Removed the 'wait for GCE metadata service' job, as it was causing
issues with the metadata service (likely some firewall or something).
In stead, use wget with retries (including connection refused) in
stead or curl for fetching the SSH keys. Also made the stdout/-err
of this job appear in the console.
/tmp cleaning is done by systemd rather than stage-2-init
enableEmergencyMode moved from systemd to seperate module
new option to mount tmp on tmpfs
new option to enable additional units shipped with systemd
This version of module has disabled socketActivation, because until
nixos upgrade systemd to at least 214, systemd does not support
SocketGroup. So socket is created with "root" group when
socketActivation enabled. Should be fixed as soon as systemd upgraded.
Includes changes from #3015 and supersedes #3028
It's more standard than $OPENSSL_X509_CERT_FILE (which I guess was a
totally unnecessary patch to OpenSSL). Since curl respects
$SSL_CERT_FILE, it's no longer needed to set $CURL_CA_BUNDLE. Git
unfortunately doesn't.
All activation scripts run in serial upon boot and nixos-rebuild switch
etc., in contrast to preStart which run before a service starts, and can
run in parallel with other services.
The munin(-node) activation script is particularly slow. Change it to a
preStart script so that it can run in parallel with other services and
not slow down boot (or nixos-rebuild switch).
This reduces (repeated) "nixos-rebuild test" time from ~16 seconds to ~8
on my (old) laptop.
We now track copied files in /etc/.clean. This is important, because
otherwise files that are removed from environment.etc will not
actually be removed from the file system. In particular, changing
users.extraUsers.<user>.openssh.authorizedKeys.keys to an empty list
would not cause /etc/ssh/authorized_keys.d/<user> to be removed, which
was a security issue.
It only needs to be started during boot. Starting it at other times
shouldn't hurt, except that if systemd-journald is restarting at the
same time, the latter might not have a SIGUSR1 signal handler
installed yet, so it might be killed by systemd-journal-flush. (At
least that's my theory about the dead systemd-journald instances in
the build farm...)
Commit 89fee1006c ("nixos/redis: clean up
option types") broke nixos evaluation:
error: attempt to call something which is not a function but a set, at .../nixpkgs/nixos/modules/services/databases/redis.nix:111:28
Fix it.
Reported by Oliver Charles (thanks!).
Apart from s/types.string/types.str/ (or types.lines where appropriate):
* port is changed from string to int.
* extraFlags is changed from types.string (with unfortunate merge
semantics) into a list of strings. A list of strings merge better:
one space is added between elements.
It's only needed during early boot (in fact, it's probably not needed
at all on NixOS). Restarting it is expensive because it does a sync()
of the root file system.