cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #130520 from Mic92/telegraf

Browse source 
nixos/telegraf: don't run as nogroup
This commit is contained in:
Jörg Thalheim 2021-07-18 12:08:39 +01:00 committed by GitHub
commit aa5d9ad832
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
nixos/modules/services/monitoring/telegraf.nix
View file

@ -25,10 +25,9 @@ in {
default = [];
example = "/run/keys/telegraf.env";
description = ''
File to load as environment file. Environment variables
from this file will be interpolated into the config file
using envsubst with this syntax:
<literal>$ENVIRONMENT ''${VARIABLE}</literal>
File to load as environment file. Environment variables from this file
will be interpolated into the config file using envsubst with this
syntax: <literal>$ENVIRONMENT</literal> or <literal>''${VARIABLE}</literal>.
This is useful to avoid putting secrets into the nix store.
'';
};
@ -73,6 +72,7 @@ in {
ExecReload="${pkgs.coreutils}/bin/kill -HUP $MAINPID";
RuntimeDirectory = "telegraf";
User = "telegraf";
Group = "telegraf";
Restart = "on-failure";
# for ping probes
AmbientCapabilities = [ "CAP_NET_RAW" ];
@ -81,7 +81,10 @@ in {
users.users.telegraf = {
uid = config.ids.uids.telegraf;
group = "telegraf";
description = "telegraf daemon user";
};
users.groups.telegraf = {};
};
}