This avoids restarting the postgresql server, when only ensureDatabases
or ensureUsers have been changed. It will also allow to properly wait
for recovery to finish later.
To wait for "postgresql is ready" in other services, we now provide a
postgresql.target.
Resolves#400018
Co-authored-by: Marcel <me@m4rc3l.de>
While we're not (fully) supporting the related features, yet, we already
prevent accidental storage of secrets in the store. This will also avoid
breaking changes in the future, when those features are properly
supported.
in the restic rest-server, you can set the file to use in place of
$datadir/.htpasswd with the --htpasswd-file option. However, this was
unusable from the module with extraConfig, due to systemd hardening.
Adding a dedicated option fixes this.
The syncoid module generates systemd services with a `startAt` config
based on its `interval` value. However, it is currently not possible
to completely disable this timer, or set multiple `startAt` values.
By accepting the same types that `systemd.services.<name>.startAt`
accepts, we can disable generating a timer unit or set multiple
`startAt` timers.
Format all Nix files using the officially approved formatter,
making the CI check introduced in the previous commit succeed:
nix-build ci -A fmt.check
This is the next step of the of the [implementation](https://github.com/NixOS/nixfmt/issues/153)
of the accepted [RFC 166](https://github.com/NixOS/rfcs/pull/166).
This commit will lead to merge conflicts for a number of PRs,
up to an estimated ~1100 (~33%) among the PRs with activity in the past 2
months, but that should be lower than what it would be without the previous
[partial treewide format](https://github.com/NixOS/nixpkgs/pull/322537).
Merge conflicts caused by this commit can now automatically be resolved while rebasing using the
[auto-rebase script](8616af08d9/maintainers/scripts/auto-rebase).
If you run into any problems regarding any of this, please reach out to the
[formatting team](https://nixos.org/community/teams/formatting/) by
pinging @NixOS/nix-formatting.
Instead of assuming the restic executable is at `bin/restic`, use
`lib.getExe` on the restic package. The main motivation for this is
using a security wrapper that has a different name such as
`bin/restic-wrapper`.
NOTE: In rare cases this could be a breaking change. For example if you
are using a wrapper whose executable is at `bin/restic`,
`meta.mainProgram` is not set, _and_ your package name is something
other than `restic`.
See the [discource discussion](https://discourse.nixos.org/t/using-restic-service-with-the-security-wrapper/34547/5) for more details/discussion.
