pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #131020 from Artturin/uptimed-fix

uptimed nixos/uptimed: switch to /var/lib/ and fix perms

authored by Aaron Andersen and committed by GitHub 4fad3a2b 7841f5f4

+22 -3
unified split
+8
nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
··· 607 </listitem> 608 </itemizedlist> 609 </listitem> 610 </itemizedlist> 611 </section> 612 <section xml:id="sec-release-21.11-notable-changes">
··· 607 </listitem> 608 </itemizedlist> 609 </listitem> 610 + <listitem> 611 + <para> 612 + <literal>services.uptimed</literal> now uses 613 + <literal>/var/lib/uptimed</literal> as its stateDirectory 614 + instead of <literal>/var/spool/uptimed</literal>. Make sure to 615 + move all files to the new directory. 616 + </para> 617 + </listitem> 618 </itemizedlist> 619 </section> 620 <section xml:id="sec-release-21.11-notable-changes">
+2
nixos/doc/manual/release-notes/rl-2111.section.md
··· 153 - `CoenraadS.bracket-pair-colorizer` -> `coenraads.bracket-pair-colorizer` 154 - `golang.Go` -> `golang.go` 155 156 ## Other Notable Changes {#sec-release-21.11-notable-changes} 157 158 - The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.
··· 153 - `CoenraadS.bracket-pair-colorizer` -> `coenraads.bracket-pair-colorizer` 154 - `golang.Go` -> `golang.go` 155 156 + - `services.uptimed` now uses `/var/lib/uptimed` as its stateDirectory instead of `/var/spool/uptimed`. Make sure to move all files to the new directory. 157 + 158 ## Other Notable Changes {#sec-release-21.11-notable-changes} 159 160 - The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.
+7 -3
nixos/modules/services/system/uptimed.nix
··· 4 5 let 6 cfg = config.services.uptimed; 7 - stateDir = "/var/spool/uptimed"; 8 in 9 { 10 options = { ··· 21 }; 22 23 config = mkIf cfg.enable { 24 users.users.uptimed = { 25 description = "Uptimed daemon user"; 26 home = stateDir; 27 - createHome = true; 28 uid = config.ids.uids.uptimed; 29 }; 30 31 systemd.services.uptimed = { 32 unitConfig.Documentation = "man:uptimed(8) man:uprecords(1)"; ··· 41 PrivateTmp = "yes"; 42 PrivateNetwork = "yes"; 43 NoNewPrivileges = "yes"; 44 - ReadWriteDirectories = stateDir; 45 InaccessibleDirectories = "/home"; 46 ExecStart = "${pkgs.uptimed}/sbin/uptimed -f -p ${stateDir}/pid"; 47 };
··· 4 5 let 6 cfg = config.services.uptimed; 7 + stateDir = "/var/lib/uptimed"; 8 in 9 { 10 options = { ··· 21 }; 22 23 config = mkIf cfg.enable { 24 + 25 + environment.systemPackages = [ pkgs.uptimed ]; 26 + 27 users.users.uptimed = { 28 description = "Uptimed daemon user"; 29 home = stateDir; 30 uid = config.ids.uids.uptimed; 31 + group = "uptimed"; 32 }; 33 + users.groups.uptimed = {}; 34 35 systemd.services.uptimed = { 36 unitConfig.Documentation = "man:uptimed(8) man:uprecords(1)"; ··· 45 PrivateTmp = "yes"; 46 PrivateNetwork = "yes"; 47 NoNewPrivileges = "yes"; 48 + StateDirectory = [ "uptimed" ]; 49 InaccessibleDirectories = "/home"; 50 ExecStart = "${pkgs.uptimed}/sbin/uptimed -f -p ${stateDir}/pid"; 51 };
+5
pkgs/tools/system/uptimed/default.nix
··· 14 nativeBuildInputs = [ autoreconfHook ]; 15 patches = [ ./no-var-spool-install.patch ]; 16 17 meta = with lib; { 18 description = "Uptime record daemon"; 19 longDescription = ''
··· 14 nativeBuildInputs = [ autoreconfHook ]; 15 patches = [ ./no-var-spool-install.patch ]; 16 17 + postPatch = '' 18 + substituteInPlace libuptimed/urec.h \ 19 + --replace /var/spool /var/lib 20 + ''; 21 + 22 meta = with lib; { 23 description = "Uptime record daemon"; 24 longDescription = ''