staging: run node_exporter from nixos; run synapse as non-root

This commit is contained in:
Alex 2022-12-01 17:25:53 +01:00
parent 195e340f56
commit 18ab08a86c
Signed by untrusted user: lx
GPG key ID: 0E496D15096376BE
2 changed files with 22 additions and 29 deletions

View file

@ -46,7 +46,6 @@ job "im" {
"secrets/litestream.yml" = "/etc/litestream.yml"
}
}
user = "root"
template {
data = file("../config/litestream.yml")
@ -82,7 +81,6 @@ job "im" {
env = {
SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"
}
user = "root"
template {
data = file("flake.nix")
@ -148,7 +146,6 @@ job "im" {
"../alloc/data" = "/ephemeral",
}
}
user = "root"
template {
data = file("flake.nix")
@ -195,7 +192,6 @@ EOH
"secrets/litestream.yml" = "/etc/litestream.yml"
}
}
user = "root"
template {
data = file("../config/litestream.yml")

View file

@ -9,15 +9,15 @@ job "telemetry-system" {
}
task "node_exporter" {
driver = "docker"
driver = "nix2"
config {
image = "quay.io/prometheus/node-exporter:v1.1.2"
network_mode = "host"
volumes = [
"/:/host:ro,rslave"
]
packages = [ "#prometheus-node-exporter" ]
command = "node_exporter"
args = [ "--path.rootfs=/host" ]
bind_read_only = {
"/" = "/host"
}
}
resources {
@ -26,15 +26,12 @@ job "telemetry-system" {
}
service {
tags = [ "telemetry" ]
port = 9100
address_mode = "driver"
name = "node-exporter"
tags = [ "telemetry" ]
port = "node_exporter"
check {
type = "http"
path = "/"
port = 9100
address_mode = "driver"
interval = "60s"
timeout = "5s"
check_restart {