nixos/prometheus/alertmanager: use DynamicUser instead of nobody
See issue #55370
This commit is contained in:
parent
08d9cf7ad4
commit
cd4486ecc3
@ -101,6 +101,15 @@
|
||||
<option>services.prometheus.stateDir</option> at the same time.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The options <option>services.prometheus.alertmanager.user</option> and
|
||||
<option>services.prometheus.alertmanager.group</option> have been removed
|
||||
because the alertmanager service is now using systemd's <link
|
||||
xlink:href="http://0pointer.net/blog/dynamic-users-with-systemd.html">
|
||||
DynamicUser mechanism</link> which obviates these options.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
|
@ -45,6 +45,8 @@ with lib;
|
||||
(mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.")
|
||||
(mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.")
|
||||
(mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.")
|
||||
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "user" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a user setting.")
|
||||
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "group" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a group setting.")
|
||||
(mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ])
|
||||
(mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ])
|
||||
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])
|
||||
|
@ -40,22 +40,6 @@ in {
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "nobody";
|
||||
description = ''
|
||||
User name under which Alertmanager shall be run.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "nogroup";
|
||||
description = ''
|
||||
Group under which Alertmanager shall be run.
|
||||
'';
|
||||
};
|
||||
|
||||
configuration = mkOption {
|
||||
type = types.nullOr types.attrs;
|
||||
default = null;
|
||||
@ -152,10 +136,8 @@ in {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
Restart = "always";
|
||||
PrivateTmp = true;
|
||||
DynamicUser = true;
|
||||
WorkingDirectory = "/tmp";
|
||||
ExecStart = "${cfg.package}/bin/alertmanager" +
|
||||
optionalString (length cmdlineArgs != 0) (" \\\n " +
|
||||
|
Loading…
Reference in New Issue
Block a user