New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/prometheus/alertmanager: use DynamicUser instead of nobody #59270
Conversation
@GrahamcOfBorg test prometheus |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should add an mkRemovedOptionModule
entry to nixos/modules/rename.nix
so people get warned if they used the user
and group
options.
Apart from that and my inline comments, lgtm
Restart = "always"; | ||
PrivateTmp = true; | ||
DynamicUser = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should be able to keep PrivateTmp here I think
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can remove it because DynamicUser
implies PrivateTmp
.
Or we could just keep the |
IIUC the |
Thanks, will do that. |
e16ed05
to
978f744
Compare
|
978f744
to
cd4486e
Compare
Done. Thank you for the review. Will merge after checks are green. |
Motivation for this change
See issue #55370.
@arianvp care to review?
The following which includes a test for
alertmanager
passes but I'll ask ofborg to confirm:nix-build nixos/release.nix -A tests.prometheus.x86_64-linux
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)