From 9917b6b397b6ec33ff048c2c889069a3f67b34f8 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 31 Dec 2021 16:14:54 +0100
Subject: vidhar: prometheus: unbound: ...

---
 hosts/vidhar/prometheus.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'hosts/vidhar')

diff --git a/hosts/vidhar/prometheus.nix b/hosts/vidhar/prometheus.nix
index 2ad6667a..7cbb36d4 100644
--- a/hosts/vidhar/prometheus.nix
+++ b/hosts/vidhar/prometheus.nix
@@ -42,6 +42,7 @@ in {
         unbound = {
           enable = true;
           controlInterface = "/run/unbound/unbound.ctl";
+          group = config.services.unbound.group;
         };
         wireguard.enable = true;
       };
@@ -110,7 +111,12 @@ in {
       ];
     };
     users.users.${config.services.prometheus.exporters.unbound.user} = {
-      extraGroups = [ config.services.unbound.group ];
+      description = "Prometheus unbound exporter service user";
+      isSystemUser = true;
+      group = config.services.unbound.group;
+    };
+    systemd.services."prometheus-unbound-exporter".serviceConfig = {
+      DynamicUser = false;
     };
 
     systemd.services."prometheus-zte-exporter@10.141.1.3" = {
-- 
cgit v1.2.3