+3

nixos/doc/manual/release-notes/rl-2505.section.md

reviewed

··· 168 168 to review the new defaults and description of 169 169 [](#opt-services.nextcloud.poolSettings). 170 170 171 171 + - The `services.locate` module does no longer support findutil's `locate` due to its inferior performance compared to `mlocate` and `plocate`. The new default is `plocate`. 172 172 + As the `service.locate.localuser` option only applied when using findutil's `locate`, it has also been removed. 173 173 + 171 174 - `kmonad` is now hardened by default using common `systemd` settings. 172 175 If KMonad is used to execute shell commands, hardening may make some of them fail. In that case, you can disable hardening using {option}`services.kmonad.keyboards.<name>.enableHardening` option. 173 176

+23 -59

nixos/modules/misc/locate.nix

reviewed

··· 9 9 cfg = config.services.locate; 10 10 isMLocate = lib.hasPrefix "mlocate" cfg.package.name; 11 11 isPLocate = lib.hasPrefix "plocate" cfg.package.name; 12 12 - isMorPLocate = isMLocate || isPLocate; 13 13 - isFindutils = lib.hasPrefix "findutils" cfg.package.name; 14 12 in 15 13 { 16 14 imports = [ 17 15 (lib.mkRenamedOptionModule [ "services" "locate" "period" ] [ "services" "locate" "interval" ]) 18 16 (lib.mkRenamedOptionModule [ "services" "locate" "locate" ] [ "services" "locate" "package" ]) 19 17 (lib.mkRemovedOptionModule [ "services" "locate" "includeStore" ] "Use services.locate.prunePaths") 18 18 + (lib.mkRemovedOptionModule [ "services" "locate" "localuser" ] 19 19 + "The services.locate.localuser option has been removed because support for findutils locate has been removed." 20 20 + ) 20 21 ]; 21 22 22 23 options.services.locate = { ··· 29 30 ''; 30 31 }; 31 32 32 32 - package = lib.mkPackageOption pkgs [ "findutils" "locate" ] { 33 33 + package = lib.mkPackageOption pkgs [ "plocate" ] { 33 34 example = "mlocate"; 34 35 }; 35 36 ··· 65 66 ''; 66 67 }; 67 68 68 68 - localuser = lib.mkOption { 69 69 - type = lib.types.nullOr lib.types.str; 70 70 - default = "nobody"; 71 71 - description = '' 72 72 - The user to search non-network directories as, using 73 73 - {command}`su`. 74 74 - ''; 75 75 - }; 76 76 - 77 69 pruneFS = lib.mkOption { 78 70 type = lib.types.listOf lib.types.str; 79 71 default = [ ··· 180 172 181 173 pruneNames = lib.mkOption { 182 174 type = lib.types.listOf lib.types.str; 183 183 - default = lib.optionals (!isFindutils) [ 175 175 + default = [ 184 176 ".bzr" 185 177 ".cache" 186 178 ".git" ··· 229 221 source = "${cfg.package}/bin/plocate"; 230 222 }; 231 223 in 232 232 - lib.mkIf isMorPLocate { 224 224 + { 233 225 locate = lib.mkMerge [ 234 226 common 235 227 mlocate ··· 253 245 ''; 254 246 255 247 systemPackages = [ cfg.package ]; 256 256 - 257 257 - variables = lib.mkIf isFindutils { 258 258 - LOCATE_PATH = cfg.output; 259 259 - }; 260 248 }; 261 249 262 262 - warnings = 263 263 - lib.optional (isMorPLocate && cfg.localuser != null) 264 264 - "mlocate and plocate do not support the services.locate.localuser option. updatedb will run as root. Silence this warning by setting services.locate.localuser = null." 265 265 - ++ lib.optional ( 266 266 - isFindutils && cfg.pruneNames != [ ] 267 267 - ) "findutils locate does not support pruning by directory component" 268 268 - ++ lib.optional ( 269 269 - isFindutils && cfg.pruneBindMounts 270 270 - ) "findutils locate does not support skipping bind mounts"; 271 271 - 272 250 systemd.services.update-locatedb = { 273 251 description = "Update Locate Database"; 274 274 - path = lib.mkIf (!isMorPLocate) [ pkgs.su ]; 275 252 276 253 # mlocate's updatedb takes flags via a configuration file or 277 254 # on the command line, but not by environment variable. 278 255 script = 279 279 - if isMorPLocate then 280 280 - let 281 281 - toFlags = 282 282 - x: lib.optional (cfg.${x} != [ ]) "--${lib.toLower x} '${lib.concatStringsSep " " cfg.${x}}'"; 283 283 - args = lib.concatLists ( 284 284 - map toFlags [ 285 285 - "pruneFS" 286 286 - "pruneNames" 287 287 - "prunePaths" 288 288 - ] 289 289 - ); 290 290 - in 291 291 - '' 292 292 - exec ${cfg.package}/bin/updatedb \ 293 293 - --output ${toString cfg.output} ${lib.concatStringsSep " " args} \ 294 294 - --prune-bind-mounts ${if cfg.pruneBindMounts then "yes" else "no"} \ 295 295 - ${lib.concatStringsSep " " cfg.extraFlags} 296 296 - '' 297 297 - else 298 298 - '' 299 299 - exec ${cfg.package}/bin/updatedb \ 300 300 - ${lib.optionalString (cfg.localuser != null && !isMorPLocate) "--localuser=${cfg.localuser}"} \ 301 301 - --output=${toString cfg.output} ${lib.concatStringsSep " " cfg.extraFlags} 302 302 - ''; 303 303 - environment = lib.optionalAttrs (!isMorPLocate) { 304 304 - PRUNEFS = lib.concatStringsSep " " cfg.pruneFS; 305 305 - PRUNEPATHS = lib.concatStringsSep " " cfg.prunePaths; 306 306 - PRUNENAMES = lib.concatStringsSep " " cfg.pruneNames; 307 307 - PRUNE_BIND_MOUNTS = if cfg.pruneBindMounts then "yes" else "no"; 308 308 - }; 256 256 + let 257 257 + toFlags = 258 258 + x: lib.optional (cfg.${x} != [ ]) "--${lib.toLower x} '${lib.concatStringsSep " " cfg.${x}}'"; 259 259 + args = lib.concatLists ( 260 260 + map toFlags [ 261 261 + "pruneFS" 262 262 + "pruneNames" 263 263 + "prunePaths" 264 264 + ] 265 265 + ); 266 266 + in 267 267 + '' 268 268 + exec ${cfg.package}/bin/updatedb \ 269 269 + --output ${toString cfg.output} ${lib.concatStringsSep " " args} \ 270 270 + --prune-bind-mounts ${if cfg.pruneBindMounts then "yes" else "no"} \ 271 271 + ${lib.concatStringsSep " " cfg.extraFlags} 272 272 + ''; 309 273 serviceConfig = { 310 274 CapabilityBoundingSet = "CAP_DAC_READ_SEARCH CAP_CHOWN"; 311 275 Nice = 19;