3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

785 commits

Author SHA1 Message Date
Marek Mahut 2e75b280a7
prometheus-nginx-exporter: boolean conversion to string 2021-11-19 16:22:04 +01:00
Artturi aa64f17479
Merge pull request #146420 from Artturin/cadvisorfix 2021-11-18 23:40:03 +02:00
Michele Guerini Rocco 90bb5d0e19
Merge pull request #146409 from aanderse/zabbix
nixos/zabbixServer: explicitely set security.wrappers ownership
2021-11-17 22:05:16 +01:00
Artturin 0894568aee nixos/cadvisor: add zfs to path when zfs enabled
fixes https://github.com/NixOS/nixpkgs/issues/105139
2021-11-17 20:47:44 +02:00
Aaron Andersen ebbf93136f nixos/zabbixServer: explicitely set security.wrappers ownership 2021-11-17 11:26:14 -05:00
Sandro 93a0ff08d8
Merge pull request #141551 from astro/collectd-plugin-config 2021-11-10 20:11:24 +01:00
Astro 19fc2904f3 nixos/collectd: give plugins option a mergeable type 2021-11-08 17:09:56 +01:00
Bas van Dijk 7f7780daa5 nixos/prometheus: throw a helpful error when services.prometheus.environmentFile is defined 2021-11-07 19:04:24 +00:00
Bas van Dijk 0e4abb0df7 nixos/prometheus: remove services.prometheus.environmentFile
The option `services.prometheus.environmentFile` has been removed since it was causing [issues](https://github.com/NixOS/nixpkgs/issues/126083) and Prometheus now has native support for secret files.
2021-11-07 14:45:40 +00:00
Yannik Rödel 7d34d32b3d nixos/prometheus: add remaining service discovery options 2021-11-05 12:18:13 +01:00
Yannik Rödel b3d4f6d841 nixos/prometheus: add service discovery options 2021-11-04 15:07:18 +00:00
Yannik Rödel 904d29e1c4 nixos/prometheus: add new configuration options 2021-11-04 15:02:00 +00:00
Bas van Dijk 0140e239f3
Merge pull request #143147 from basvandijk/prometheus-reload
nixos/prometheus: optionally support reloading on config changes
2021-11-04 13:54:18 +01:00
Bas van Dijk f12e976ade module/prometheus: optionally support reloading on config changes
The new option `services.prometheus.enableReload` has been introduced
which, when enabled, causes the prometheus systemd service to reload
when its config file changes.

More specifically the following property holds: switching to a
configuration (`switch-to-configuration`) that changes the prometheus
configuration only finishes successully when prometheus has finished
loading the new configuration.

`enableReload` is `false` by default in which case the old semantics
of restarting the prometheus systemd service are in effect.
2021-11-04 11:15:21 +00:00
Pascal Bach b01c019afd
Merge pull request #136191 from LeSuisse/nixos-unifi-poller-loki
nixos/unifi-poller: add support of Loki
2021-11-03 08:25:13 +01:00
Alexandre Iooss 8d559672be
nixos/grafana: fix systemd unit
Remove MemoryDenyWriteExecute hardening as it breaks image rendering
plugin. Add CAP_NET_BIND_SERVICE to bind to low ports when needed.
Remove PrivateUsers and ProcSubset as upstream choose to remove it.

Upstream changes: <https://github.com/grafana/grafana/pull/40219>,
<https://github.com/grafana/grafana/pull/40178>,
<https://github.com/grafana/grafana/pull/40339> and
<https://github.com/grafana/grafana/pull/40815>.
2021-10-23 14:33:31 +02:00
Martin Weinelt 9b46e3084b
nixos/prometheus: add hardening exceptions to node-exporter
Conditionally grants access for the logind, wifi and network_route
collectors.
2021-10-18 19:21:30 +02:00
Alexandre Macabies 7fb3edb077 nixos/prometheus-rtl_433-exporter: fix systemd hardening
9fea6d4c85 broke rtl_433-exporter by
introducing several hardening options which do not play well with
rtl_433 requiring writing to USB. More precisely, rtl_433 requires
(a) AF_NETLINK to configure the radio; (b) access to the USB device,
but PrivateDevices=true hides them; (c) rw access to the USB device,
but DeviceAllow= block-lists everything.

This commit was tested on real hardware with a standard NixOS setup.
2021-10-16 01:57:50 +02:00
Matthias Treydte 72fbd63c5c nixos/prometheus: fix node exporter timex collector
The timex collector (enabled by default) needs the
adjtimex syscall, which was disabled by
9fea6d4c85.

So allow it unless the timex collector is disabled.
2021-10-14 11:26:29 +02:00
Matthias Treydte ae7ce180dd nixos/prometheus: fix node exporter systemd collector
The systemd collector needs AF_UNIX to talk to
/var/run/dbus/system_bus_socket, which was broken
with 9fea6d4c85.

This commit allows AF_UNIX when needed.
2021-10-14 11:26:29 +02:00
Arseniy Seroka cd53bf7acc
Merge pull request #140076 from jraygauthier/jrg/96633_fix-teamviewer-client-server-issue
teamviewer: fix #96633, #44307 and #97148 + 15.15.5 -> 15.18.5 -> 15.22.3
2021-10-12 20:58:56 +03:00
Alexandre Iooss 9fea6d4c85 nixos/prometheus: systemd unit hardening of exporters 2021-10-07 10:19:55 +02:00
Naïm Favier c53c69ab17
nixos: fixes after #136909 2021-10-05 12:48:43 +02:00
Naïm Favier 2ddc335e6f
nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
Raymond Gauthier 953bbc0d73
nixos/teamviewer: fix issue #44307
Move to a forefront launch of the daemon. Doing so allowed us
to move the service from forking to simple to avoid the
missing pid  error log.

Also:

 -  Make the dbus dependency explicit.
2021-09-30 19:36:45 -04:00
Raymond Gauthier 200e959995
nixos/teamviewer: fix issue #96633
Add teamviewer package as a dbus package now that the
client / server communication depends on dbus.
2021-09-30 16:08:57 -04:00
Graham Christensen 6c88e85807
Merge pull request #133726 from deshaw/fastly-exporter
prometheus-fastly-exporter: init at v6.1.0
2021-09-27 11:09:33 -04:00
Souvik Sen 2f669293bf prometheus-fastly-exporter: init at v6.1.0 2021-09-21 04:05:18 -04:00
Izorkin 1e54f84012
nixos/netdata: fix working with disabled ipmi plugin 2021-09-19 19:15:49 +03:00
Guillaume Girol ceb2e6667b
Merge pull request #126289 from rnhmjoj/wrappers
nixos/security/wrappers: make well-typed
2021-09-18 15:28:49 +00:00
Guillaume Girol cd2b24c306 nixos/heapster: define group, fix after #133166 2021-09-18 14:42:08 +02:00
Guillaume Girol 3592034595
Merge pull request #133166 from symphorien/nonogroup
Don't default to nogroup for the primary group of users.
2021-09-13 18:29:21 +00:00
talyz 6496902fb2
nixos/parsedmarc: Add manual entry and release note 2021-09-13 13:57:17 +02:00
talyz 98d9617705
nixos/parsedmarc: Add NixOS module 2021-09-13 13:57:06 +02:00
rnhmjoj fedd7cd690
nixos: explicitely set security.wrappers ownership
This is slightly more verbose and inconvenient, but it forces you
to think about what the wrapper ownership and permissions will be.
2021-09-13 13:48:13 +02:00
Sandro a79648dd7f
Merge pull request #136109 from john-consumable/master 2021-09-13 00:42:54 +02:00
Guillaume Girol bc3bca822a nixos: define the primary group of users where needed 2021-09-12 14:59:30 +02:00
John Soo a51ee771be nixos/datadog-agent: Update process collection binary. 2021-09-11 15:32:14 -07:00
Alyssa Ross c9ce275aa4
treewide: "does not exists" -> "does not exist"
I noticed this minor grammar mistake when running update.nix, and then
while grepping to find the source I noticed we had it a few times in
Nixpkgs.  Just as easy to fix treewide as it was to fix the one
occurrence I noticed.
2021-09-09 18:45:33 +00:00
Alexandre Iooss bbc51efb46 nixos/grafana: systemd unit hardening 2021-09-08 10:43:46 +02:00
Thomas Gerbet 36c179b208 nixos/unifi-poller: add support of Loki
Since the v2.0.2 unifi-poller supports Loki [0][1], this contribution
adds the options so it can be used.

[0] https://github.com/unpoller/unpoller/releases/tag/v2.0.2-beta1
[1] https://unpoller.com/docs/dependencies/loki/
2021-08-30 16:54:32 +02:00
Leo Maroni 2163af5167 nixos/grafana: start systemd service after database 2021-08-26 07:06:59 +09:00
Robert Hensing 1f20a1097d treewide: runCommandNoCCLocal -> runCommandLocal
It has always been a synonym.
2021-08-15 17:36:41 +02:00
Robert Hensing fbafeb7ad5 treewide: runCommandNoCC -> runCommand
This has been synonymous for ~5y.
2021-08-15 17:36:41 +02:00
Guillaume Girol 582a9c13b5 nixos/tests/nagios.nix: fix eval 2021-08-08 12:00:00 +00:00
Martin Weinelt 46ea00da23 nixos/prometheus-influxdb-exporter: init 2021-07-26 16:00:01 +02:00
Cole Helbling 88fb6d25d8 nixos/prometheus-buildkite-agent-exporter: init 2021-07-19 08:35:58 -07:00
Jörg Thalheim c24fa221ab nixos/telegraf: improve documentation 2021-07-18 09:40:42 +02:00
Jörg Thalheim cc56dc078d nixos/telegraf: don't run as nogroup 2021-07-18 08:54:45 +02:00
Martin Weinelt cf139f7203
nixos/tests/prometheus-exporters/kea: migrate to kea nixos module 2021-07-14 01:36:04 +02:00