commit 495222a840d3a09dbde029e60f83218c31575c97 · pyrox.dev/nixpkgs

+14 -2

nixos/modules/services/monitoring/prometheus/exporters.nix

···

       88
       88
        
           };

     

       89
       89
        
           user = mkOption {

     

       90
       90
        
             type = types.str;

     

       91
       91
       -
             default = "nobody";

     

       91
       91
       +
             default = "${name}-exporter";

     

       92
       92
        
             description = ''

     

       93
       93
        
               User name under which the ${name} exporter shall be run.

     

       94
       94
        
               Has no effect when <option>systemd.services.prometheus-${name}-exporter.serviceConfig.DynamicUser</option> is true.

     
···

       96
       96
        
           };

     

       97
       97
        
           group = mkOption {

     

       98
       98
        
             type = types.str;

     

       99
       99
       -
             default = "nobody";

     

       99
       99
       +
             default = "${name}-exporter";

     

       100
       100
        
             description = ''

     

       101
       101
        
               Group under which the ${name} exporter shall be run.

     

       102
       102
        
               Has no effect when <option>systemd.services.prometheus-${name}-exporter.serviceConfig.DynamicUser</option> is true.

     
···

       129
       129
        
         mkExporterConf = { name, conf, serviceOpts }:

     

       130
       130
        
           mkIf conf.enable {

     

       131
       131
        
             warnings = conf.warnings or [];

     

       132
       132
       +
             users.users = (mkIf (conf.user == "${name}-exporter") {

     

       133
       133
       +
               "${name}-exporter" = {

     

       134
       134
       +
                 description = ''

     

       135
       135
       +
                   Prometheus ${name} exporter service user

     

       136
       136
       +
                 '';

     

       137
       137
       +
                 isSystemUser = true;

     

       138
       138
       +
                 inherit (conf) group;

     

       139
       139
       +
               };

     

       140
       140
       +
             });

     

       141
       141
       +
             users.groups = (mkIf (conf.group == "${name}-exporter") {

     

       142
       142
       +
               "${name}-exporter" = {};

     

       143
       143
       +
             });

     

       132
       144
        
             networking.firewall.extraCommands = mkIf conf.openFirewall (concatStrings [

     

       133
       145
        
               "ip46tables -A nixos-fw ${conf.firewallFilter} "

     

       134
       146
        
               "-m comment --comment ${name}-exporter -j nixos-fw-accept"

+2 -2

nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix

···

       39
       39
        
                   mail_plugins = $mail_plugins old_stats

     

       40
       40
        
                   service old-stats {

     

       41
       41
        
                     unix_listener old-stats {

     

       42
       42
       -
                       user = nobody

     

       43
       43
       -
                       group = nobody

     

       42
       42
       +
                       user = dovecot-exporter

     

       43
       43
       +
                       group = dovecot-exporter

     

       44
       44
        
                     }

     

       45
       45
        
                   }

     

       46
       46
        
                 ''';