commit 4fad3a2b69572163473b86f8cbb276cd7fce4157 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #131020 from Artturin/uptimed-fix

uptimed nixos/uptimed: switch to /var/lib/ and fix perms

authored by Aaron Andersen and committed by GitHub 4 years ago 4fad3a2b 7841f5f4

+22 -3

4 changed files

expand all

unified split

nixos

doc

manual

from_md

release-notes

rl-2111.section.xml

release-notes

rl-2111.section.md

modules

services

system

uptimed.nix

pkgs

tools

system

uptimed

default.nix

nixos/doc/manual/from_md/release-notes/rl-2111.section.xml

··· 607 607 </listitem> 608 608 </itemizedlist> 609 609 </listitem> 610 + <listitem> 611 + <para> 612 + <literal>services.uptimed</literal> now uses 613 + <literal>/var/lib/uptimed</literal> as its stateDirectory 614 + instead of <literal>/var/spool/uptimed</literal>. Make sure to 615 + move all files to the new directory. 616 + </para> 617 + </listitem> 610 618 </itemizedlist> 611 619 </section> 612 620 <section xml:id="sec-release-21.11-notable-changes">

nixos/doc/manual/release-notes/rl-2111.section.md

··· 153 153 - `CoenraadS.bracket-pair-colorizer` -> `coenraads.bracket-pair-colorizer` 154 154 - `golang.Go` -> `golang.go` 155 155 156 + - `services.uptimed` now uses `/var/lib/uptimed` as its stateDirectory instead of `/var/spool/uptimed`. Make sure to move all files to the new directory. 157 + 156 158 ## Other Notable Changes {#sec-release-21.11-notable-changes} 157 159 158 160 - The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.

+7 -3

nixos/modules/services/system/uptimed.nix

··· 4 4 5 5 let 6 6 cfg = config.services.uptimed; 7 - stateDir = "/var/spool/uptimed"; 7 + stateDir = "/var/lib/uptimed"; 8 8 in 9 9 { 10 10 options = { ··· 21 21 }; 22 22 23 23 config = mkIf cfg.enable { 24 + 25 + environment.systemPackages = [ pkgs.uptimed ]; 26 + 24 27 users.users.uptimed = { 25 28 description = "Uptimed daemon user"; 26 29 home = stateDir; 27 - createHome = true; 28 30 uid = config.ids.uids.uptimed; 31 + group = "uptimed"; 29 32 }; 33 + users.groups.uptimed = {}; 30 34 31 35 systemd.services.uptimed = { 32 36 unitConfig.Documentation = "man:uptimed(8) man:uprecords(1)"; ··· 41 45 PrivateTmp = "yes"; 42 46 PrivateNetwork = "yes"; 43 47 NoNewPrivileges = "yes"; 44 - ReadWriteDirectories = stateDir; 48 + StateDirectory = [ "uptimed" ]; 45 49 InaccessibleDirectories = "/home"; 46 50 ExecStart = "${pkgs.uptimed}/sbin/uptimed -f -p ${stateDir}/pid"; 47 51 };

pkgs/tools/system/uptimed/default.nix

··· 14 14 nativeBuildInputs = [ autoreconfHook ]; 15 15 patches = [ ./no-var-spool-install.patch ]; 16 16 17 + postPatch = '' 18 + substituteInPlace libuptimed/urec.h \ 19 + --replace /var/spool /var/lib 20 + ''; 21 + 17 22 meta = with lib; { 18 23 description = "Uptime record daemon"; 19 24 longDescription = ''