Previously each oneshot peer service only ran once and was not
restarted together with the interface unit. Because of this,
defined peers were missing after restarting their corresponding
interface unit.
Co-Authored-By: Franz Pletz <fpletz@fnordicwalking.de>
This enhances #61423, which removed the gating of desktop-managers from
being linked to the xserver's state.
This, though, brought in xterm into all systems, even those without X
servers.
This change sets the *default* of the xterm desktop-manager to the state
of the xserver, keeping it enabled by default as a sane fallback.
The xterm desktop-manager can still be enabled or disabled as needed,
without it being affected by xserver's state.
This is a simple exporter which exports the information
provided by `wg show all dump` to prometheus.
Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de>
This can lead to unnecessary failures if the kernel module is already
loaded:
Jun 06 12:38:50 chef bglisn9bz0y5403vdw9hny0ij43r41jk-unit-script-wireguard-wg0-start[13261]: modprobe: FATAL: Module wireguard not found in directory /run/booted-system/kernel-modules/lib/modules/4.19.36
Types are now specified for all options.
The fixed uid and gid for the avahi user have been removed
and the user avahi is now in the group avahi.
The the generic opening of the firewall for UDP port 5353 is
now optional, but still defaults to true.
The option `extraServiceFiles` was added to specify avahi
service definitions, which are then placed in `/etc/avahi/services`.
The geoclue module now lets us set application config. This should make
it more robust in desktop environments that don't define a geoclue
agent.
Fixes#45994.
The geoclue module now lets us set application config. This should make
it more robust in environments that don't provide a geoclue agent.
Fixes#44725.
The udev rules we are shipping no longer work with systemd v242 and were
remove upstream some time ago. It seems like the entire renaming is now
done in C and not in the udev rules.
Remove the btsync module. Bittorrent Sync was renamed to Resilio Sync in
2016, which is supported by the resilio module. Since Resilio Sync had
some security updates since 2016, it is not safe to run Bittorrent Sync
anymore.
mysql already has its socket path hardcoded to to
/run/mysqld/mysqld.sock.
There's not much value in making the pidDir configurable, which also
points to /run/mysqld by default.
We only seem to use `services.mysql.pidDir` in the wordpress startup
script, to wait for mysql to boot up, but we can also simply wait on the
(hardcoded) socket location too.
A much nicer way to accomplish that would be to properly describe a
dependency on mysqld.service. This however is not easily doable, due to
how the apache-httpd module was designed.
As we don't need to setup data directories from ExecStartPre= scripts
anymore, which required root, but use systemd.tmpfiles.rules instead,
everything can be run as just the mysql user.
define commands like "waiting for the mysql socket to appear" or "setup
initial databases" in a let expression, so the main control flow becomes
more readable.
We need to keep using `RuntimeDirectory=mysqld`, which translates to
`/run/mysqld`, as this is used for the location of the file socket, that
could differ with what is configured via `cfg.pidDir`.
