The matrix-synapse user has `createHome = true;` which runs before the
`preStart` script, so the home directory will always exist and the block
will never execute.
Also don't include default path to keys in the configuration file,
because synapse will choke if it tries to open them before they
exist (even with `--generate-keys`).
(cherry picked from commit 08d7fbb42d)
This had already been fixed in f52f9bf7cd,
but the problem was reintroduced in
bce59a1a8b because the path to the XML
files changed.
(cherry picked from commit af01fa71e0)
This commit includes two changes:
1. A new `extraConfig` option to allow administrators to set any
vsftpd configuration option that isn't directly supported by this
derivation.
2. Correctly set the `anon_root` vsftpd option to `anonymousUserHome`
(cherry picked from commit d19967bf48)
It was already ordered after systemd-udev-settle.service, but that
doesn't do anything if no other units require
systemd-udev-settle.service. This was causing random failures during X
server startup, e.g.
machine# [ 12.691372] display-manager[607]: (EE) open /dev/dri/card0: No such file or directory
http://hydra.nixos.org/build/41062823
(cherry picked from commit e6bcff4d53)
If the display managers crashes continuously in loops it prevents the
user from switching to the console and try to fix things. Especially
when using the "auto" display manager it can happen quite easily.
This makes sure that if the system was powered off when the timer was
supposed to trigger, it will run the next time the system boots up.
(cherry picked from commit 1623476904)
Reason: Unobtrusive patch that may fix broken/outdated TLS
certificates, depending on your powered-on/powered-off patterns.
This fixes two bugs:
* When socket activation is detected, the service itself is added to stop-start list instead of its sockets.
* When service is marked to restart instead of stop (`StopIfChanged = no`) we don't need to restart sockets.
(cherry picked from commit d37458ad06)
This is a standard environment that doesn't contain a C/C++
compiler. This is mostly to prevent trivial builders like runCommand
and substituteAll from pulling in gcc for simple configuration changes
on NixOS.
(cherry picked from commit 0cb16a6955)
The following changes are included:
1) install user unit files from upstream dbus
2) use absolute paths to config for --system and --session instances
3) make socket activation of user units configurable
There has been a number of PRs to address this, so this one does the
bare minimum, which is to make the functionality available and
configurable but defaults to off.
Related PRs:
- #18382
- #18222
Since some changes to the setuid wrappers, there is a symlink involved
and it doesn't resolve correctly inside the chroot. Do the check inside
the chroot to make it work again.
(cherry picked from commit a34ec1517f)
Probably as a result of 992c514a20, it
was not being started anymore.
My understanding of systemd.special(7) (section "Special passive
system units") is that the firewall should want network-pre.target,
rather than the other way around (not very intuitive...). This in
itself does not cause the firewall to be wanted, which is why the
wanted-by relationship with multi-user.target is necessary.
http://hydra.nixos.org/build/39965589
(cherry picked from commit abdc5961c3)
We were pulling in 44 MiB of fonts in the default configuration, which
is a bit excessive for headless configurations like EC2
instances. Note that dejavu_minimal ensures that remote X11-forwarded
applications still have a basic font regardless.
(cherry picked from commit 5b5c2fb9c0)
