From 2c1e72ee6a2eb2ad5bb58e7d1a8512f6bdc7f8e5 Mon Sep 17 00:00:00 2001
From: Linus Heckemann <git@sphalerite.org>
Date: Tue, 29 Sep 2020 10:46:59 +0200
Subject: [PATCH] prometheus exporters: always set user and group

systemd.exec(5) on DynamicUser:
> If a statically allocated user or group of the configured name
> already exists, it is used and no dynamic user/group is allocated.

Using DynamicUser while still setting a group name can be
useful for granting access to resources that can otherwise only be
accessed with entirely static IDs.
---
 nixos/modules/services/monitoring/prometheus/exporters.nix | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix
index cc71451bf20..c71cbafaa82 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters.nix
@@ -101,7 +101,6 @@ let
       default = "${name}-exporter";
       description = ''
         User name under which the ${name} exporter shall be run.
-        Has no effect when <option>systemd.services.prometheus-${name}-exporter.serviceConfig.DynamicUser</option> is true.
       '';
     };
     group = mkOption {
@@ -109,7 +108,6 @@ let
       default = "${name}-exporter";
       description = ''
         Group under which the ${name} exporter shall be run.
-        Has no effect when <option>systemd.services.prometheus-${name}-exporter.serviceConfig.DynamicUser</option> is true.
       '';
     };
   });
@@ -161,10 +159,9 @@ let
         serviceConfig.PrivateTmp = mkDefault true;
         serviceConfig.WorkingDirectory = mkDefault /tmp;
         serviceConfig.DynamicUser = mkDefault enableDynamicUser;
-      } serviceOpts ] ++ optional (!enableDynamicUser) {
         serviceConfig.User = conf.user;
         serviceConfig.Group = conf.group;
-      });
+      } serviceOpts ]);
   };
 in
 {