Factor out part of the provisioning script into a
wait-until-service-is-ready script, and put it unconditionally in
front of ExecStartPost=, so that services that depend on influxdb2 are
not started until influxdb2 responds to requests.
Fixes https://github.com/NixOS/nixpkgs/issues/317017 ("Scrutiny tries to start before influxdb has started")
(cherry picked from commit 732d36522f)
It is currently tied to `services.avahi.enable` which might not be
desirable.
With this change it is possible to disable the service with
`services.printing.browsed.enable = false`
(cherry picked from commit 981a63b005)
It is surprising that software which was installed by the user at AMI
generation time isn't available to a script run over user data by
default.
When authoring user data to execute at startup, users will now have
more predictable access to baked-in software instead of an extremely
bare-minimum set currently there.
(cherry picked from commit 76b614be39)
Follow up to #342584.
Similarly to that PR, it is surprising that software which was installed by the user isn't available to a script run over ssm by default.
When executing commands with ssm, users will now have more predictable access to baked-in software instead of an extremely bare-minimum set currently there.
(cherry picked from commit 7547a1f5f8)
smartctl_exporter already runs with SupplementaryGroups "disk", which
gives full access to SATA drives, but NVMe devices are owned by
root:root, resulting in no access:
[...] msg="Smartctl open device: /dev/nvme0 failed: Permission denied"
This patch introduces a "smartctl-exporter-access" supplementary
group, and an udev rule with setfacl to give the exporter access to NVMe
drives, without changing the base root:root ownership.
Fixes https://github.com/NixOS/nixpkgs/issues/210041
(cherry picked from commit 86a6ef5f15)
Avoid running Python scripts in the root of the package, as this
triggers `os.listdir` on the Nix store directory during import. This
operation can be time-consuming on large store directories
(see issue #283795 for more details).
The issue was initially fixed in #284153 but was reverted in #306339.
Co-authored-by: Sönke Hahn <soenkehahn@gmail.com>
(cherry picked from commit 251b0c958f)
nixos/doc: update `Installing` section (#341995)
Mention how to set a user password right after installation.
Also don't suggest to use `useradd` to add users.
(cherry picked from commit 4c1d53818b)
Co-authored-by: misuzu <bakalolka@gmail.com>
This allows using upsdrvctl interactively, which otherwise tries to use
a missing ups.conf in the Nix store, instead of the correct
/etc/nut/ups.conf.
(cherry picked from commit 1cb392fdcd)
This meant that pkgs.lix.passthru.tests.misc never evaluated.
It should be noted that it seems like completely different test
infrastructure is in use on master (25.11), or maybe it is just that the
same test got renamed to nix-misc. Either way, this is busted.
Since `connectionStringFile` reads the file and puts it into the
invocation of the exporter, it's part of the cmdline and thus
effectively world-readable.
Added a new `connectionEnvFile` which is supposed to be an environment
file of the form
PGBOUNCER_EXPORTER_CONNECTION_STRING=...
that will be added to the systemd service. The exporter will read the
connection string from that value.
(cherry picked from commit 862ecd674f)
* Syncthing: implemented folder type
* Syncthing: fix syntax (via @johnhamelink )
This commit should be rebased/squashed into the previous one if ofborg cleares it!
Co-authored-by: John Hamelink <me@johnhame.link>
---------
Co-authored-by: John Hamelink <me@johnhame.link>
(cherry picked from commit ed1b6699c0)
We need ping to be in PATH of the service otherwise it can't ping. This commit
adds it, conditional on one of the inputs being a ping task.
(cherry picked from commit 934a337a13)