nixos/prometheus-exporters/kea: run under same user/group as kea

This fixes access to the kea unix sockets, after enabling
RuntimeDirectoryPreserve on the kea units.

https://github.com/NixOS/nixpkgs/pull/274460#issuecomment-1869702893
This commit is contained in:
Dee Anzorge 2023-12-26 21:41:34 +01:00 committed by Martin Weinelt
parent 9f6a054517
commit b4b9b08426
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759

View File

@ -31,13 +31,15 @@ in {
];
serviceConfig = {
User = "kea";
DynamicUser = true;
ExecStart = ''
${pkgs.prometheus-kea-exporter}/bin/kea-exporter \
--address ${cfg.listenAddress} \
--port ${toString cfg.port} \
${concatStringsSep " " cfg.controlSocketPaths}
'';
SupplementaryGroups = [ "kea" ];
RuntimeDirectory = "kea";
RuntimeDirectoryPreserve = true;
RestrictAddressFamilies = [
# Need AF_UNIX to collect data
"AF_UNIX"