From 67340baa9b1093d7551b13e774911076a666f020 Mon Sep 17 00:00:00 2001
From: Volth <volth@webmaster.ms>
Date: Fri, 30 Jun 2017 00:44:03 +0000
Subject: collectd service: minor refactoring

* removed pid-file support, it is needless to run collectd as systemd service
* removed static user id, as all the files reowned on the service start
* added ambient capabilities for ping and smart (hdd health) functions
---
 nixos/modules/misc/ids.nix                     |  2 +-
 nixos/modules/services/monitoring/collectd.nix | 37 ++++++--------------------
 2 files changed, 9 insertions(+), 30 deletions(-)

(limited to 'nixos')

diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index 22059bb7fbbb..5ac5764cd7cb 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -166,7 +166,7 @@
       dnsmasq = 141;
       uhub = 142;
       yandexdisk = 143;
-      collectd = 144;
+      #collectd = 144; #unused
       consul = 145;
       mailpile = 146;
       redmine = 147;
diff --git a/nixos/modules/services/monitoring/collectd.nix b/nixos/modules/services/monitoring/collectd.nix
index 79a8a1ff5aed..eff1aecc9108 100644
--- a/nixos/modules/services/monitoring/collectd.nix
+++ b/nixos/modules/services/monitoring/collectd.nix
@@ -7,7 +7,6 @@ let
 
   conf = pkgs.writeText "collectd.conf" ''
     BaseDir "${cfg.dataDir}"
-    PIDFile "${cfg.pidFile}"
     AutoLoadPlugin ${boolToString cfg.autoLoadPlugin}
     Hostname "${config.networking.hostName}"
 
@@ -26,13 +25,7 @@ let
 
 in {
   options.services.collectd = with types; {
-    enable = mkOption {
-      default = false;
-      description = ''
-        Whether to enable collectd agent.
-      '';
-      type = bool;
-    };
+    enable = mkEnableOption "collectd agent";
 
     package = mkOption {
       default = pkgs.collectd;
@@ -59,14 +52,6 @@ in {
       type = path;
     };
 
-    pidFile = mkOption {
-      default = "/var/run/collectd.pid";
-      description = ''
-        Location of collectd pid file.
-      '';
-      type = path;
-    };
-
     autoLoadPlugin = mkOption {
       default = false;
       description = ''
@@ -100,27 +85,21 @@ in {
       wantedBy = [ "multi-user.target" ];
 
       serviceConfig = {
-        ExecStart = "${cfg.package}/sbin/collectd -C ${conf} -P ${cfg.pidFile}";
-        Type = "forking";
-        PIDFile = cfg.pidFile;
-        User = optional (cfg.user!="root") cfg.user;
+        ExecStart = "${cfg.package}/sbin/collectd -C ${conf} -f";
+        User = cfg.user;
+        AmbientCapabilities = "cap_net_raw cap_dac_override"; # cap_net_raw for ping, cap_dac_override for smart
         PermissionsStartOnly = true;
       };
 
       preStart = ''
-        mkdir -p ${cfg.dataDir}
-        chmod 755 ${cfg.dataDir}
-        install -D /dev/null ${cfg.pidFile}
-        if [ "$(id -u)" = 0 ]; then
-          chown -R ${cfg.user} ${cfg.dataDir};
-          chown ${cfg.user} ${cfg.pidFile}
-        fi
+        mkdir -p "${cfg.dataDir}"
+        chmod 755 "${cfg.dataDir}"
+        chown -R ${cfg.user} "${cfg.dataDir}"
       '';
-    }; 
+    };
 
     users.extraUsers = optional (cfg.user == "collectd") {
       name = "collectd";
-      uid = config.ids.uids.collectd;
     };
   };
 }
-- 
cgit 1.4.1


From a1212c77849f11c7334647936a2621c558fd8b28 Mon Sep 17 00:00:00 2001
From: Volth <volth@webmaster.ms>
Date: Fri, 30 Jun 2017 11:57:46 +0000
Subject: collectd service: removed insecure AmbientCapabilities

---
 nixos/modules/services/monitoring/collectd.nix | 1 -
 1 file changed, 1 deletion(-)

(limited to 'nixos')

diff --git a/nixos/modules/services/monitoring/collectd.nix b/nixos/modules/services/monitoring/collectd.nix
index eff1aecc9108..dfbac3446e03 100644
--- a/nixos/modules/services/monitoring/collectd.nix
+++ b/nixos/modules/services/monitoring/collectd.nix
@@ -87,7 +87,6 @@ in {
       serviceConfig = {
         ExecStart = "${cfg.package}/sbin/collectd -C ${conf} -f";
         User = cfg.user;
-        AmbientCapabilities = "cap_net_raw cap_dac_override"; # cap_net_raw for ping, cap_dac_override for smart
         PermissionsStartOnly = true;
       };
 
-- 
cgit 1.4.1