Previously, the location logic was hardcoded, supporting only
Nixpkgs and NixOps properly, leaving other uses of the module
system without good location support.
On one of the two machines I have running openldap, openldap failed to start due to a "timeout". Increasing the allowed startup delay didn't help.
I noticed the following in logs:
```
openldap.service: Got notification message from PID 5224, but reception only permitted for main PID 5223
```
It turns out that on this machine at least, openldap apparently sends the notification from a non-main process, which means that we need this NotifyAccess setting for systemd to record that it successfully started. Without it, after 30 seconds systemd kills the process because it didn't receive the sd_notify call.
Somehow the other machine I have on nixos running ldap works fine even without this, but I could not figure out what changes the behavior.
Given that AFAIU NotifyAccess still restricts to "from the cgroup of the service", I think this change should be safe.
A simpler implementation of 7d8b303e3f
that uses an assertion instead of a derivation.
`pathHasContext` seems a bit better than `hasPrefix storeDir` because it
avoids a string comparison, and catches nonsense like
`"foo${pkgs.hello}bar"`.
Apparently since systemd v250 a `ListenStream` in an override file won't
override the unit, but will be appended to a list of socket addresses.
The socket unit fails if two or more addresses have the same port,
probably because two systemd processes try to listen to it at once.
The solution is to add an empty `ListenStream=` to reset all previous
definitions.
Fix#175478.
`nixos/modules/installer/kexec/kexec-boot.nix` doesn't contain any
custom NixOS config, other than importing `netboot-minimal.nix` (which
imports `netboot-base.nix`, which imports `netboot.nix`.
`netboot.nix` really is just describing a self-contained system config,
running entirely off kernel and initrd, so we might as well move the
kexec script generation there as well.
`netboot.nix` already contains some `system.build` attributes.
Provide a `system.build.kexecTree` attribute (and `kexecScript` for
composability).
It is already installed by xdg.icons.enable.
Let’s also enable that option explicitly to prevent users from accidentally
disabling it since GNOME will be severely broken without it.
It is already installed by xdg.mime.enable.
Let’s also enable that option explicitly to prevent users from accidentally
disabling it since GNOME will be severely broken without it.
