From bd8eeec9c0e8993c82ad8441867a5ea3fd0a87df Mon Sep 17 00:00:00 2001 From: Artturin Date: Thu, 22 Jul 2021 07:39:18 +0300 Subject: [PATCH] {uptimed,nixos/uptimed}: switch to /var/lib/ and fix perms --- .../manual/from_md/release-notes/rl-2111.section.xml | 8 ++++++++ nixos/doc/manual/release-notes/rl-2111.section.md | 2 ++ nixos/modules/services/system/uptimed.nix | 10 +++++++--- pkgs/tools/system/uptimed/default.nix | 5 +++++ 4 files changed, 22 insertions(+), 3 deletions(-) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index de2cd7bef6d6..edc6b5c50d05 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -596,6 +596,14 @@ + + + services.uptimed now uses + /var/lib/uptimed as its stateDirectory + instead of /var/spool/uptimed. Make sure to + move all files to the new directory. + +
diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 1ce78a4d7745..d49d6af26a5e 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -151,6 +151,8 @@ pt-services.clipcat.enable). - `CoenraadS.bracket-pair-colorizer` -> `coenraads.bracket-pair-colorizer` - `golang.Go` -> `golang.go` +- `services.uptimed` now uses `/var/lib/uptimed` as its stateDirectory instead of `/var/spool/uptimed`. Make sure to move all files to the new directory. + ## Other Notable Changes {#sec-release-21.11-notable-changes} - The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets. diff --git a/nixos/modules/services/system/uptimed.nix b/nixos/modules/services/system/uptimed.nix index 1e256c51408e..67a03876e19f 100644 --- a/nixos/modules/services/system/uptimed.nix +++ b/nixos/modules/services/system/uptimed.nix @@ -4,7 +4,7 @@ with lib; let cfg = config.services.uptimed; - stateDir = "/var/spool/uptimed"; + stateDir = "/var/lib/uptimed"; in { options = { @@ -21,12 +21,16 @@ in }; config = mkIf cfg.enable { + + environment.systemPackages = [ pkgs.uptimed ]; + users.users.uptimed = { description = "Uptimed daemon user"; home = stateDir; - createHome = true; uid = config.ids.uids.uptimed; + group = "uptimed"; }; + users.groups.uptimed = {}; systemd.services.uptimed = { unitConfig.Documentation = "man:uptimed(8) man:uprecords(1)"; @@ -41,7 +45,7 @@ in PrivateTmp = "yes"; PrivateNetwork = "yes"; NoNewPrivileges = "yes"; - ReadWriteDirectories = stateDir; + StateDirectory = [ "uptimed" ]; InaccessibleDirectories = "/home"; ExecStart = "${pkgs.uptimed}/sbin/uptimed -f -p ${stateDir}/pid"; }; diff --git a/pkgs/tools/system/uptimed/default.nix b/pkgs/tools/system/uptimed/default.nix index 5d0d49f198e1..ac991436f53e 100644 --- a/pkgs/tools/system/uptimed/default.nix +++ b/pkgs/tools/system/uptimed/default.nix @@ -14,6 +14,11 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook ]; patches = [ ./no-var-spool-install.patch ]; + postPatch = '' + substituteInPlace libuptimed/urec.h \ + --replace /var/spool /var/lib + ''; + meta = with lib; { description = "Uptime record daemon"; longDescription = ''