Services utilising postsrsd need to connect to it via a Unix socket.
While the path to that socket is static as of now, the discoverability
of that path suffers from the lack of module documentation and a
scattered definition of the individual path components over at least
three lines, even when reading the module source.
By exposing the socket path as a readOnly NixOS option, that value shows
up in the options overview and can be re-used in other parts of NixOS
config.
While we're not (fully) supporting the related features, yet, we already
prevent accidental storage of secrets in the store. This will also avoid
breaking changes in the future, when those features are properly
supported.
When using Merkuro in Plasma 6, the 'Contacts' widget will automatically
be added to the default panel. Unfortunately, it does not work unless
`kdePackages.kcontacts` is also present in the environment. This adds
the dependency if Plasma 6 is also enabled alongside Merkuro.
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
The key change here is, that the match was on the hydra database only
previously, but is now limited to to the hydra role instead. This avoids
conflicts with rules that are created by other modules or downstream
users.
With this change, we can remove the additional "postgres postgres" line,
because the default pg_hba line will kick in again and allow the
postgres user access to the postgres role.
Renaming the map from hydra-users to hydra is for consistency, so that
all modules can define maps matching in name with the role they manage.
The change from ident to peer is just cosmetic, ident is only used for
TCP connections and falls back to peer anyway.
NUT documentation strongly suggests running `upsmon` as a non-root user
with very limited permissions. This includes only read access to
`upsmon.conf`.
Previously the `RUN_AS_USER` setting could be overwritten with
`mkForce`, but this left the system with technically incorrect
permissions on `upsmon.conf` that would prevent reloading. This patch
provides a way to change the user that `upsmon` runs as while
maintaining correct permissions on `upsmon.conf`.
Fixes#318582
I'm a little annoyed at myself that I only realized this _after_ #392030
got merged. But I realized that if something else is using AF_VSOCK or
you simply have another interactive test running (e.g. by another user
on a larger builder), starting up VMs in the driver fails with
qemu-system-x86_64: -device vhost-vsock-pci,guest-cid=3: vhost-vsock: unable to set guest cid: Address already in use
Multi-user setups are broken anyways because you usually don't have
permissions to remove the VM state from another user and thus starting
the driver fails with
PermissionError: [Errno 13] Permission denied: PosixPath('/tmp/vm-state-machine')
but this is something you can work around at least.
I was considering to generate random offsets, but that's not feasible
given we need to know the numbers at eval time to inject them into the
QEMU args. Also, while we could do this via the test-driver, we should
also probe if the vsock numbers are unused making the code even more
complex for a use-case I consider rather uncommon.
Hence the solution is to do
sshBackdoor.vsockOffset = 23542;
when encountering conflicts.
Without this, Mutter will complain at startup:
.gnome-shell-wr[1013]: Failed to make thread 'KMS thread' high priority scheduled: GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Name "org.freedesktop.RealtimeKit1" does not exist
PipeWire, WirePlumber and xdg-desktop-portal-gnome complain about the missing service too.
