cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

{uptimed,nixos/uptimed}: switch to /var/lib/ and fix perms

Browse source
This commit is contained in:
Artturin 2021-07-22 07:39:18 +03:00
parent ecc968543c
commit bd8eeec9c0
4 changed files with 22 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
View file

@ -596,6 +596,14 @@
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</listitem> </listitem>
<listitem>
<para>
<literal>services.uptimed</literal> now uses
<literal>/var/lib/uptimed</literal> as its stateDirectory
instead of <literal>/var/spool/uptimed</literal>. Make sure to
move all files to the new directory.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
<section xml:id="sec-release-21.11-notable-changes"> <section xml:id="sec-release-21.11-notable-changes">

2
nixos/doc/manual/release-notes/rl-2111.section.md
View file

@ -151,6 +151,8 @@ pt-services.clipcat.enable).
- `CoenraadS.bracket-pair-colorizer` -> `coenraads.bracket-pair-colorizer` - `CoenraadS.bracket-pair-colorizer` -> `coenraads.bracket-pair-colorizer`
- `golang.Go` -> `golang.go` - `golang.Go` -> `golang.go`
- `services.uptimed` now uses `/var/lib/uptimed` as its stateDirectory instead of `/var/spool/uptimed`. Make sure to move all files to the new directory.
## Other Notable Changes {#sec-release-21.11-notable-changes} ## Other Notable Changes {#sec-release-21.11-notable-changes}
- The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets. - The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.

10
nixos/modules/services/system/uptimed.nix
View file

@ -4,7 +4,7 @@ with lib;
let let
cfg = config.services.uptimed; cfg = config.services.uptimed;
stateDir = "/var/spool/uptimed"; stateDir = "/var/lib/uptimed";
in in
{ {
options = { options = {
@ -21,12 +21,16 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.uptimed ];
users.users.uptimed = { users.users.uptimed = {
description = "Uptimed daemon user"; description = "Uptimed daemon user";
home = stateDir; home = stateDir;
createHome = true;
uid = config.ids.uids.uptimed; uid = config.ids.uids.uptimed;
group = "uptimed";
}; };
users.groups.uptimed = {};
systemd.services.uptimed = { systemd.services.uptimed = {
unitConfig.Documentation = "man:uptimed(8) man:uprecords(1)"; unitConfig.Documentation = "man:uptimed(8) man:uprecords(1)";
@ -41,7 +45,7 @@ in
PrivateTmp = "yes"; PrivateTmp = "yes";
PrivateNetwork = "yes"; PrivateNetwork = "yes";
NoNewPrivileges = "yes"; NoNewPrivileges = "yes";
ReadWriteDirectories = stateDir; StateDirectory = [ "uptimed" ];
InaccessibleDirectories = "/home"; InaccessibleDirectories = "/home";
ExecStart = "${pkgs.uptimed}/sbin/uptimed -f -p ${stateDir}/pid"; ExecStart = "${pkgs.uptimed}/sbin/uptimed -f -p ${stateDir}/pid";
}; };

5
pkgs/tools/system/uptimed/default.nix
View file

@ -14,6 +14,11 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ autoreconfHook ]; nativeBuildInputs = [ autoreconfHook ];
patches = [ ./no-var-spool-install.patch ]; patches = [ ./no-var-spool-install.patch ];
postPatch = ''
substituteInPlace libuptimed/urec.h \
--replace /var/spool /var/lib
'';
meta = with lib; { meta = with lib; {
description = "Uptime record daemon"; description = "Uptime record daemon";
longDescription = '' longDescription = ''