Merge pull request #59270 from basvandijk/alertmanager-DynamicUser

nixos/prometheus/alertmanager: use DynamicUser instead of nobody
This commit is contained in:
Bas van Dijk 2019-04-10 22:56:17 +02:00 committed by GitHub
commit 38ae3fe584
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 19 deletions

View File

@ -101,6 +101,15 @@
<option>services.prometheus.stateDir</option> at the same time.
</para>
</listitem>
<listitem>
<para>
The options <option>services.prometheus.alertmanager.user</option> and
<option>services.prometheus.alertmanager.group</option> have been removed
because the alertmanager service is now using systemd's <link
xlink:href="http://0pointer.net/blog/dynamic-users-with-systemd.html">
DynamicUser mechanism</link> which obviates these options.
</para>
</listitem>
</itemizedlist>
</section>

View File

@ -45,6 +45,8 @@ with lib;
(mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.")
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "user" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a user setting.")
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "group" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a group setting.")
(mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ])
(mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ])
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])

View File

@ -40,22 +40,6 @@ in {
'';
};
user = mkOption {
type = types.str;
default = "nobody";
description = ''
User name under which Alertmanager shall be run.
'';
};
group = mkOption {
type = types.str;
default = "nogroup";
description = ''
Group under which Alertmanager shall be run.
'';
};
configuration = mkOption {
type = types.nullOr types.attrs;
default = null;
@ -152,10 +136,8 @@ in {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
Restart = "always";
PrivateTmp = true;
DynamicUser = true;
WorkingDirectory = "/tmp";
ExecStart = "${cfg.package}/bin/alertmanager" +
optionalString (length cmdlineArgs != 0) (" \\\n " +