diff --git a/ops/nixos/rexxar/default.nix b/ops/nixos/rexxar/default.nix index 6d10dbad94..498f38caa8 100644 --- a/ops/nixos/rexxar/default.nix +++ b/ops/nixos/rexxar/default.nix @@ -423,7 +423,16 @@ hardware.rasdaemon.enable = true; services.prometheus.exporters.ipmi = { enable = true; + group = "ipmi"; }; + users.groups.ipmi = {}; + systemd.services.prometheus-ipmi-exporter.serviceConfig = { + DeviceAllow = lib.mkAfter [ "/dev/ipmi0 rw" ]; + BindPaths = lib.mkAfter [ "/dev/ipmi0" ]; + }; + services.udev.extraRules = lib.mkAfter '' + KERNEL=="ipmi*", MODE="660", GROUP="ipmi" + ''; my.services.seaweedfs = { securitySettings = { diff --git a/third_party/default.nix b/third_party/default.nix index df5a6ccc6e..c8d493dba6 100644 --- a/third_party/default.nix +++ b/third_party/default.nix @@ -57,6 +57,12 @@ let sha256 = "1jdyk6d80jmsg6qn7hw58088yydn78g3kn3lmgg8argihb69pf2i"; }; }); + prometheus-ipmi-exporter = pkgs.prometheus-ipmi-exporter.override (old: { + freeipmi = old.freeipmi.overrideAttrs (oldAttrs: { + env.NIX_CFLAGS_COMPILE = "-DIPMI_DONT_CHECK_FOR_ROOT"; + enableParallelBuilding = true; + }); + }); }; }; nixpkgs = import ./nixpkgs {