nixos/prometheus.exporters.smartctl: Simplify DeviceAllow logic

Setting up the DeviceAllow list with explicitly configured devices was a nice idea, but sometimes a configured device (`/dev/nvme0n1` an NVMe namespace) has a parent device (`/dev/nvme0`) that smartctl needs to access to query metrics. Falling back to the block and character definitions is probably a valid fallback.
2022-12-08 22:33:03 +01:00 · 2022-12-08 22:33:03 +01:00 · fdcc9e8202
parent a49feed255
commit fdcc9e8202
1 changed files with 5 additions and 9 deletions
--- a/nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix
@ -46,15 +46,11 @@ in {
        "CAP_SYS_ADMIN"
      ];
      DevicePolicy = "closed";
-      DeviceAllow = lib.mkOverride 50 (
-        if cfg.devices != [] then
-          cfg.devices
-        else [
-          "block-blkext rw"
-          "block-sd rw"
-          "char-nvme rw"
-        ]
-      );
+      DeviceAllow = lib.mkOverride 50 [
+        "block-blkext rw"
+        "block-sd rw"
+        "char-nvme rw"
+      ];
      ExecStart = ''
        ${pkgs.prometheus-smartctl-exporter}/bin/smartctl_exporter ${args}
      '';