Expose the InfluxDB port, run InfluxDB as unprivileged user
This commit is contained in:
Sander van der Burg
Sander van der Burg
parent
3d42a87129
commit
56750f2394
|
|
@ -8,7 +8,7 @@ let
|
|||
# Add Dysnomia container configuration file for InfluxDB
|
||||
mkdir -p $out/etc/dysnomia/containers
|
||||
cat > $out/etc/dysnomia/containers/${containerName} <<EOF
|
||||
httpPort=${toString httpPort}
|
||||
influxdbHttpPort=${toString httpPort}
|
||||
EOF
|
||||
|
||||
# Copy the Dysnomia module that manages an InfluxDB database
|
||||
|
|
@ -19,6 +19,7 @@ let
|
|||
in
|
||||
rec {
|
||||
name = instanceName;
|
||||
inherit pkg type httpPort;
|
||||
inherit pkg type;
|
||||
influxdbHttpPort = httpPort;
|
||||
providesContainer = containerName;
|
||||
} // properties
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ in
|
|||
};
|
||||
|
||||
influxdb = import ./influxdb.nix {
|
||||
inherit createManagedProcess;
|
||||
inherit createManagedProcess stateDir;
|
||||
inherit (pkgs) influxdb;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -1,15 +1,20 @@
|
|||
{createManagedProcess, influxdb}:
|
||||
{createManagedProcess, influxdb, stateDir}:
|
||||
{instanceSuffix ? "", instanceName ? "influxdb${instanceSuffix}", configFile, postInstall ? ""}:
|
||||
|
||||
let
|
||||
user = instanceName;
|
||||
group = instanceName;
|
||||
|
||||
influxdbStateDir = "${stateDir}/lib/${instanceName}";
|
||||
in
|
||||
createManagedProcess {
|
||||
name = instanceName;
|
||||
inherit instanceName postInstall;
|
||||
inherit instanceName user postInstall;
|
||||
foregroundProcess = "${influxdb}/bin/influxd";
|
||||
args = [ "-config" configFile ];
|
||||
initialize = ''
|
||||
mkdir -p ${influxdbStateDir}
|
||||
'';
|
||||
|
||||
credentials = {
|
||||
groups = {
|
||||
|
|
@ -17,6 +22,8 @@ createManagedProcess {
|
|||
};
|
||||
users = {
|
||||
"${user}" = {
|
||||
homeDir = influxdbStateDir;
|
||||
createHomeDir = true;
|
||||
inherit group;
|
||||
description = "InfluxDB user";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
{instanceSuffix ? "", instanceName ? "influxdb${instanceSuffix}", rpcBindIP ? "127.0.0.1", rpcPort ? 8088, httpBindIP ? "", httpPort ? 8086, extraConfig ? "", postInstall ? ""}:
|
||||
|
||||
let
|
||||
influxdbStateDir = "${stateDir}/${instanceName}";
|
||||
influxdbStateDir = "${stateDir}/lib/${instanceName}";
|
||||
|
||||
configFile = writeTextFile {
|
||||
name = "influxdb.conf";
|
||||
|
|
@ -25,7 +25,7 @@ let
|
|||
};
|
||||
in
|
||||
import ./influxdb.nix {
|
||||
inherit createManagedProcess influxdb;
|
||||
inherit createManagedProcess influxdb stateDir;
|
||||
} {
|
||||
inherit instanceName configFile postInstall;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue