diff options
| author | Christopher Baines <mail@cbaines.net> | 2020-11-28 10:39:21 +0000 |
|---|---|---|
| committer | Christopher Baines <mail@cbaines.net> | 2020-11-28 11:43:50 +0000 |
| commit | 32ad13af89fb419da4572f3bbaa45ef8e05e901f (patch) | |
| tree | ee8d4066882b6b69a7c73af04323ed078fc72549 | |
| parent | 10e3da15938c9de60a6a50bd48a0805f9f3e9be4 (diff) | |
| download | guix-32ad13af89fb419da4572f3bbaa45ef8e05e901f.tar guix-32ad13af89fb419da4572f3bbaa45ef8e05e901f.tar.gz | |
monitoring: Add user and group for the Prometheus node exporter.
So it doesn't run as root, and because this will help with the textfile
exporter.
* gnu/services/monitoring.scm (%prometheus-node-exporter-accounts): New
variable.
(prometheus-node-exporter-shepherd-service): Use the relevant user and group.
(prometheus-node-exporter-service-type): Extend the account service type.
| -rw-r--r-- | gnu/services/monitoring.scm | 39 |
1 files changed, 28 insertions, 11 deletions
diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm index 92df52b5ae..d0934e7f27 100644 --- a/gnu/services/monitoring.scm +++ b/gnu/services/monitoring.scm @@ -128,18 +128,33 @@ HTTP.") (web-listen-address prometheus-node-exporter-web-listen-address (default ":9100"))) +(define %prometheus-node-exporter-accounts + (list (user-account + (name "prometheus-node-exporter") + (group "prometheus-node-exporter") + (system? #t) + (comment "Prometheus node exporter daemon user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))) + (user-group + (name "prometheus-node-exporter") + (system? #t)))) + (define prometheus-node-exporter-shepherd-service (match-lambda (( $ <prometheus-node-exporter-configuration> package web-listen-address) - (shepherd-service - (documentation "Prometheus node exporter.") - (provision '(prometheus-node-exporter)) - (requirement '(networking)) - (start #~(make-forkexec-constructor - (list #$(file-append package "/bin/node_exporter") - "--web.listen-address" #$web-listen-address))) - (stop #~(make-kill-destructor)))))) + (list + (shepherd-service + (documentation "Prometheus node exporter.") + (provision '(prometheus-node-exporter)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + (list #$(file-append package "/bin/node_exporter") + "--web.listen-address" #$web-listen-address) + #:user "prometheus-node-exporter" + #:group "prometheus-node-exporter")) + (stop #~(make-kill-destructor))))))) (define prometheus-node-exporter-service-type (service-type @@ -148,9 +163,11 @@ HTTP.") "Run @command{node_exporter} to serve hardware and OS metrics to Prometheus.") (extensions - (list (service-extension - shepherd-root-service-type - (compose list prometheus-node-exporter-shepherd-service)))) + (list + (service-extension account-service-type + (const %prometheus-node-exporter-accounts)) + (service-extension shepherd-root-service-type + prometheus-node-exporter-shepherd-service))) (default-value (prometheus-node-exporter-configuration)))) |