prometheus exporters: always set user and group

systemd.exec(5) on DynamicUser: > If a statically allocated user or group of the configured name > already exists, it is used and no dynamic user/group is allocated. Using DynamicUser while still setting a group name can be useful for granting access to resources that can otherwise only be accessed with entirely static IDs.
2020-09-29 10:46:59 +02:00 · 2020-09-29 10:46:59 +02:00 · 2c1e72ee6a
commit 2c1e72ee6a
parent daaa0e3350
1 changed files with 1 additions and 4 deletions
--- a/nixos/modules/services/monitoring/prometheus/exporters.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters.nix
@ -101,7 +101,6 @@ let
      default = "${name}-exporter";
      description = ''
        User name under which the ${name} exporter shall be run.
        Has no effect when <option>systemd.services.prometheus-${name}-exporter.serviceConfig.DynamicUser</option> is true.
      '';
    };
    group = mkOption {
@ -109,7 +108,6 @@ let
      default = "${name}-exporter";
      description = ''
        Group under which the ${name} exporter shall be run.
        Has no effect when <option>systemd.services.prometheus-${name}-exporter.serviceConfig.DynamicUser</option> is true.
      '';
    };
  });
@ -161,10 +159,9 @@ let
        serviceConfig.PrivateTmp = mkDefault true;
        serviceConfig.WorkingDirectory = mkDefault /tmp;
        serviceConfig.DynamicUser = mkDefault enableDynamicUser;
      } serviceOpts ] ++ optional (!enableDynamicUser) {
        serviceConfig.User = conf.user;
        serviceConfig.Group = conf.group;
-      });
+      } serviceOpts ]);
  };
 in
 {