about summary refs log tree commit diff
path: root/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix')
-rw-r--r--nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix8
1 files changed, 6 insertions, 2 deletions
diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix
index adc2abe0b91c..baac21b050f5 100644
--- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix
+++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix
@@ -11,7 +11,7 @@ in
     enabledCollectors = mkOption {
       type = types.listOf types.str;
       default = [];
-      example = ''[ "systemd" ]'';
+      example = [ "systemd" ];
       description = ''
         Collectors to enable. The collectors listed here are enabled in addition to the default ones.
       '';
@@ -19,7 +19,7 @@ in
     disabledCollectors = mkOption {
       type = types.listOf types.str;
       default = [];
-      example = ''[ "timex" ]'';
+      example = [ "timex" ];
       description = ''
         Collectors to disable which are enabled by default.
       '';
@@ -35,6 +35,10 @@ in
           ${concatMapStringsSep " " (x: "--no-collector." + x) cfg.disabledCollectors} \
           --web.listen-address ${cfg.listenAddress}:${toString cfg.port} ${concatStringsSep " " cfg.extraFlags}
       '';
+      # The systemd collector needs AF_UNIX
+      RestrictAddressFamilies = lib.optional (lib.any (x: x == "systemd") cfg.enabledCollectors) "AF_UNIX";
+      # The timex collector needs to access clock APIs
+      ProtectClock = lib.any (x: x == "timex") cfg.disabledCollectors;
     };
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-18 12:13:11 +0000