public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #137545 from NixOS/backport-135751-to-release-21.05

Browse Source 
[Backport release-21.05] nixos/promtail: Allow write access to positions file if not in CacheDirectory
This commit is contained in:
Maximilian Bosch 2021-09-12 18:56:08 +02:00 committed by GitHub
commit cedaaad5f5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/services/logging/promtail.nix
View File

@ -7,6 +7,9 @@ let
''; '';
allowSystemdJournal = cfg.configuration ? scrape_configs && lib.any (v: v ? journal) cfg.configuration.scrape_configs; allowSystemdJournal = cfg.configuration ? scrape_configs && lib.any (v: v ? journal) cfg.configuration.scrape_configs;
allowPositionsFile = !lib.hasPrefix "/var/cache/promtail" positionsFile;
positionsFile = cfg.configuration.positions.filename;
in { in {
options.services.promtail = with types; { options.services.promtail = with types; {
enable = mkEnableOption "the Promtail ingresser"; enable = mkEnableOption "the Promtail ingresser";
@ -53,6 +56,7 @@ in {
RestrictSUIDSGID = true; RestrictSUIDSGID = true;
PrivateMounts = true; PrivateMounts = true;
CacheDirectory = "promtail"; CacheDirectory = "promtail";
ReadWritePaths = lib.optional allowPositionsFile (builtins.dirOf positionsFile);
User = "promtail"; User = "promtail";
Group = "promtail"; Group = "promtail";