diff options
author | Dee Anzorge <d.anzorge@gmail.com> | 2023-12-26 21:41:34 +0100 |
---|---|---|
committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2023-12-26 21:42:58 +0100 |
commit | b4b9b08426337645f625f1f0bd8020e7ac9b2f0b (patch) | |
tree | 72bfadc7feb24ed94df66ca87d4c856621bbd749 /nixos/modules/services/monitoring/prometheus | |
parent | 9f6a0545174e6c3635e6b41349af0de22a8312cc (diff) |
nixos/prometheus-exporters/kea: run under same user/group as kea
This fixes access to the kea unix sockets, after enabling RuntimeDirectoryPreserve on the kea units. https://github.com/NixOS/nixpkgs/pull/274460#issuecomment-1869702893
Diffstat (limited to 'nixos/modules/services/monitoring/prometheus')
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/exporters/kea.nix | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/kea.nix b/nixos/modules/services/monitoring/prometheus/exporters/kea.nix index ed33c72f644f3..3abb6ff6bdf8b 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/kea.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/kea.nix @@ -31,13 +31,15 @@ in { ]; serviceConfig = { User = "kea"; + DynamicUser = true; ExecStart = '' ${pkgs.prometheus-kea-exporter}/bin/kea-exporter \ --address ${cfg.listenAddress} \ --port ${toString cfg.port} \ ${concatStringsSep " " cfg.controlSocketPaths} ''; - SupplementaryGroups = [ "kea" ]; + RuntimeDirectory = "kea"; + RuntimeDirectoryPreserve = true; RestrictAddressFamilies = [ # Need AF_UNIX to collect data "AF_UNIX" |