Factor out part of the provisioning script into a
wait-until-service-is-ready script, and put it unconditionally in
front of ExecStartPost=, so that services that depend on influxdb2 are
not started until influxdb2 responds to requests.
Fixes https://github.com/NixOS/nixpkgs/issues/317017 ("Scrutiny tries to start before influxdb has started")
(cherry picked from commit 732d36522f)
It is currently tied to `services.avahi.enable` which might not be
desirable.
With this change it is possible to disable the service with
`services.printing.browsed.enable = false`
(cherry picked from commit 981a63b005)
It is surprising that software which was installed by the user at AMI
generation time isn't available to a script run over user data by
default.
When authoring user data to execute at startup, users will now have
more predictable access to baked-in software instead of an extremely
bare-minimum set currently there.
(cherry picked from commit 76b614be39)
Follow up to #342584.
Similarly to that PR, it is surprising that software which was installed by the user isn't available to a script run over ssm by default.
When executing commands with ssm, users will now have more predictable access to baked-in software instead of an extremely bare-minimum set currently there.
(cherry picked from commit 7547a1f5f8)
smartctl_exporter already runs with SupplementaryGroups "disk", which
gives full access to SATA drives, but NVMe devices are owned by
root:root, resulting in no access:
[...] msg="Smartctl open device: /dev/nvme0 failed: Permission denied"
This patch introduces a "smartctl-exporter-access" supplementary
group, and an udev rule with setfacl to give the exporter access to NVMe
drives, without changing the base root:root ownership.
Fixes https://github.com/NixOS/nixpkgs/issues/210041
(cherry picked from commit 86a6ef5f15)
Avoid running Python scripts in the root of the package, as this
triggers `os.listdir` on the Nix store directory during import. This
operation can be time-consuming on large store directories
(see issue #283795 for more details).
The issue was initially fixed in #284153 but was reverted in #306339.
Co-authored-by: Sönke Hahn <soenkehahn@gmail.com>
(cherry picked from commit 251b0c958f)
This allows using upsdrvctl interactively, which otherwise tries to use
a missing ups.conf in the Nix store, instead of the correct
/etc/nut/ups.conf.
(cherry picked from commit 1cb392fdcd)
Since `connectionStringFile` reads the file and puts it into the
invocation of the exporter, it's part of the cmdline and thus
effectively world-readable.
Added a new `connectionEnvFile` which is supposed to be an environment
file of the form
PGBOUNCER_EXPORTER_CONNECTION_STRING=...
that will be added to the systemd service. The exporter will read the
connection string from that value.
(cherry picked from commit 862ecd674f)
* Syncthing: implemented folder type
* Syncthing: fix syntax (via @johnhamelink )
This commit should be rebased/squashed into the previous one if ofborg cleares it!
Co-authored-by: John Hamelink <me@johnhame.link>
---------
Co-authored-by: John Hamelink <me@johnhame.link>
(cherry picked from commit ed1b6699c0)
We need ping to be in PATH of the service otherwise it can't ping. This commit
adds it, conditional on one of the inputs being a ping task.
(cherry picked from commit 934a337a13)
Implementation is now compatible with the option's .type already defined.
This allows us to pass `config.users.users.<user>.hashedPassword` even if this is null (the default).
Before:
true => access
false => no access
hash => access via password
null => eval error
After:
true => access
false => no access
hash => access via password
null => no access
(cherry picked from commit b33bf6b99a)
Importing PATH into the systemd environment is done by default in
Hyprland v0.41.2+ (https://github.com/hyprwm/Hyprland/pull/6640)
We soft deprecate this option here for versions >= 0.41.2.
(cherry picked from commit ff0738b736)
Set PATH order correctly for systemd user services (see NixOS/nixpkgs#320734
Signed-off-by: Reputable2722 <153411261+Reputable2772@users.noreply.github.com>
(cherry picked from commit dc423d5c69)
