Merge pull request #135751 from zhaofengli/promtail-allow-positions-file

nixos/promtail: Allow write access to positions file if not in CacheDirectory
This commit is contained in:
Maximilian Bosch 2021-09-12 18:17:25 +02:00 committed by GitHub
commit 8b13843f4e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -7,6 +7,9 @@ let
'';
allowSystemdJournal = cfg.configuration ? scrape_configs && lib.any (v: v ? journal) cfg.configuration.scrape_configs;
allowPositionsFile = !lib.hasPrefix "/var/cache/promtail" positionsFile;
positionsFile = cfg.configuration.positions.filename;
in {
options.services.promtail = with types; {
enable = mkEnableOption "the Promtail ingresser";
@ -53,6 +56,7 @@ in {
RestrictSUIDSGID = true;
PrivateMounts = true;
CacheDirectory = "promtail";
ReadWritePaths = lib.optional allowPositionsFile (builtins.dirOf positionsFile);
User = "promtail";
Group = "promtail";