public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/prometheus/alertmanager: use DynamicUser instead of nobody

Browse Source 
See issue #55370
This commit is contained in:
Bas van Dijk 2019-04-10 17:12:36 +02:00
parent 08d9cf7ad4
commit cd4486ecc3
3 changed files with 12 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nixos/doc/manual/release-notes/rl-1909.xml
View File

@ -101,6 +101,15 @@
<option>services.prometheus.stateDir</option> at the same time. <option>services.prometheus.stateDir</option> at the same time.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The options <option>services.prometheus.alertmanager.user</option> and
<option>services.prometheus.alertmanager.group</option> have been removed
because the alertmanager service is now using systemd's <link
xlink:href="http://0pointer.net/blog/dynamic-users-with-systemd.html">
DynamicUser mechanism</link> which obviates these options.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>

2
nixos/modules/rename.nix
View File

@ -45,6 +45,8 @@ with lib;
(mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.") (mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.") (mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.") (mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.")
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "user" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a user setting.")
(mkRemovedOptionModule [ "services" "prometheus" "alertmanager" "group" ] "The alertmanager service is now using systemd's DynamicUser mechanism which obviates a group setting.")
(mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ]) (mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ])
(mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ]) (mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ])
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ]) (mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])

20
nixos/modules/services/monitoring/prometheus/alertmanager.nix
View File

@ -40,22 +40,6 @@ in {
''; '';
}; };
user = mkOption {
type = types.str;
default = "nobody";
description = ''
User name under which Alertmanager shall be run.
'';
};
group = mkOption {
type = types.str;
default = "nogroup";
description = ''
Group under which Alertmanager shall be run.
'';
};
configuration = mkOption { configuration = mkOption {
type = types.nullOr types.attrs; type = types.nullOr types.attrs;
default = null; default = null;
@ -152,10 +136,8 @@ in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
serviceConfig = { serviceConfig = {
User = cfg.user;
Group = cfg.group;
Restart = "always"; Restart = "always";
PrivateTmp = true; DynamicUser = true;
WorkingDirectory = "/tmp"; WorkingDirectory = "/tmp";
ExecStart = "${cfg.package}/bin/alertmanager" + ExecStart = "${cfg.package}/bin/alertmanager" +
optionalString (length cmdlineArgs != 0) (" \\\n " + optionalString (length cmdlineArgs != 0) (" \\\n " +