The new `\restrict` migitation creates random keys in the dump file by
default, which breaks a before/after test for the backup module. By
making the restrict key reproducible, the test passes again.
(cherry picked from commit 87e1134406)
While we're not (fully) supporting the related features, yet, we already
prevent accidental storage of secrets in the store. This will also avoid
breaking changes in the future, when those features are properly
supported.
in the restic rest-server, you can set the file to use in place of
$datadir/.htpasswd with the --htpasswd-file option. However, this was
unusable from the module with extraConfig, due to systemd hardening.
Adding a dedicated option fixes this.
The syncoid module generates systemd services with a `startAt` config
based on its `interval` value. However, it is currently not possible
to completely disable this timer, or set multiple `startAt` values.
By accepting the same types that `systemd.services.<name>.startAt`
accepts, we can disable generating a timer unit or set multiple
`startAt` timers.
Format all Nix files using the officially approved formatter,
making the CI check introduced in the previous commit succeed:
nix-build ci -A fmt.check
This is the next step of the of the [implementation](https://github.com/NixOS/nixfmt/issues/153)
of the accepted [RFC 166](https://github.com/NixOS/rfcs/pull/166).
This commit will lead to merge conflicts for a number of PRs,
up to an estimated ~1100 (~33%) among the PRs with activity in the past 2
months, but that should be lower than what it would be without the previous
[partial treewide format](https://github.com/NixOS/nixpkgs/pull/322537).
Merge conflicts caused by this commit can now automatically be resolved while rebasing using the
[auto-rebase script](8616af08d9/maintainers/scripts/auto-rebase).
If you run into any problems regarding any of this, please reach out to the
[formatting team](https://nixos.org/community/teams/formatting/) by
pinging @NixOS/nix-formatting.
Instead of assuming the restic executable is at `bin/restic`, use
`lib.getExe` on the restic package. The main motivation for this is
using a security wrapper that has a different name such as
`bin/restic-wrapper`.
NOTE: In rare cases this could be a breaking change. For example if you
are using a wrapper whose executable is at `bin/restic`,
`meta.mainProgram` is not set, _and_ your package name is something
other than `restic`.
See the [discource discussion](https://discourse.nixos.org/t/using-restic-service-with-the-security-wrapper/34547/5) for more details/discussion.
