cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #130520 from Mic92/telegraf

Browse source 
nixos/telegraf: don't run as nogroup
This commit is contained in:
Jörg Thalheim 2021-07-18 12:08:39 +01:00 committed by GitHub
commit aa5d9ad832
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
nixos/modules/services/monitoring/telegraf.nix
View file

@ -25,10 +25,9 @@ in {
default = []; default = [];
example = "/run/keys/telegraf.env"; example = "/run/keys/telegraf.env";
description = '' description = ''
File to load as environment file. Environment variables File to load as environment file. Environment variables from this file
from this file will be interpolated into the config file will be interpolated into the config file using envsubst with this
using envsubst with this syntax: syntax: <literal>$ENVIRONMENT</literal> or <literal>''${VARIABLE}</literal>.
<literal>$ENVIRONMENT ''${VARIABLE}</literal>
This is useful to avoid putting secrets into the nix store. This is useful to avoid putting secrets into the nix store.
''; '';
}; };
@ -73,6 +72,7 @@ in {
ExecReload="${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload="${pkgs.coreutils}/bin/kill -HUP $MAINPID";
RuntimeDirectory = "telegraf"; RuntimeDirectory = "telegraf";
User = "telegraf"; User = "telegraf";
Group = "telegraf";
Restart = "on-failure"; Restart = "on-failure";
# for ping probes # for ping probes
AmbientCapabilities = [ "CAP_NET_RAW" ]; AmbientCapabilities = [ "CAP_NET_RAW" ];
@ -81,7 +81,10 @@ in {
users.users.telegraf = { users.users.telegraf = {
uid = config.ids.uids.telegraf; uid = config.ids.uids.telegraf;
group = "telegraf";
description = "telegraf daemon user"; description = "telegraf daemon user";
}; };
users.groups.telegraf = {};
}; };
} }