talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity
329,388 Commits 1 Branch 0 Tags
Commit Graph

773 Commits

Author SHA1 Message Date
Bas van Dijk
0140e239f3
Merge pull request #143147 from basvandijk/prometheus-reload 
nixos/prometheus: optionally support reloading on config changes
 2021-11-04 13:54:18 +01:00
Bas van Dijk
f12e976ade module/prometheus: optionally support reloading on config changes 
The new option `services.prometheus.enableReload` has been introduced
which, when enabled, causes the prometheus systemd service to reload
when its config file changes.

More specifically the following property holds: switching to a
configuration (`switch-to-configuration`) that changes the prometheus
configuration only finishes successully when prometheus has finished
loading the new configuration.

`enableReload` is `false` by default in which case the old semantics
of restarting the prometheus systemd service are in effect.
 2021-11-04 11:15:21 +00:00
Pascal Bach
b01c019afd
Merge pull request #136191 from LeSuisse/nixos-unifi-poller-loki 
nixos/unifi-poller: add support of Loki
 2021-11-03 08:25:13 +01:00
Alexandre Iooss
8d559672be
nixos/grafana: fix systemd unit 
Remove MemoryDenyWriteExecute hardening as it breaks image rendering
plugin. Add CAP_NET_BIND_SERVICE to bind to low ports when needed.
Remove PrivateUsers and ProcSubset as upstream choose to remove it.

Upstream changes: <https://github.com/grafana/grafana/pull/40219>,
<https://github.com/grafana/grafana/pull/40178>,
<https://github.com/grafana/grafana/pull/40339> and
<https://github.com/grafana/grafana/pull/40815>.
 2021-10-23 14:33:31 +02:00
Martin Weinelt
9b46e3084b
nixos/prometheus: add hardening exceptions to node-exporter 
Conditionally grants access for the logind, wifi and network_route
collectors.
 2021-10-18 19:21:30 +02:00
Alexandre Macabies
7fb3edb077 nixos/prometheus-rtl_433-exporter: fix systemd hardening 
9fea6d4c8551b7c8783f23e011a2ba113c95d0dd broke rtl_433-exporter by
introducing several hardening options which do not play well with
rtl_433 requiring writing to USB. More precisely, rtl_433 requires
(a) AF_NETLINK to configure the radio; (b) access to the USB device,
but PrivateDevices=true hides them; (c) rw access to the USB device,
but DeviceAllow= block-lists everything.

This commit was tested on real hardware with a standard NixOS setup.
 2021-10-16 01:57:50 +02:00
Matthias Treydte
72fbd63c5c nixos/prometheus: fix node exporter timex collector 
The timex collector (enabled by default) needs the
adjtimex syscall, which was disabled by
9fea6d4c8551b7c8783f23e011a2ba113c95d0dd.

So allow it unless the timex collector is disabled.
 2021-10-14 11:26:29 +02:00
Matthias Treydte
ae7ce180dd nixos/prometheus: fix node exporter systemd collector 
The systemd collector needs AF_UNIX to talk to
/var/run/dbus/system_bus_socket, which was broken
with 9fea6d4c8551b7c8783f23e011a2ba113c95d0dd.

This commit allows AF_UNIX when needed.
 2021-10-14 11:26:29 +02:00
Arseniy Seroka
cd53bf7acc
Merge pull request #140076 from jraygauthier/jrg/96633_fix-teamviewer-client-server-issue 
teamviewer: fix #96633, #44307 and #97148 + 15.15.5 -> 15.18.5 -> 15.22.3
 2021-10-12 20:58:56 +03:00
Alexandre Iooss
9fea6d4c85 nixos/prometheus: systemd unit hardening of exporters 2021-10-07 10:19:55 +02:00
Naïm Favier
c53c69ab17
nixos: fixes after #136909 2021-10-05 12:48:43 +02:00
Naïm Favier
2ddc335e6f
nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
Raymond Gauthier
953bbc0d73
nixos/teamviewer: fix issue #44307 
Move to a forefront launch of the daemon. Doing so allowed us
to move the service from forking to simple to avoid the
missing pid  error log.

Also:

 -  Make the dbus dependency explicit.
 2021-09-30 19:36:45 -04:00
Raymond Gauthier
200e959995
nixos/teamviewer: fix issue #96633 
Add teamviewer package as a dbus package now that the
client / server communication depends on dbus.
 2021-09-30 16:08:57 -04:00
Graham Christensen
6c88e85807
Merge pull request #133726 from deshaw/fastly-exporter 
prometheus-fastly-exporter: init at v6.1.0
 2021-09-27 11:09:33 -04:00
Souvik Sen
2f669293bf prometheus-fastly-exporter: init at v6.1.0 2021-09-21 04:05:18 -04:00
Izorkin
1e54f84012
nixos/netdata: fix working with disabled ipmi plugin 2021-09-19 19:15:49 +03:00
Guillaume Girol
ceb2e6667b
Merge pull request #126289 from rnhmjoj/wrappers 
nixos/security/wrappers: make well-typed
 2021-09-18 15:28:49 +00:00
Guillaume Girol
cd2b24c306 nixos/heapster: define group, fix after #133166 2021-09-18 14:42:08 +02:00
Guillaume Girol
3592034595
Merge pull request #133166 from symphorien/nonogroup 
Don't default to nogroup for the primary group of users.
 2021-09-13 18:29:21 +00:00
talyz
6496902fb2
nixos/parsedmarc: Add manual entry and release note 2021-09-13 13:57:17 +02:00
talyz
98d9617705
nixos/parsedmarc: Add NixOS module 2021-09-13 13:57:06 +02:00
rnhmjoj
fedd7cd690
nixos: explicitely set security.wrappers ownership 
This is slightly more verbose and inconvenient, but it forces you
to think about what the wrapper ownership and permissions will be.
 2021-09-13 13:48:13 +02:00
Sandro
a79648dd7f
Merge pull request #136109 from john-consumable/master 2021-09-13 00:42:54 +02:00
Guillaume Girol
bc3bca822a nixos: define the primary group of users where needed 2021-09-12 14:59:30 +02:00
John Soo
a51ee771be nixos/datadog-agent: Update process collection binary. 2021-09-11 15:32:14 -07:00
Alyssa Ross
c9ce275aa4
treewide: "does not exists" -> "does not exist" 
I noticed this minor grammar mistake when running update.nix, and then
while grepping to find the source I noticed we had it a few times in
Nixpkgs.  Just as easy to fix treewide as it was to fix the one
occurrence I noticed.
 2021-09-09 18:45:33 +00:00
Alexandre Iooss
bbc51efb46 nixos/grafana: systemd unit hardening 2021-09-08 10:43:46 +02:00
Thomas Gerbet
36c179b208 nixos/unifi-poller: add support of Loki 
Since the v2.0.2 unifi-poller supports Loki [0][1], this contribution
adds the options so it can be used.

[0] https://github.com/unpoller/unpoller/releases/tag/v2.0.2-beta1
[1] https://unpoller.com/docs/dependencies/loki/
 2021-08-30 16:54:32 +02:00
Leo Maroni
2163af5167 nixos/grafana: start systemd service after database 2021-08-26 07:06:59 +09:00
Robert Hensing
1f20a1097d treewide: runCommandNoCCLocal -> runCommandLocal 
It has always been a synonym.
 2021-08-15 17:36:41 +02:00
Robert Hensing
fbafeb7ad5 treewide: runCommandNoCC -> runCommand 
This has been synonymous for ~5y.
 2021-08-15 17:36:41 +02:00
Guillaume Girol
582a9c13b5 nixos/tests/nagios.nix: fix eval 2021-08-08 12:00:00 +00:00
Martin Weinelt
46ea00da23 nixos/prometheus-influxdb-exporter: init 2021-07-26 16:00:01 +02:00
Cole Helbling
88fb6d25d8 nixos/prometheus-buildkite-agent-exporter: init 2021-07-19 08:35:58 -07:00
Jörg Thalheim
c24fa221ab nixos/telegraf: improve documentation 2021-07-18 09:40:42 +02:00
Jörg Thalheim
cc56dc078d nixos/telegraf: don't run as nogroup 2021-07-18 08:54:45 +02:00
Martin Weinelt
cf139f7203
nixos/tests/prometheus-exporters/kea: migrate to kea nixos module 2021-07-14 01:36:04 +02:00
Martin Weinelt
508408559a
nixos/prometheus: allow overriding default export user 2021-07-14 01:36:04 +02:00
n0emis
336494e19f
nixos/prometheus: add password_file option to scrapeConfig's basic_auth (#123252) 2021-07-10 21:18:38 +02:00
github-actions[bot]
b766664645
Merge staging-next into staging 2021-06-22 12:05:04 +00:00
github-actions[bot]
1df79d27a7
Merge staging-next into staging 2021-06-22 00:07:12 +00:00
Konrad Borowski
447b1cf03d nixos/prometheus: allow state access for service only 
There is no reason for Prometheus state files to be
world-readable.
 2021-06-21 10:16:47 +02:00
Sandro
84a79c2f0f
Merge pull request #126284 from aanderse/zabbix-user-params 
zabbixAgent: add bash to $PATH
 2021-06-20 17:58:43 +02:00
Daniel Nagy
044d996906
nixos/grafana: use port type 2021-06-18 17:27:31 +02:00
Erik Skytthe
d1b4158155
nixos/grafana: Change services.grafana.provision.datasources.*.type to be open (#126831) 2021-06-16 11:12:51 +02:00
Aaron Andersen
a0a11fd22c zabbixAgent: add bash to $PATH 2021-06-08 19:42:39 -04:00
Robert Hensing
843248d39f
Merge pull request #117379 from hercules-ci/nixos-metricbeat 
nixos/metricbeat: init
 2021-06-08 13:53:20 +02:00
talyz
41387135dd nixos/grafana: Add error handling to service script 
Without this, the services starts even if files are missing or
prerequisite commands fail, which can lead to incorrect initial
state.
 2021-06-07 18:00:13 +09:00
talyz
98f07d6cc5 nixos/grafana: Filter out duplicate plugins 
If the same plugin appears multiple times in `declarativePlugins`, for
example due to being added both by a module and in user config, the
build fails with an error message similar to

ln: failed to create symbolic link 'grafana-worldmap-panel/glmqcj88zk2bz3mvdr3r7920wxg02qnq-grafana-worldmap-panel-0.3.2': Permission denied

This is solved by removing all duplicates.
 2021-06-07 18:00:13 +09:00