diff options
| author | Jörg Thalheim <joerg@thalheim.io> | 2020-11-10 10:36:53 +0100 |
|---|---|---|
| committer | Jörg Thalheim <joerg@thalheim.io> | 2020-11-10 10:49:27 +0100 |
| commit | 31a0b5dff6d9baa8c7aee4f77c379ed8fd3d1e19 (patch) | |
| tree | 66c81aaf65984475444d8a5b3de30d89bf8d74d6 /nixos/modules/services/logging | |
| parent | 4c64fa224eca82883088852914fa8fd28789dc32 (diff) | |
| download | nixpkgs-31a0b5dff6d9baa8c7aee4f77c379ed8fd3d1e19.tar nixpkgs-31a0b5dff6d9baa8c7aee4f77c379ed8fd3d1e19.tar.gz nixpkgs-31a0b5dff6d9baa8c7aee4f77c379ed8fd3d1e19.tar.bz2 nixpkgs-31a0b5dff6d9baa8c7aee4f77c379ed8fd3d1e19.tar.lz nixpkgs-31a0b5dff6d9baa8c7aee4f77c379ed8fd3d1e19.tar.xz nixpkgs-31a0b5dff6d9baa8c7aee4f77c379ed8fd3d1e19.tar.zst nixpkgs-31a0b5dff6d9baa8c7aee4f77c379ed8fd3d1e19.zip | |
nixos/promtail: fix access to journal
Diffstat (limited to 'nixos/modules/services/logging')
| -rw-r--r-- | nixos/modules/services/logging/promtail.nix | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/nixos/modules/services/logging/promtail.nix b/nixos/modules/services/logging/promtail.nix index 1d3e9d8e9b9..19b12daa415 100644 --- a/nixos/modules/services/logging/promtail.nix +++ b/nixos/modules/services/logging/promtail.nix @@ -6,10 +6,12 @@ let echo '${builtins.toJSON conf}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out ''; + allowSystemdJournal = cfg.configuration ? scrape_configs && lib.any (v: v ? journal) cfg.configuration.scrape_configs; in { options.services.promtail = with types; { enable = mkEnableOption "the Promtail ingresser"; + configuration = mkOption { type = (pkgs.formats.json {}).type; description = '' @@ -67,6 +69,8 @@ in { RestrictRealtime = true; MemoryDenyWriteExecute = true; PrivateUsers = true; + + SupplementaryGroups = lib.optional (allowSystemdJournal) "systemd-journal"; } // (optionalAttrs (!pkgs.stdenv.isAarch64) { # FIXME: figure out why this breaks on aarch64 SystemCallFilter = "@system-service"; }); |