After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.
Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.
A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.
This commit was automatically created and can be verified using
nix-build a08b3a4d19.tar.gz \
--argstr baseRev b32a094368
result/bin/apply-formatting $NIXPKGS_PATH
I chose to not constrain them to the supported values to be more flexible in supporting any
newly added values. But maybe it makes sense to constrain them, I'm not completely sure.
Ran into this because Prometheus 3.0 was introduced last week and my config broke,
since rtl_433 doesn't set the headers / content-type correctly.
Related-to: https://github.com/NixOS/nixpkgs/pull/358862
Related-to: https://github.com/prometheus/prometheus/pull/15136
dnsmasq dhcp-leasefile defaults to /var/lib/dnsmasq/dnsmasq.leases, so
use that as the default for the exporter too. Curiously, the example was
using the working path, so this patch simply swaps "example" and
"default" values.
This commit ensures that exactly one of either the `repository` or
`repositoryFile` option is set. Specifying a repository is required, but
only *one* of the two options will be used, so instead of arguing about
a precedence that will only cause confusion, it makes more sense to make
them mutually exclusive.
This commit makes it possible to keep the backup repository for restic
secret by using a file outside the nix store. The restic module has an
equivalent option `services.restic.backups.<name>.repositoryFile`, which
is rendered pointless when using the cleartext `repository` option for
this exporter.
smartctl_exporter already runs with SupplementaryGroups "disk", which
gives full access to SATA drives, but NVMe devices are owned by
root:root, resulting in no access:
[...] msg="Smartctl open device: /dev/nvme0 failed: Permission denied"
This patch introduces a "smartctl-exporter-access" supplementary
group, and an udev rule with setfacl to give the exporter access to NVMe
drives, without changing the base root:root ownership.
Fixes https://github.com/NixOS/nixpkgs/issues/210041
Since `connectionStringFile` reads the file and puts it into the
invocation of the exporter, it's part of the cmdline and thus
effectively world-readable.
Added a new `connectionEnvFile` which is supposed to be an environment
file of the form
PGBOUNCER_EXPORTER_CONNECTION_STRING=...
that will be added to the systemd service. The exporter will read the
connection string from that value.
2.3.0 is the final release, the repo is now archived.
Also I don't use it anymore for quite a while, so it didn't have a real
nixpkgs maintainer either.
Closes#338712
Systemd units with `PrivateUsers` set get their capabilities within the user namespace only [1].
As a result they do cannot bind to privileged ports even though they *appear* like they should be able to.
The units in this commit [2] set `PrivateUsers` unconditionally so binding to privileged ports is currently impossible.
Granting them CAP_NET_BIND_SERVICE is useless and misleading any reader of those modules.
Technically, this commit also hardens these modules ever so slightly.
(There are corner cases where this could make sense (e.g. across units, using `JoinsNamspaceOf`) but this is arcane enough to not to be present in nixpkgs.)
[1]: systemd.exec(5): PrivateUsers
[2]: found using `rg -e 'PrivateUsers.?=\s+[^f][^a]' -l | xargs rg -e '\bCAP_' -l`
PgBouncer instance running on localhost may not be the on being
monitored in connectionString. Remove checks that forbid valid
configuration from being used and instead document requirements for
PgBouncer configuration when used with the exporter.
Prometheus snmp-exporter has support to pass sensitive data as environment
variables. Since other exporter configurations for NixOS have
environmentFile option, the same option is added to snmp-exporter.
