{uptimed,nixos/uptimed}: switch to /var/lib/ and fix perms

2024-11-13 09:17:07 +03:00 · 2021-07-22 07:39:18 +03:00 · 2021-07-22 07:39:18 +03:00 · bd8eeec9c0
commit bd8eeec9c0
parent ecc968543c
4 changed files with 22 additions and 3 deletions
--- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
@ -596,6 +596,14 @@
          </listitem>
        </itemizedlist>
      </listitem>
+      <listitem>
+        <para>
+          <literal>services.uptimed</literal> now uses
+          <literal>/var/lib/uptimed</literal> as its stateDirectory
+          instead of <literal>/var/spool/uptimed</literal>. Make sure to
+          move all files to the new directory.
+        </para>
+      </listitem>
    </itemizedlist>
  </section>
  <section xml:id="sec-release-21.11-notable-changes">
--- a/nixos/doc/manual/release-notes/rl-2111.section.md
+++ b/nixos/doc/manual/release-notes/rl-2111.section.md
@ -151,6 +151,8 @@ pt-services.clipcat.enable).
  - `CoenraadS.bracket-pair-colorizer` -> `coenraads.bracket-pair-colorizer`
  - `golang.Go` -> `golang.go`

+- `services.uptimed` now uses `/var/lib/uptimed` as its stateDirectory instead of `/var/spool/uptimed`. Make sure to move all files to the new directory.
+
 ## Other Notable Changes {#sec-release-21.11-notable-changes}

 - The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.
--- a/nixos/modules/services/system/uptimed.nix
+++ b/nixos/modules/services/system/uptimed.nix
@ -4,7 +4,7 @@ with lib;

 let
  cfg = config.services.uptimed;
-  stateDir = "/var/spool/uptimed";
+  stateDir = "/var/lib/uptimed";
 in
 {
  options = {
@ -21,12 +21,16 @@ in
  };

  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ pkgs.uptimed ];
+
    users.users.uptimed = {
      description = "Uptimed daemon user";
      home        = stateDir;
-      createHome  = true;
      uid         = config.ids.uids.uptimed;
+      group       = "uptimed";
    };
+    users.groups.uptimed = {};

    systemd.services.uptimed = {
      unitConfig.Documentation = "man:uptimed(8) man:uprecords(1)";
@ -41,7 +45,7 @@ in
        PrivateTmp              = "yes";
        PrivateNetwork          = "yes";
        NoNewPrivileges         = "yes";
-        ReadWriteDirectories    = stateDir;
+        StateDirectory          = [ "uptimed" ];
        InaccessibleDirectories = "/home";
        ExecStart               = "${pkgs.uptimed}/sbin/uptimed -f -p ${stateDir}/pid";
      };
--- a/pkgs/tools/system/uptimed/default.nix
+++ b/pkgs/tools/system/uptimed/default.nix
@ -14,6 +14,11 @@ stdenv.mkDerivation rec {
  nativeBuildInputs = [ autoreconfHook ];
  patches = [ ./no-var-spool-install.patch ];

+  postPatch = ''
+    substituteInPlace libuptimed/urec.h \
+      --replace /var/spool /var/lib
+  '';
+
  meta = with lib; {
    description = "Uptime record daemon";
    longDescription = ''