| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
Prometheus service
|
| | |
|
| |
| |
| |
| |
| | |
This is based on @benleys work: https://github.com/NixOS/nixpkgs/pull/8216
I updated changed the user and group ids.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a follow-up to 9c1cdedcba2fd5233c71f0988d2eb725cc8f32ad and
fed3501b0722e187284f9f6e1532f5b6e0572d6e.
Discussion:
https://github.com/NixOS/nixpkgs/issues/18209#issuecomment-245968857
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @domenkozar
Issue: #18209
|
| |
| |
| |
| | |
Tested that it detects network changes quickly.
|
| |
| |
| |
| |
| |
| |
| |
| | |
See #18319 for details. Starting network-online.target manually does not
work as it hangs indefinitely.
Additionally, don't treat avahi and dhcpcd special and sync their systemd units
with the respective upstream suggestion.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
ympd provides a web ui, it is suitable to be run as a service.
Fixes #17878.
service has no requirements b/c user might be using remote mpd
instance.
|
| |
| |
| |
| |
| | |
Systemd upstream provides targets for networking. This also includes a target network-online.target.
In this PR I remove / replace most occurrences since some of them were even wrong and could delay startup.
|
| | |
|
| |
| |
| |
| |
| |
| | |
See migration changelogs at
- 7.0 -> 8.0: https://tomcat.apache.org/migration-8.html
- 8.0 -> 8.5: https://tomcat.apache.org/migration-85.html
|
| | |
|
| |
| |
| |
| | |
(systemd kills process)
|
| | |
|
| |
| |
| |
| | |
remove after upstream gets fixed
|
| |
| |
| |
| |
| | |
Radicale can run as a foreground service and will then emits logging and
errors on the standard output. This helps the logging end up in the
systemd journal.
|
|\ \
| | |
| | | |
emacs module: Fix to get properly themed GTK apps
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This partially reverts commit ab9537ca22ce3fd4efc1795c58105504022d0c48.
From the manpage of systemd-nspawn(1):
Note that systemd-nspawn will mount file systems private to the
container to /dev, /run and similar.
Testing this in a shell turns out:
$ sudo systemd-nspawn --bind-ro=/nix/store "$(readlink "$(which ls)")" /proc
Spawning container aszlig on /home/aszlig.
Press ^] three times within 1s to kill container.
/etc/localtime does not point into /usr/share/zoneinfo/, not updating
container timezone.
1 execdomains kpageflags stat
acpi fb loadavg swaps
asound filesystems locks sys
buddyinfo fs meminfo sysrq-trigger
bus interrupts misc sysvipc
cgroups iomem modules thread-self
cmdline ioports mounts timer_list
config.gz irq mtrr timer_stats
consoles kallsyms net tty
cpuinfo kcore pagetypeinfo uptime
crypto key-users partitions version
devices keys scsi vmallocinfo
diskstats kmsg self vmstat
dma kpagecgroup slabinfo zoneinfo
driver kpagecount softirqs
Container aszlig exited successfully.
So the test on whether PID 1 exists in /proc is enough, because if we
use PID namespaces there actually _is_ a PID 1 (as shown above) and the
special file systems are already mounted. A test on the $containers
variable actually mounts them twice.
This unbreaks NixOS containers and I've tested this against the
containers-imperative NixOS test.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @rickynils, @shlevy, @edolstra
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Follow-up to the following commits:
abdc5961c3cdf9f5893ea1e91ba08ff5089f53a4: Fix starting the firewall
e090701e2d09aec3e8866ab9a8e53c37973ffeb4: Order before sysinit
Solely use sysinit.target here instead of multi-user.target because we
want to make sure that the iptables rules are applied *before* any
socket units are started.
The reason I've dropped the wantedBy on multi-user.target is that
sysinit.target is already a part of the dependency chain of
multi-user.target.
To make sure that this holds true, I've added a small test case to
ensure that during switch of the configuration the firewall.service is
considered as well.
Tested using the firewall NixOS test.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
|
| | |
| | |
| | |
| | | |
Suggested by @aszlig.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Probably as a result of 992c514a20cf2da897db68169d7dcab721e8c7b7, it
was not being started anymore.
My understanding of systemd.special(7) (section "Special passive
system units") is that the firewall should want network-pre.target,
rather than the other way around (not very intuitive...). This in
itself does not cause the firewall to be wanted, which is why the
wanted-by relationship with multi-user.target is necessary.
http://hydra.nixos.org/build/39965589
|
| | |
| | |
| | |
| | | |
http://hydra.nixos.org/build/40038016
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
These domains are not actually default but examples. See
https://github.com/lathiat/avahi/blob/master/avahi-daemon/avahi-daemon.conf#L24
for default config.
|
|\ \ \
| | | |
| | | |
| | | | |
https://github.com/rickynils/nixpkgs
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This way, stage-2 behaves correctly also for libvirt-lxc containers.
Some more discussion on this:
https://github.com/NixOS/nixpkgs/commit/a7a08188bf650ababa36300a9a6f34169e2a73bf
https://github.com/NixOS/nixpkgs/commit/bfe46a653ba2f8ff9902128f485cbd87c49cbca7
|
|\ \ \ \
| | | | |
| | | | | |
Make /var/empty immutable (with chattr +i)
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes #14910 and #18358
Deployed to an existing server, restarted sshd and polkit to verify
they don't fail.
|
| |/ / /
|/| | |
| | | |
| | | | |
fixes #17702.
|
| | | |
| | | |
| | | |
| | | | |
Closes #18377.
|
|\ \ \ \
| | | | |
| | | | | |
security.acme: require networking for client, remove loop without fallbackHost
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Actually this can be improved since the client only needs network
connectivity if it needs to renew the certificate.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
input-methods modules: fix engine description
|
| | | | | | |
|
| |_|/ / /
|/| | | |
| | | | |
| | | | | |
Fixes #14701.
|