diff options
| author | Bas van Dijk <v.dijk.bas@gmail.com> | 2019-04-10 17:12:36 +0200 |
|---|---|---|
| committer | Bas van Dijk <v.dijk.bas@gmail.com> | 2019-04-10 20:38:40 +0200 |
| commit | cd4486ecc3a4ce0e4c8ec3ce87945f581f0a6037 (patch) | |
| tree | f2636228214d1f280ff557c7f37571075ac38b47 /nixos/modules | |
| parent | 08d9cf7ad46dde32cc1dbe9b95d7ed43ef3a2faf (diff) | |
| download | nixpkgs-cd4486ecc3a4ce0e4c8ec3ce87945f581f0a6037.tar nixpkgs-cd4486ecc3a4ce0e4c8ec3ce87945f581f0a6037.tar.gz nixpkgs-cd4486ecc3a4ce0e4c8ec3ce87945f581f0a6037.tar.bz2 nixpkgs-cd4486ecc3a4ce0e4c8ec3ce87945f581f0a6037.tar.lz nixpkgs-cd4486ecc3a4ce0e4c8ec3ce87945f581f0a6037.tar.xz nixpkgs-cd4486ecc3a4ce0e4c8ec3ce87945f581f0a6037.tar.zst nixpkgs-cd4486ecc3a4ce0e4c8ec3ce87945f581f0a6037.zip | |
nixos/prometheus/alertmanager: use DynamicUser instead of nobody
See issue #55370
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/rename.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/monitoring/prometheus/alertmanager.nix | 20 |
2 files changed, 3 insertions, 19 deletions
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 30d11cc58fa..f6c112d9cfa 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -45,6 +45,8 @@ with lib; (mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.") (mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.") (mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.") + (mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "user" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a user setting.") + (mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "group" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a group setting.") (mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ]) (mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ]) (mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ]) diff --git a/nixos/modules/services/monitoring/prometheus/alertmanager.nix b/nixos/modules/services/monitoring/prometheus/alertmanager.nix index 31beee3d39d..11d85e9c4fc 100644 --- a/nixos/modules/services/monitoring/prometheus/alertmanager.nix +++ b/nixos/modules/services/monitoring/prometheus/alertmanager.nix @@ -40,22 +40,6 @@ in { ''; }; - user = mkOption { - type = types.str; - default = "nobody"; - description = '' - User name under which Alertmanager shall be run. - ''; - }; - - group = mkOption { - type = types.str; - default = "nogroup"; - description = '' - Group under which Alertmanager shall be run. - ''; - }; - configuration = mkOption { type = types.nullOr types.attrs; default = null; @@ -152,10 +136,8 @@ in { wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; serviceConfig = { - User = cfg.user; - Group = cfg.group; Restart = "always"; - PrivateTmp = true; + DynamicUser = true; WorkingDirectory = "/tmp"; ExecStart = "${cfg.package}/bin/alertmanager" + optionalString (length cmdlineArgs != 0) (" \\\n " + |