The sshKey options do not need to be a valid path at build time. Using
string instead allow use case when the path is not known at build time
such as when using systemd credentials (e.g. `sshKey =
"\${CREDENTIALS_DIRECTORY}/zfs-replication_ed25519";`).
As described in the release lifecycle docs from postgresql[1], v11 will
stop receiving fixes as of Nov 9 2023. This means it's EOL throughout
the entire lifetime of 23.11, so let's drop it now.
A lot of examples are also referencing postgresql_11. Where it's
sensible, use postgresql_15 as example now to avoid confusion.
This is also handy because the LLVM 16 fix for postgresql is not
available for postgresql 11 ;-)
[1] https://www.postgresql.org/support/versioning/
Also, add a test to verify that it works.
This change also removes the part of custom package test that verifies
that the correct paths are provided. This is already tested by restore
tests.
Before this change, setting both paths and dynamicFileFrom would cause
paths to be silently ignored. Making that actually apply the obvious
interpretation seems to me to be strictly better than prohibiting the
two from being set at the same time.
The module falsely disabled postgresql completely when the bacula-sd was not enabled.
Quotation marks are not necessary and only useful in `name` fields.
To reduce the danger of accidentally exposing sensitive files processed
by a restic backup to other services/users, enable the `PrivateTmp=`
feature of restic service units, which provides a per service isolation
of `/tmp` and `/var/tmp`.
Co-authored-by: Daniel Nagy <danielnagy@posteo.de>
The restic repository cache location defaults to ~/.cache/restic when
not overwritten either by the --cache-dir command line parameter or the
universal RESTIC_CACHE_DIR environment variable.
Currently, the --cache-dir variable is set to only some restic commands,
but, e.g., not to the unit's preStart command for the module's
initialize option. This results in two distinct cache locations, one at
~/.cache/restic for the initialize commands and one at the configured
--cache-dir location for the restic backup command.
By explicitly setting RESTIC_CACHE_DIR for the unit, only one cache at
the correct location will be used.
https://restic.readthedocs.io/en/v0.15.1/manual_rest.html#caching
this converts meta.doc into an md pointer, not an xml pointer. since we
no longer need xml for manual chapters we can also remove support for
manual chapters from md-to-db.sh
since pandoc converts smart quotes to docbook quote elements and our
nixos-render-docs does not we lose this distinction in the rendered
output. that's probably not that bad, our stylesheet didn't make use of
this anyway (and pre-23.05 versions of the chapters didn't use quote
elements either).
also updates the nixpkgs manual to clarify that option docs support all
extensions (although it doesn't support headings at all, so heading
anchors don't work by extension).
This provides an easy way to specify exclude patterns in config. It was
already possible via extraBackupOptions; this change creates a simpler,
similar to other backup services, way to specify them.
