pyrox.dev
Merge pull request #135751 from zhaofengli/promtail-allow-positions-file
nixos/promtail: Allow write access to positions file if not in CacheDirectory
authored by
Maximilian Bosch
and committed by
GitHub
8b13843f
0517de2c
+4
nixos/modules/services/logging/promtail.nix
+4
nixos/modules/services/logging/promtail.nix
···
7
'';
8
9
allowSystemdJournal = cfg.configuration ? scrape_configs && lib.any (v: v ? journal) cfg.configuration.scrape_configs;
10
in {
11
options.services.promtail = with types; {
12
enable = mkEnableOption "the Promtail ingresser";
···
53
RestrictSUIDSGID = true;
54
PrivateMounts = true;
55
CacheDirectory = "promtail";
56
57
User = "promtail";
58
Group = "promtail";
···
7
'';
8
9
allowSystemdJournal = cfg.configuration ? scrape_configs && lib.any (v: v ? journal) cfg.configuration.scrape_configs;
10
+
11
+
allowPositionsFile = !lib.hasPrefix "/var/cache/promtail" positionsFile;
12
+
positionsFile = cfg.configuration.positions.filename;
13
in {
14
options.services.promtail = with types; {
15
enable = mkEnableOption "the Promtail ingresser";
···
56
RestrictSUIDSGID = true;
57
PrivateMounts = true;
58
CacheDirectory = "promtail";
59
+
ReadWritePaths = lib.optional allowPositionsFile (builtins.dirOf positionsFile);
60
61
User = "promtail";
62
Group = "promtail";