nix/nixos-module/collectd: use security.wrappers for dhcpcount.rb
This commit is contained in:
parent
eeef53a268
commit
1b5a599f7c
|
@ -103,8 +103,8 @@ in
|
||||||
else maxTimeout
|
else maxTimeout
|
||||||
) 180 (builtins.attrNames config.site.net);
|
) 180 (builtins.attrNames config.site.net);
|
||||||
in ''
|
in ''
|
||||||
Exec "${execUser}" "${pkgs.ruby}/bin/ruby" "${./dhcpcount.rb}" "${toString maxTimeout}"
|
Exec "${execUser}" "/run/wrappers/bin/dhcpcount" "${toString maxTimeout}"
|
||||||
'';
|
'';
|
||||||
}) (lib.optionalAttrs config.services.unbound.enable {
|
}) (lib.optionalAttrs config.services.unbound.enable {
|
||||||
plugins.exec = ''
|
plugins.exec = ''
|
||||||
Exec "${execUser}" "${pkgs.ruby}/bin/ruby" "${./unbound.rb}"
|
Exec "${execUser}" "${pkgs.ruby}/bin/ruby" "${./unbound.rb}"
|
||||||
|
@ -118,6 +118,25 @@ in
|
||||||
|
|
||||||
systemd.services.collectd = lib.mkIf config.services.dhcpd4.enable {
|
systemd.services.collectd = lib.mkIf config.services.dhcpd4.enable {
|
||||||
after = [ "dhcpd4.service" ];
|
after = [ "dhcpd4.service" ];
|
||||||
serviceConfig.StateDirectory = "dhcpd4";
|
};
|
||||||
|
|
||||||
|
security.wrappers = lib.mkIf config.services.dhcpd4.enable {
|
||||||
|
collectd-dhcpcount =
|
||||||
|
let
|
||||||
|
dhcpcount = pkgs.runCommand "dhcpcount" {
|
||||||
|
src = ./dhcpcount.rb;
|
||||||
|
buildInputs = [ pkgs.ruby ];
|
||||||
|
} ''
|
||||||
|
cp $src dhcpcount.rb
|
||||||
|
patchShebangs dhcpcount.rb
|
||||||
|
mkdir -p $out/bin
|
||||||
|
cp dhcpcount.rb $out/bin/dhcpcount
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
setuid = true;
|
||||||
|
owner = "root";
|
||||||
|
group = "root";
|
||||||
|
source = "${dhcpcount}/bin/dhcpcount";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue