From f87a7126351be7cf3b7533ea20315eb21fdfbdc5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Fri, 25 Aug 2023 09:55:21 +0300
Subject: [PATCH] node_exporter gets its own uidgid

---
 data.nix                                   |  5 +++++
 modules/services/node_exporter/default.nix | 12 ++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/data.nix b/data.nix
index f014b39..868c04e 100644
--- a/data.nix
+++ b/data.nix
@@ -5,6 +5,11 @@ rec {
     gitea = 995;
     updaterbot-deployer = 501;
     updaterbot-deployee = 502;
+
+    # the underscore differentiates "our" user from the
+    # "upstream" user. We need a way to configure the uidgid,
+    # so creating users explicitly.
+    node_exporter = 503;
   };
 
   ports = {
diff --git a/modules/services/node_exporter/default.nix b/modules/services/node_exporter/default.nix
index d37bcde..c43e7c5 100644
--- a/modules/services/node_exporter/default.nix
+++ b/modules/services/node_exporter/default.nix
@@ -13,6 +13,18 @@
       enable = true;
       enabledCollectors = ["systemd" "processes"];
       port = myData.ports.exporters.node;
+      user = "node_exporter";
+      group = "node_exporter";
+    };
+
+    users.users.node_exporter = {
+      isSystemUser = true;
+      group = "node_exporter";
+      uid = myData.uidgid.node_exporter;
+    };
+
+    users.groups.node_exporter = {
+      gid = myData.uidgid.node_exporter;
     };
 
     mj.services.friendlyport.vpn.ports = [