diff options
author | Christopher Baines <mail@cbaines.net> | 2020-11-28 10:39:21 +0000 |
---|---|---|
committer | Christopher Baines <mail@cbaines.net> | 2020-12-07 09:07:54 +0000 |
commit | 6574298e4e8ef54245ef49251aac6a7a16b71d2a (patch) | |
tree | 9940c445f30e81ecfc5482cad7aa435b63ac0c96 | |
parent | 502cb3f8a105bc1c79292bcad12c71f53609d4c6 (diff) |
prometheus-node-exporter: Add user and group.
So it doesn't run as root, and because this will help with the textfile
exporter.
* gnu/services/monitoring.scm (%prometheus-node-exporter-accounts): New
variable.
(prometheus-node-exporter-shepherd-service): Use the relevant user and group.
(prometheus-node-exporter-service-type): Extend the account service type.
-rw-r--r-- | gnu/services/monitoring.scm | 39 |
1 files changed, 28 insertions, 11 deletions
diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm index 89deac9d36..7ebc3f3f6f 100644 --- a/gnu/services/monitoring.scm +++ b/gnu/services/monitoring.scm @@ -128,18 +128,33 @@ HTTP.") (web-listen-address prometheus-node-exporter-web-listen-address (default ":9100"))) +(define %prometheus-node-exporter-accounts + (list (user-account + (name "prometheus-node-exporter") + (group "prometheus-node-exporter") + (system? #t) + (comment "Prometheus node exporter daemon user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))) + (user-group + (name "prometheus-node-exporter") + (system? #t)))) + (define prometheus-node-exporter-shepherd-service (match-lambda (( $ <prometheus-node-exporter-configuration> package web-listen-address) - (shepherd-service - (documentation "Prometheus node exporter.") - (provision '(prometheus-node-exporter)) - (requirement '(networking)) - (start #~(make-forkexec-constructor - (list #$(file-append package "/bin/node_exporter") - "--web.listen-address" #$web-listen-address))) - (stop #~(make-kill-destructor)))))) + (list + (shepherd-service + (documentation "Prometheus node exporter.") + (provision '(prometheus-node-exporter)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + (list #$(file-append package "/bin/node_exporter") + "--web.listen-address" #$web-listen-address) + #:user "prometheus-node-exporter" + #:group "prometheus-node-exporter")) + (stop #~(make-kill-destructor))))))) (define prometheus-node-exporter-service-type (service-type @@ -148,9 +163,11 @@ HTTP.") "Run @command{node_exporter} to serve hardware and OS metrics to Prometheus.") (extensions - (list (service-extension - shepherd-root-service-type - (compose list prometheus-node-exporter-shepherd-service)))) + (list + (service-extension account-service-type + (const %prometheus-node-exporter-accounts)) + (service-extension shepherd-root-service-type + prometheus-node-exporter-shepherd-service))) (default-value (prometheus-node-exporter-configuration)))) |