diff options
author | WilliButz <wbutz@cyberfnord.de> | 2018-07-06 21:13:13 +0200 |
---|---|---|
committer | Linus Heckemann <git@sphalerite.org> | 2020-09-25 13:59:46 +0200 |
commit | f412df1f6bf9104e3444375946434fe3cd35de26 (patch) | |
tree | e76691514e6f08f1ded256891621b361d2940a1d | |
parent | 1179840f9a88b8a548f4b11d1a03aa25a790c379 (diff) | |
download | nixpkgs-f412df1f6bf9104e3444375946434fe3cd35de26.tar nixpkgs-f412df1f6bf9104e3444375946434fe3cd35de26.tar.gz nixpkgs-f412df1f6bf9104e3444375946434fe3cd35de26.tar.bz2 nixpkgs-f412df1f6bf9104e3444375946434fe3cd35de26.tar.lz nixpkgs-f412df1f6bf9104e3444375946434fe3cd35de26.tar.xz nixpkgs-f412df1f6bf9104e3444375946434fe3cd35de26.tar.zst nixpkgs-f412df1f6bf9104e3444375946434fe3cd35de26.zip |
nixos/prometheus-postfix-exporter: set default group
The postfix exporter needs to access postfix's `queue/public/` directory to read the `showq` socket inside. Instead of making the public directory world accessible, this sets the postfix exporter's group to `postdrop` by default, when the postfix service is enabled.
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/exporters.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/exporters/postfix.nix | 9 |
2 files changed, 11 insertions, 0 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index cc71451bf20..4d15fb12ff7 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -229,6 +229,8 @@ in })] ++ [(mkIf config.services.nginx.enable { systemd.services.prometheus-nginx-exporter.after = [ "nginx.service" ]; systemd.services.prometheus-nginx-exporter.requires = [ "nginx.service" ]; + })] ++ [(mkIf config.services.postfix.enable { + services.prometheus.exporters.postfix.group = mkDefault config.services.postfix.setgidGroup; })] ++ (mapAttrsToList (name: conf: mkExporterConf { inherit name; diff --git a/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix b/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix index 3b6ef1631f8..e818b6e37b3 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix @@ -8,6 +8,15 @@ in { port = 9154; extraOpts = { + group = mkOption { + type = types.str; + description = '' + Group under which the postfix exporter shall be run. + It should match the group that is allowed to access the + <literal>showq</literal> socket in the <literal>queue/public/</literal> directory. + Defaults to <literal>services.postfix.setgidGroup</literal> when postfix is enabled. + ''; + }; telemetryPath = mkOption { type = types.str; default = "/metrics"; |