diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2021-09-12 18:17:25 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-12 18:17:25 +0200 |
commit | 8b13843f4e08c2d707acb8b558c012f0fb1cb314 (patch) | |
tree | 9c6df8031676d94b1cf6bab0a6abe9c0a5a2f348 /nixos | |
parent | 0517de2ceb4afbc2a7e7ea67fa01c1226a91101d (diff) | |
parent | b6ad701a2c6bf619fa9418a8e27c4940ce921456 (diff) |
Merge pull request #135751 from zhaofengli/promtail-allow-positions-file
nixos/promtail: Allow write access to positions file if not in CacheDirectory
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/logging/promtail.nix | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/nixos/modules/services/logging/promtail.nix b/nixos/modules/services/logging/promtail.nix index 34211687dc1d..95c83796ece6 100644 --- a/nixos/modules/services/logging/promtail.nix +++ b/nixos/modules/services/logging/promtail.nix @@ -7,6 +7,9 @@ let ''; allowSystemdJournal = cfg.configuration ? scrape_configs && lib.any (v: v ? journal) cfg.configuration.scrape_configs; + + allowPositionsFile = !lib.hasPrefix "/var/cache/promtail" positionsFile; + positionsFile = cfg.configuration.positions.filename; in { options.services.promtail = with types; { enable = mkEnableOption "the Promtail ingresser"; @@ -53,6 +56,7 @@ in { RestrictSUIDSGID = true; PrivateMounts = true; CacheDirectory = "promtail"; + ReadWritePaths = lib.optional allowPositionsFile (builtins.dirOf positionsFile); User = "promtail"; Group = "promtail"; |