commit 4ea0805f4ea40ac7f1f60b4ae17e8f28d6436e88 · pyrox.dev/nixpkgs

nixos/doc/manual/release-notes/rl-2505.section.md

···

       168
       168
        
         to review the new defaults and description of

     

       169
       169
        
         [](#opt-services.nextcloud.poolSettings).

     

       170
       170
        
       

     

       171
       171
       +
       - The `services.locate` module does no longer support findutil's `locate` due to its inferior performance compared to `mlocate` and `plocate`. The new default is `plocate`.

     

       172
       172
       +
         As the `service.locate.localuser` option only applied when using findutil's `locate`, it has also been removed.

     

       173
       173
       +
       

     

       171
       174
        
       - `kmonad` is now hardened by default using common `systemd` settings.

     

       172
       175
        
         If KMonad is used to execute shell commands, hardening may make some of them fail.  In that case, you can disable hardening using {option}`services.kmonad.keyboards.<name>.enableHardening` option.

     

       173
       176

+23 -59

nixos/modules/misc/locate.nix

···

       9
       9
        
         cfg = config.services.locate;

     

       10
       10
        
         isMLocate = lib.hasPrefix "mlocate" cfg.package.name;

     

       11
       11
        
         isPLocate = lib.hasPrefix "plocate" cfg.package.name;

     

       12
       12
       -
         isMorPLocate = isMLocate || isPLocate;

     

       13
       13
       -
         isFindutils = lib.hasPrefix "findutils" cfg.package.name;

     

       14
       12
        
       in

     

       15
       13
        
       {

     

       16
       14
        
         imports = [

     

       17
       15
        
           (lib.mkRenamedOptionModule [ "services" "locate" "period" ] [ "services" "locate" "interval" ])

     

       18
       16
        
           (lib.mkRenamedOptionModule [ "services" "locate" "locate" ] [ "services" "locate" "package" ])

     

       19
       17
        
           (lib.mkRemovedOptionModule [ "services" "locate" "includeStore" ] "Use services.locate.prunePaths")

     

       18
       18
       +
           (lib.mkRemovedOptionModule [ "services" "locate" "localuser" ]

     

       19
       19
       +
             "The services.locate.localuser option has been removed because support for findutils locate has been removed."

     

       20
       20
       +
           )

     

       20
       21
        
         ];

     

       21
       22
        
       

     

       22
       23
        
         options.services.locate = {

     
···

       29
       30
        
             '';

     

       30
       31
        
           };

     

       31
       32
        
       

     

       32
       32
       -
           package = lib.mkPackageOption pkgs [ "findutils" "locate" ] {

     

       33
       33
       +
           package = lib.mkPackageOption pkgs [ "plocate" ] {

     

       33
       34
        
             example = "mlocate";

     

       34
       35
        
           };

     

       35
       36
        
       

     
···

       65
       66
        
             '';

     

       66
       67
        
           };

     

       67
       68
        
       

     

       68
       68
       -
           localuser = lib.mkOption {

     

       69
       69
       -
             type = lib.types.nullOr lib.types.str;

     

       70
       70
       -
             default = "nobody";

     

       71
       71
       -
             description = ''

     

       72
       72
       -
               The user to search non-network directories as, using

     

       73
       73
       -
               {command}`su`.

     

       74
       74
       -
             '';

     

       75
       75
       -
           };

     

       76
       76
       -
       

     

       77
       69
        
           pruneFS = lib.mkOption {

     

       78
       70
        
             type = lib.types.listOf lib.types.str;

     

       79
       71
        
             default = [

     
···

       180
       172
        
       

     

       181
       173
        
           pruneNames = lib.mkOption {

     

       182
       174
        
             type = lib.types.listOf lib.types.str;

     

       183
       183
       -
             default = lib.optionals (!isFindutils) [

     

       175
       175
       +
             default = [

     

       184
       176
        
               ".bzr"

     

       185
       177
        
               ".cache"

     

       186
       178
        
               ".git"

     
···

       229
       221
        
                 source = "${cfg.package}/bin/plocate";

     

       230
       222
        
               };

     

       231
       223
        
             in

     

       232
       232
       -
             lib.mkIf isMorPLocate {

     

       224
       224
       +
             {

     

       233
       225
        
               locate = lib.mkMerge [

     

       234
       226
        
                 common

     

       235
       227
        
                 mlocate

     
···

       253
       245
        
             '';

     

       254
       246
        
       

     

       255
       247
        
             systemPackages = [ cfg.package ];

     

       256
       256
       -
       

     

       257
       257
       -
             variables = lib.mkIf isFindutils {

     

       258
       258
       -
               LOCATE_PATH = cfg.output;

     

       259
       259
       -
             };

     

       260
       248
        
           };

     

       261
       249
        
       

     

       262
       262
       -
           warnings =

     

       263
       263
       -
             lib.optional (isMorPLocate && cfg.localuser != null)

     

       264
       264
       -
               "mlocate and plocate do not support the services.locate.localuser option. updatedb will run as root. Silence this warning by setting services.locate.localuser = null."

     

       265
       265
       -
             ++ lib.optional (

     

       266
       266
       -
               isFindutils && cfg.pruneNames != [ ]

     

       267
       267
       -
             ) "findutils locate does not support pruning by directory component"

     

       268
       268
       -
             ++ lib.optional (

     

       269
       269
       -
               isFindutils && cfg.pruneBindMounts

     

       270
       270
       -
             ) "findutils locate does not support skipping bind mounts";

     

       271
       271
       -
       

     

       272
       250
        
           systemd.services.update-locatedb = {

     

       273
       251
        
             description = "Update Locate Database";

     

       274
       274
       -
             path = lib.mkIf (!isMorPLocate) [ pkgs.su ];

     

       275
       252
        
       

     

       276
       253
        
             # mlocate's updatedb takes flags via a configuration file or

     

       277
       254
        
             # on the command line, but not by environment variable.

     

       278
       255
        
             script =

     

       279
       279
       -
               if isMorPLocate then

     

       280
       280
       -
                 let

     

       281
       281
       -
                   toFlags =

     

       282
       282
       -
                     x: lib.optional (cfg.${x} != [ ]) "--${lib.toLower x} '${lib.concatStringsSep " " cfg.${x}}'";

     

       283
       283
       -
                   args = lib.concatLists (

     

       284
       284
       -
                     map toFlags [

     

       285
       285
       -
                       "pruneFS"

     

       286
       286
       -
                       "pruneNames"

     

       287
       287
       -
                       "prunePaths"

     

       288
       288
       -
                     ]

     

       289
       289
       -
                   );

     

       290
       290
       -
                 in

     

       291
       291
       -
                 ''

     

       292
       292
       -
                   exec ${cfg.package}/bin/updatedb \

     

       293
       293
       -
                     --output ${toString cfg.output} ${lib.concatStringsSep " " args} \

     

       294
       294
       -
                     --prune-bind-mounts ${if cfg.pruneBindMounts then "yes" else "no"} \

     

       295
       295
       -
                     ${lib.concatStringsSep " " cfg.extraFlags}

     

       296
       296
       -
                 ''

     

       297
       297
       -
               else

     

       298
       298
       -
                 ''

     

       299
       299
       -
                   exec ${cfg.package}/bin/updatedb \

     

       300
       300
       -
                     ${lib.optionalString (cfg.localuser != null && !isMorPLocate) "--localuser=${cfg.localuser}"} \

     

       301
       301
       -
                     --output=${toString cfg.output} ${lib.concatStringsSep " " cfg.extraFlags}

     

       302
       302
       -
                 '';

     

       303
       303
       -
             environment = lib.optionalAttrs (!isMorPLocate) {

     

       304
       304
       -
               PRUNEFS = lib.concatStringsSep " " cfg.pruneFS;

     

       305
       305
       -
               PRUNEPATHS = lib.concatStringsSep " " cfg.prunePaths;

     

       306
       306
       -
               PRUNENAMES = lib.concatStringsSep " " cfg.pruneNames;

     

       307
       307
       -
               PRUNE_BIND_MOUNTS = if cfg.pruneBindMounts then "yes" else "no";

     

       308
       308
       -
             };

     

       256
       256
       +
               let

     

       257
       257
       +
                 toFlags =

     

       258
       258
       +
                   x: lib.optional (cfg.${x} != [ ]) "--${lib.toLower x} '${lib.concatStringsSep " " cfg.${x}}'";

     

       259
       259
       +
                 args = lib.concatLists (

     

       260
       260
       +
                   map toFlags [

     

       261
       261
       +
                     "pruneFS"

     

       262
       262
       +
                     "pruneNames"

     

       263
       263
       +
                     "prunePaths"

     

       264
       264
       +
                   ]

     

       265
       265
       +
                 );

     

       266
       266
       +
               in

     

       267
       267
       +
               ''

     

       268
       268
       +
                 exec ${cfg.package}/bin/updatedb \

     

       269
       269
       +
                   --output ${toString cfg.output} ${lib.concatStringsSep " " args} \

     

       270
       270
       +
                   --prune-bind-mounts ${if cfg.pruneBindMounts then "yes" else "no"} \

     

       271
       271
       +
                   ${lib.concatStringsSep " " cfg.extraFlags}

     

       272
       272
       +
               '';

     

       309
       273
        
             serviceConfig = {

     

       310
       274
        
               CapabilityBoundingSet = "CAP_DAC_READ_SEARCH CAP_CHOWN";

     

       311
       275
        
               Nice = 19;