summary refs log tree commit diff
path: root/nixos/modules/services/monitoring
diff options
context:
space:
mode:
authorKonrad Borowski <konrad@borowski.pw>2021-06-21 10:16:47 +0200
committerKonrad Borowski <konrad@borowski.pw>2021-06-21 10:16:47 +0200
commit447b1cf03d3b96e208de704c75eaaacc96ff7d55 (patch)
treed45de9320e87d98b60526dbc160a464629d5b61b /nixos/modules/services/monitoring
parent44b5c7496099b9b310c15ff194e556c082f9246c (diff)
downloadnixpkgs-447b1cf03d3b96e208de704c75eaaacc96ff7d55.tar
nixpkgs-447b1cf03d3b96e208de704c75eaaacc96ff7d55.tar.gz
nixpkgs-447b1cf03d3b96e208de704c75eaaacc96ff7d55.tar.bz2
nixpkgs-447b1cf03d3b96e208de704c75eaaacc96ff7d55.tar.lz
nixpkgs-447b1cf03d3b96e208de704c75eaaacc96ff7d55.tar.xz
nixpkgs-447b1cf03d3b96e208de704c75eaaacc96ff7d55.tar.zst
nixpkgs-447b1cf03d3b96e208de704c75eaaacc96ff7d55.zip
nixos/prometheus: allow state access for service only
There is no reason for Prometheus state files to be
world-readable.
Diffstat (limited to 'nixos/modules/services/monitoring')
-rw-r--r--nixos/modules/services/monitoring/prometheus/default.nix1
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/default.nix b/nixos/modules/services/monitoring/prometheus/default.nix
index e08f23d8eb0..8fe689ef3db 100644
--- a/nixos/modules/services/monitoring/prometheus/default.nix
+++ b/nixos/modules/services/monitoring/prometheus/default.nix
@@ -945,6 +945,7 @@ in {
         RuntimeDirectoryMode = "0700";
         WorkingDirectory = workingDir;
         StateDirectory = cfg.stateDir;
+        StateDirectoryMode = "0700";
       };
     };
   };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-23 05:52:42 +0000