Originally, we switched to bsdtar from libarchive to solve a reproducibility issue related to hardlinks
As of gnu cpio 2.14 the --ignore-dirnlink option is introduced and now included in --reproducible, which solves this issue
By switching back, we are in turn solving an issue in libarchive >=3.7.5 erroring out with "Error reading archive -: (null)"
Change-Id: Ib6140d599b6547d8e941b0251ce996e303c41fa6
(cherry picked from commit 0f216e2578)
Factor out part of the provisioning script into a
wait-until-service-is-ready script, and put it unconditionally in
front of ExecStartPost=, so that services that depend on influxdb2 are
not started until influxdb2 responds to requests.
Fixes https://github.com/NixOS/nixpkgs/issues/317017 ("Scrutiny tries to start before influxdb has started")
(cherry picked from commit 732d36522f)
It is currently tied to `services.avahi.enable` which might not be
desirable.
With this change it is possible to disable the service with
`services.printing.browsed.enable = false`
(cherry picked from commit 981a63b005)
It is surprising that software which was installed by the user at AMI
generation time isn't available to a script run over user data by
default.
When authoring user data to execute at startup, users will now have
more predictable access to baked-in software instead of an extremely
bare-minimum set currently there.
(cherry picked from commit 76b614be39)
Follow up to #342584.
Similarly to that PR, it is surprising that software which was installed by the user isn't available to a script run over ssm by default.
When executing commands with ssm, users will now have more predictable access to baked-in software instead of an extremely bare-minimum set currently there.
(cherry picked from commit 7547a1f5f8)
smartctl_exporter already runs with SupplementaryGroups "disk", which
gives full access to SATA drives, but NVMe devices are owned by
root:root, resulting in no access:
[...] msg="Smartctl open device: /dev/nvme0 failed: Permission denied"
This patch introduces a "smartctl-exporter-access" supplementary
group, and an udev rule with setfacl to give the exporter access to NVMe
drives, without changing the base root:root ownership.
Fixes https://github.com/NixOS/nixpkgs/issues/210041
(cherry picked from commit 86a6ef5f15)
Avoid running Python scripts in the root of the package, as this
triggers `os.listdir` on the Nix store directory during import. This
operation can be time-consuming on large store directories
(see issue #283795 for more details).
The issue was initially fixed in #284153 but was reverted in #306339.
Co-authored-by: Sönke Hahn <soenkehahn@gmail.com>
(cherry picked from commit 251b0c958f)
This allows using upsdrvctl interactively, which otherwise tries to use
a missing ups.conf in the Nix store, instead of the correct
/etc/nut/ups.conf.
(cherry picked from commit 1cb392fdcd)
Since `connectionStringFile` reads the file and puts it into the
invocation of the exporter, it's part of the cmdline and thus
effectively world-readable.
Added a new `connectionEnvFile` which is supposed to be an environment
file of the form
PGBOUNCER_EXPORTER_CONNECTION_STRING=...
that will be added to the systemd service. The exporter will read the
connection string from that value.
(cherry picked from commit 862ecd674f)
* Syncthing: implemented folder type
* Syncthing: fix syntax (via @johnhamelink )
This commit should be rebased/squashed into the previous one if ofborg cleares it!
Co-authored-by: John Hamelink <me@johnhame.link>
---------
Co-authored-by: John Hamelink <me@johnhame.link>
(cherry picked from commit ed1b6699c0)
We need ping to be in PATH of the service otherwise it can't ping. This commit
adds it, conditional on one of the inputs being a ping task.
(cherry picked from commit 934a337a13)
