For sa-update we care about two successful codes:
* 1 -> no updates available: exit successfully
* 0 -> updates have been installed: run sa-compile and pass
through its return code
sa-compile speeds up processing the rules by compiling them from Perl to
C. This needs to be run after every update and is saved in the local
state directory by Perl and SpamAssassin version.
Let systemd create SpamAssassin's state directory and populate it using the
regular updater service. Depend on the updater service on boot but do not
propagate failure to the main service.
spamd's commands to start and reload the service are still executed as
root but user/group are set to properly chown the state directory to the
target user. spamd drops privileges itself for its runner children but
preserves root on the main daemon (to listen and re-exec).
sa-update currently runs as part of the pre-start script of spamd. The
network is not guaranteed to be online at that point and even if we
were to depend on that, it makes the bootup brittle, as there is a
reliance on SpamAssassin's update server as a startup dependency on
boot.
Refactor the setup to move the pre-start script into its own unit.
This allows to perform the setup task only once. Continuous updates
are already done by sa-update.service triggered by sa-update.timer.
Only run sa-update in case /var/lib/spamassassin is empty.
While we are on it, let sa-update.service depend on the network being
online.
Fixes redirection after signing in when you use a single oauth2_proxy
instance for multiple domains.
X-Auth-Request-Redirect header is used to decide which URL to redirect
to after signing in. Specifying `request_uri` is enough in case you
need to redirect to the same domain that serves oauth2 callback
endpoint, but with multiple domains the you should include the scheme
and the host.
Thinkfan underwent some major changes and the config file
is now based on YAML. This commit contains a number of changes:
- rewrite the module to output the new format;
- add a `settings` option, following RFC 0042[1];
- add fancy type-checking for the most critical options
- use upstream systemd units (which fix the resume issue)
[1]: https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md
This is a very simple module that installs a single udev rule.
The rule set the ownership of all /dev/i2c-* devices to a
group, "i2c" by default but can be changed. The "uaccess" tag
also makes systemd add an ACL for users with a seat[1].
Fix issue #91771
[1]: https://enotty.pipebreaker.pl/2012/05/23/linux-automatic-user-acl-management/
This is necessary for Librespot, which is spawned by snapserver in the
same cgroup. Librespot requires querying local ip links and addresses
for MDNS (Zeroconf/Avahi), and does so through NETLINK interface.
* Add 'librespot' (new name for 'spotify'), 'alsa', 'tcp'.
* Add a warning about the spotify -> librespot rename.
* Fix the deprecated example `mode = "listen"` for type 'pipe'.
* Update the tests to include a straightforward 'tcp' test.
