Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/fwts/versions.
These checks were done:
- built on NixOS
- /nix/store/v5wy7231jv43gnni4s3jcq0lz1qx21bs-fwts-18.05.00/bin/fwts passed the binary check.
- Warning: no invocation of /nix/store/v5wy7231jv43gnni4s3jcq0lz1qx21bs-fwts-18.05.00/bin/kernelscan had a zero exit code or showed the expected version
- 1 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 18.05.00 with grep in /nix/store/v5wy7231jv43gnni4s3jcq0lz1qx21bs-fwts-18.05.00
- directory tree listing: https://gist.github.com/8fb4995cd885cdeea7a35d51b7edca3b
- du listing: https://gist.github.com/8cc61b948b8e0aa4a1a8088464c5536d
This reverts a part of 5bd12c694bfebaef1d03eb7f74a6eca01b86f546.
Apparently there's no way to specify user for RuntimeDirectory in systemd
service file (it's always root) but tor won't create control socket if the dir
is owned by anybody except the tor user.
These hardenings were adopted from the upstream service file, checked
against systemd.service(5) and systemd.exec(5) manuals, and tested to
actually work with all the options enabled.
`PrivateDevices` implies `DevicePolicy=closed` according to systemd.exec(5),
removed.
`--RunAsDaemon 0` is the default value according to tor(5), removed.
Before this change `mkRenamedOptionModule` would override option defaults
even when the old option name is left unused. For instance
```nix
{
optios = {
services.name.new = mkOption {
default = { one = {}; };
};
};
imports = [
(mkRenamedOptionModule [ "services" "name" "old" ] [ "services" "name" "new" "two" ])
];
config = {};
}
```
would evaluate to
`{ config.services.name.new = { two = {}; }; }`
when you'd expect it to evaluate to
`{ config.services.name.new = { one = {}; }; }`.
