pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #135751 from zhaofengli/promtail-allow-positions-file

nixos/promtail: Allow write access to positions file if not in CacheDirectory

authored by

Maximilian Bosch and committed by
GitHub 8b13843f 0517de2c

+4
unified split
+4
nixos/modules/services/logging/promtail.nix
··· 7 7 ''; 8 8 9 9 allowSystemdJournal = cfg.configuration ? scrape_configs && lib.any (v: v ? journal) cfg.configuration.scrape_configs; 10 + 11 + allowPositionsFile = !lib.hasPrefix "/var/cache/promtail" positionsFile; 12 + positionsFile = cfg.configuration.positions.filename; 10 13 in { 11 14 options.services.promtail = with types; { 12 15 enable = mkEnableOption "the Promtail ingresser"; ··· 53 56 RestrictSUIDSGID = true; 54 57 PrivateMounts = true; 55 58 CacheDirectory = "promtail"; 59 + ReadWritePaths = lib.optional allowPositionsFile (builtins.dirOf positionsFile); 56 60 57 61 User = "promtail"; 58 62 Group = "promtail";