Previously some modules used `config.environment.etc."ssl/certs/ca-certificates.crt".source`, some used `"/etc/ssl/certs/ca-certificates.crt"`, and some used `"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"`. These were all bad in one way or another:
- `config.environment.etc."ssl/certs/ca-certificates.crt".source` relies on `source` being set; if `text` is set instead this breaks, introducing a weird undocumented requirement
- `"/etc/ssl/certs/ca-certificates.crt"` is probably okay but very un-nix. It's a magic string, and the path doesn't change when the file changes (and so you can't trigger service reloads, for example, when the contents change in a new system activation)
- `"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"` silently doesn't include the options from `security.pki`
Co-authored-by: Shelvacu <git@shelvacu.com>
Add an usbmon.enable option (default false) for setting permissions for
capturing USB traffic.
Add a dumpcap.enable option (default true) for setting permissions for
capturing network traffic.
fixes#375657
This 711-line file was expanded into 817-line file by nixfmt.
Readability was hurt as now I can’t see as much in my editor at a time;
this directly makes editing & reviewing slower as reading is harder. I
am upset about this change.
`nextcloud-notify_push.service` requires
`nextcloud-notify_push-setup.service`. If the latter fails (e.g. because
of Nextcloud not being there yet), the push service would also fail with
result 'dependency'.
RestartMode=direct doesn't put a unit into failed state IF it's about to
be restarted again. That way, `nextcloud-notify_push` will await several
restart attempts. Only if the unit fails due to a rate-limit (i.e. too
many restarts), the push service will also fail.
If the startup is still too slow, it may make sense for administrators to
configure higher intervals between the start attempts with RestartSec.
