jolheiser/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nixos/prometheus: fix node exporter timex collector

Browse Source 
The timex collector (enabled by default) needs the
adjtimex syscall, which was disabled by
9fea6d4c8551b7c8783f23e011a2ba113c95d0dd.

So allow it unless the timex collector is disabled.
This commit is contained in:
Matthias Treydte 2021-10-13 15:37:02 +02:00 committed by Profpatsch
parent ae7ce180dd
commit 72fbd63c5c
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/monitoring/prometheus/exporters.nix
View File

@ -192,7 +192,7 @@ let
serviceConfig.MemoryDenyWriteExecute = true;
serviceConfig.NoNewPrivileges = true;
serviceConfig.PrivateDevices = true;
serviceConfig.ProtectClock = true;
serviceConfig.ProtectClock = mkDefault true;
serviceConfig.ProtectControlGroups = true;
serviceConfig.ProtectHome = true;
serviceConfig.ProtectHostname = true;

2
nixos/modules/services/monitoring/prometheus/exporters/node.nix
View File

@ -37,6 +37,8 @@ in
'';
# The systemd collector needs AF_UNIX
RestrictAddressFamilies = lib.optional (lib.any (x: x == "systemd") cfg.enabledCollectors) "AF_UNIX";
# The timex collector needs to access clock APIs
ProtectClock = lib.any (x: x == "timex") cfg.disabledCollectors;
};
};
}