The collectd service runs as an unprivileged user by default, so it does
not leak more information to its data directory than any user can obtain
elsewhere by other means.
If people are running it as root and are worried about information leak,
we can add collectd group and set perms to 750.
CC @offlinehacker.
Fixes#21198.
A secret can be stored in a file. It is written at runtime in the
configuration file.
Note it is also possible to write them in the nix store for dev
purposes.
This commit introduces a nixos module for the Openstack Keystone
service. It also provides a optional bootstrap step that creates some
basic initial resources (tenants, endpoints,...).
The provided test starts Keystone by enabling bootstrapping and checks
if user creation works well.
This commit is based on initial works made by domenkozar.
Some GRASS functions dlopen GDAL, and don't get patched in the install.
To make them work I have to export LD_LIBRARY_PATH from within grass again with pkgs.gdal/lib.
Alternatively this does the trick - there might be a better way to do this, if the configure script can take the true path to gdal and reflect it in the dlopen calls or something?
The "misc" NixOS test is using Nix to query the store and it tries to
change the ownership of it while doing so.
This fails if Nix is not in a seccomp-sandboxed userid namespace, so
let's make chown() a no-op when applied to store paths.
Fixes the misc test (and possibly future tests) on older Nix versions.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Previously, the entire installation was copied to $out/opt/unigine/valley.
Using $out/lib instead of $out/opt would be more consistent with other Nix packages.
The upstream version is "1.0", so that's what the version of the Nix package should be too.
When I packaged this I wasn't aware that a Nix package could update without its version number
increasing, so I added an extra "release version" (like Arch Linux packages). Of course, this
isn't necessary.
