From 6574298e4e8ef54245ef49251aac6a7a16b71d2a Mon Sep 17 00:00:00 2001
From: Christopher Baines <mail@cbaines.net>
Date: Sat, 28 Nov 2020 10:39:21 +0000
Subject: prometheus-node-exporter: Add user and group.

So it doesn't run as root, and because this will help with the textfile
exporter.

* gnu/services/monitoring.scm (%prometheus-node-exporter-accounts): New
variable.
(prometheus-node-exporter-shepherd-service): Use the relevant user and group.
(prometheus-node-exporter-service-type): Extend the account service type.
---
 gnu/services/monitoring.scm | 39 ++++++++++++++++++++++++++++-----------
 1 file changed, 28 insertions(+), 11 deletions(-)

(limited to 'gnu/services/monitoring.scm')

diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm
index 89deac9d36..7ebc3f3f6f 100644
--- a/gnu/services/monitoring.scm
+++ b/gnu/services/monitoring.scm
@@ -128,18 +128,33 @@ HTTP.")
   (web-listen-address prometheus-node-exporter-web-listen-address
                       (default ":9100")))
 
+(define %prometheus-node-exporter-accounts
+  (list (user-account
+         (name "prometheus-node-exporter")
+         (group "prometheus-node-exporter")
+         (system? #t)
+         (comment "Prometheus node exporter daemon user")
+         (home-directory "/var/empty")
+         (shell (file-append shadow "/sbin/nologin")))
+        (user-group
+         (name "prometheus-node-exporter")
+         (system? #t))))
+
 (define prometheus-node-exporter-shepherd-service
   (match-lambda
     (( $ <prometheus-node-exporter-configuration>
          package web-listen-address)
-     (shepherd-service
-      (documentation "Prometheus node exporter.")
-      (provision '(prometheus-node-exporter))
-      (requirement '(networking))
-      (start #~(make-forkexec-constructor
-                (list #$(file-append package "/bin/node_exporter")
-                      "--web.listen-address" #$web-listen-address)))
-      (stop #~(make-kill-destructor))))))
+     (list
+      (shepherd-service
+       (documentation "Prometheus node exporter.")
+       (provision '(prometheus-node-exporter))
+       (requirement '(networking))
+       (start #~(make-forkexec-constructor
+                 (list #$(file-append package "/bin/node_exporter")
+                       "--web.listen-address" #$web-listen-address)
+                 #:user "prometheus-node-exporter"
+                 #:group "prometheus-node-exporter"))
+       (stop #~(make-kill-destructor)))))))
 
 (define prometheus-node-exporter-service-type
   (service-type
@@ -148,9 +163,11 @@ HTTP.")
     "Run @command{node_exporter} to serve hardware and OS metrics to
 Prometheus.")
    (extensions
-    (list (service-extension
-           shepherd-root-service-type
-           (compose list prometheus-node-exporter-shepherd-service))))
+    (list
+     (service-extension account-service-type
+                        (const %prometheus-node-exporter-accounts))
+     (service-extension shepherd-root-service-type
+                        prometheus-node-exporter-shepherd-service)))
    (default-value (prometheus-node-exporter-configuration))))
 
 
-- 
cgit v1.2.3