nixos/prometheus-postfix-exporter: set default group

The postfix exporter needs to access postfix's `queue/public/` directory to read the `showq` socket inside. Instead of making the public directory world accessible, this sets the postfix exporter's group to `postdrop` by default, when the postfix service is enabled.
2018-07-06 21:13:13 +02:00 · 2018-07-06 21:13:13 +02:00 · f412df1f6b
commit f412df1f6b
parent 1179840f9a
2 changed files with 11 additions and 0 deletions
--- a/nixos/modules/services/monitoring/prometheus/exporters.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters.nix
@ -229,6 +229,8 @@ in
  })] ++ [(mkIf config.services.nginx.enable {
    systemd.services.prometheus-nginx-exporter.after = [ "nginx.service" ];
    systemd.services.prometheus-nginx-exporter.requires = [ "nginx.service" ];
+  })] ++ [(mkIf config.services.postfix.enable {
+    services.prometheus.exporters.postfix.group = mkDefault config.services.postfix.setgidGroup;
  })] ++ (mapAttrsToList (name: conf:
    mkExporterConf {
      inherit name;
--- a/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix
@ -8,6 +8,15 @@ in
 {
  port = 9154;
  extraOpts = {
+    group = mkOption {
+      type = types.str;
+      description = ''
+        Group under which the postfix exporter shall be run.
+        It should match the group that is allowed to access the
+        <literal>showq</literal> socket in the <literal>queue/public/</literal> directory.
+        Defaults to <literal>services.postfix.setgidGroup</literal> when postfix is enabled.
+      '';
+    };
    telemetryPath = mkOption {
      type = types.str;
      default = "/metrics";