nixos/prometheus-exporters/kea: run under same user/group as kea
This fixes access to the kea unix sockets, after enabling RuntimeDirectoryPreserve on the kea units. https://github.com/NixOS/nixpkgs/pull/274460#issuecomment-1869702893
This commit is contained in:
parent
9f6a054517
commit
b4b9b08426
@ -31,13 +31,15 @@ in {
|
||||
];
|
||||
serviceConfig = {
|
||||
User = "kea";
|
||||
DynamicUser = true;
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-kea-exporter}/bin/kea-exporter \
|
||||
--address ${cfg.listenAddress} \
|
||||
--port ${toString cfg.port} \
|
||||
${concatStringsSep " " cfg.controlSocketPaths}
|
||||
'';
|
||||
SupplementaryGroups = [ "kea" ];
|
||||
RuntimeDirectory = "kea";
|
||||
RuntimeDirectoryPreserve = true;
|
||||
RestrictAddressFamilies = [
|
||||
# Need AF_UNIX to collect data
|
||||
"AF_UNIX"
|
||||
|
Loading…
Reference in New Issue
Block a user