staging: run node_exporter from nixos; run synapse as non-root

This commit is contained in:
Alex 2022-12-01 17:25:53 +01:00
parent 195e340f56
commit 18ab08a86c
Signed by untrusted user: lx
GPG key ID: 0E496D15096376BE
2 changed files with 22 additions and 29 deletions

View file

@ -46,7 +46,6 @@ job "im" {
"secrets/litestream.yml" = "/etc/litestream.yml" "secrets/litestream.yml" = "/etc/litestream.yml"
} }
} }
user = "root"
template { template {
data = file("../config/litestream.yml") data = file("../config/litestream.yml")
@ -82,7 +81,6 @@ job "im" {
env = { env = {
SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt" SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"
} }
user = "root"
template { template {
data = file("flake.nix") data = file("flake.nix")
@ -148,7 +146,6 @@ job "im" {
"../alloc/data" = "/ephemeral", "../alloc/data" = "/ephemeral",
} }
} }
user = "root"
template { template {
data = file("flake.nix") data = file("flake.nix")
@ -195,7 +192,6 @@ EOH
"secrets/litestream.yml" = "/etc/litestream.yml" "secrets/litestream.yml" = "/etc/litestream.yml"
} }
} }
user = "root"
template { template {
data = file("../config/litestream.yml") data = file("../config/litestream.yml")

View file

@ -1,40 +1,37 @@
job "telemetry-system" { job "telemetry-system" {
datacenters = ["neptune"] datacenters = ["neptune"]
type = "system" type = "system"
priority = "100" priority = "100"
group "collector" { group "collector" {
network { network {
port "node_exporter" { static = 9100 } port "node_exporter" { static = 9100 }
} }
task "node_exporter" { task "node_exporter" {
driver = "docker" driver = "nix2"
config { config {
image = "quay.io/prometheus/node-exporter:v1.1.2" packages = [ "#prometheus-node-exporter" ]
network_mode = "host" command = "node_exporter"
volumes = [ args = [ "--path.rootfs=/host" ]
"/:/host:ro,rslave" bind_read_only = {
] "/" = "/host"
args = [ "--path.rootfs=/host" ] }
} }
resources { resources {
cpu = 50 cpu = 50
memory = 40 memory = 40
} }
service { service {
tags = [ "telemetry" ]
port = 9100
address_mode = "driver"
name = "node-exporter" name = "node-exporter"
tags = [ "telemetry" ]
port = "node_exporter"
check { check {
type = "http" type = "http"
path = "/" path = "/"
port = 9100
address_mode = "driver"
interval = "60s" interval = "60s"
timeout = "5s" timeout = "5s"
check_restart { check_restart {
@ -44,6 +41,6 @@ job "telemetry-system" {
} }
} }
} }
} }
} }
} }