pyrox.dev / nixpkgs
lol
fork atom

nixos/locatedb: fix first run when /var/cache doesn't exist by using systemd-tmpfiles. Also document what's happening there.

Florian Jacob 70c3f56b 818b161e

+10 -2
unified split
+10 -2
nixos/modules/misc/locate.nix
··· 125 warnings = optional (isMLocate && cfg.localuser != null) "mlocate does not support searching as user other than root" 126 ++ optional (isFindutils && cfg.pruneNames != []) "findutils locate does not support pruning by directory component" 127 ++ optional (isFindutils && cfg.pruneBindMounts) "findutils locate does not support skipping bind mounts"; 128 - 129 systemd.services.update-locatedb = 130 { description = "Update Locate Database"; 131 path = mkIf (!isMLocate) [ pkgs.su ]; 132 script = 133 '' 134 - mkdir -m 0755 -p ${dirOf cfg.output} 135 exec ${cfg.locate}/bin/updatedb \ 136 ${optionalString (cfg.localuser != null && ! isMLocate) ''--localuser=${cfg.localuser}''} \ 137 --output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags} ··· 148 serviceConfig.PrivateNetwork = "yes"; 149 serviceConfig.NoNewPrivileges = "yes"; 150 serviceConfig.ReadOnlyPaths = "/"; 151 serviceConfig.ReadWritePaths = dirOf cfg.output; 152 }; 153
··· 125 warnings = optional (isMLocate && cfg.localuser != null) "mlocate does not support searching as user other than root" 126 ++ optional (isFindutils && cfg.pruneNames != []) "findutils locate does not support pruning by directory component" 127 ++ optional (isFindutils && cfg.pruneBindMounts) "findutils locate does not support skipping bind mounts"; 128 + 129 + # directory creation needs to be separated from main service 130 + # because ReadWritePaths fails when the directory doesn't already exist 131 + systemd.tmpfiles.rules = [ "d ${dirOf cfg.output} 0755 root root -" ]; 132 + 133 systemd.services.update-locatedb = 134 { description = "Update Locate Database"; 135 path = mkIf (!isMLocate) [ pkgs.su ]; 136 script = 137 '' 138 exec ${cfg.locate}/bin/updatedb \ 139 ${optionalString (cfg.localuser != null && ! isMLocate) ''--localuser=${cfg.localuser}''} \ 140 --output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags} ··· 151 serviceConfig.PrivateNetwork = "yes"; 152 serviceConfig.NoNewPrivileges = "yes"; 153 serviceConfig.ReadOnlyPaths = "/"; 154 + # Use dirOf cfg.output because mlocate creates temporary files next to 155 + # the actual database. We could specify and create them as well, 156 + # but that would make this quite brittle when they change something. 157 + # NOTE: If /var/cache does not exist, this leads to the misleading error message: 158 + # update-locatedb.service: Failed at step NAMESPACE spawning …/update-locatedb-start: No such file or directory 159 serviceConfig.ReadWritePaths = dirOf cfg.output; 160 }; 161