}-exporter -j nixos-fw-accept" @@ -138,7 +154,8 @@ let serviceConfig.Restart = mkDefault "always"; serviceConfig.PrivateTmp = mkDefault true; serviceConfig.WorkingDirectory = mkDefault /tmp; - } serviceOpts ] ++ optional (!(serviceOpts.serviceConfig.DynamicUser or false)) { + serviceConfig.DynamicUser = mkDefault enableDynamicUser; + } serviceOpts ] ++ optional (!enableDynamicUser) { serviceConfig.User = conf.user; serviceConfig.Group = conf.group; }); |