Alertmanager 0.13.0 doesn't support single dash long options, so '-config.file'
for example is parsed as '-c', which leads to the service not starting.
Previously the parameters were just dropped. Now they can be read
from within the handler script. An example to show this is added.
Makes use of the new writeShellScript function as suggested in:
issue #21557
resolves: #21557
Inspired from the dhcpd service implementation
Only 2 configurations options at the moment:
- enabled
- path to config directory (defaults to /etc/raddb)
Implementation was also inspired from ArchLinux
systemd file and corrected with @dotlambda and
@fpletz help.
If you have more than 1 User with hasedPassword Option set it generates
```
rm -f /var/lib/mosquitto/passwd
touch /var/lib/mosquitto/passwd
echo 'user1:$6$xxx' > /var/lib/mosquitto/passwd
echo 'user2:$6$xxx' > /var/lib/mosquitto/passwd
```
Which ends up in only having 1 user.
Of course, you'll get a bunch of warnings from the activation script:
$ nixos-enter --root /tmp/mnt/
setting up /etc...
mount: /dev: permission denied.
mount: /dev/pts: permission denied.
mount: /dev/shm: permission denied.
mount: /sys: permission denied.
/nix/var/nix/profiles/system/activate: line 74: /proc/sys/kernel/modprobe: Permission denied
chown: changing ownership of '/run/wrappers/wrappers.0pKlU8JsvV/dbus-daemon-launch-helper': Invalid argument
NOTE: Under Linux, effective file capabilities must either be empty, or
exactly match the union of selected permitted and inheritable bits.
Failed to set capabilities on file `/run/wrappers/wrappers.0pKlU8JsvV/ping' (Operation not permitted)
chown: changing ownership of '/run/wrappers/wrappers.0pKlU8JsvV/unix_chkpwd': Invalid argument
[root@nixos:/]#
l2tp saves its secrets into /etc/ipsec.d but strongswan would not read
them. l2tp checks for /etc/ipsec.secrets includes /etc/ipsec.d and if
not tries to write into it.
Solution:
Have the strongswan module create /etc/ipsec.d and /etc/ipsec.secrets
when networkmanager_l2tp is installed.
Include /etc/ipsec.secrets in
/nix/store/hash-strongswan/etc/ipsec.secrets so that it can find l2tp
secrets.
Also when the ppp 'nopeerdns' option is used, the DNS resolver tries to
write into an alternate file /etc/ppp/resolv.conf. This fails when
/etc/ppp does not exist so the module creates it by default.
