gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

various: replace systemd.services.<name>.{script,preStart} with ExecStart{,Pre} (#448763)

Browse Source
This commit is contained in:
Sandro
2025-10-29 12:34:37 +00:00
committed by GitHub
parent 2e8953486b 4094626253
commit c32d974077
68 changed files with 242 additions and 304 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/security/soteria.nix
View File

@@ -36,8 +36,8 @@ in
wants = [ "graphical-session.target" ]; wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ]; after = [ "graphical-session.target" ];
script = lib.getExe cfg.package;
serviceConfig = { serviceConfig = {
ExecStart = lib.getExe cfg.package;
Type = "simple"; Type = "simple";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 1; RestartSec = 1;

68
nixos/modules/services/blockchain/ethereum/geth.nix
View File

@@ -206,6 +206,43 @@ in
after = [ "network.target" ]; after = [ "network.target" ];
serviceConfig = { serviceConfig = {
ExecStart =
let
args = lib.cli.toCommandLineShellGNU { } {
inherit (cfg)
syncmode
gcmode
port
maxpeers
;
nousb = true;
ipcdisable = true;
datadir = dataDir;
${cfg.network} = true;
http = cfg.http.enable;
"http.addr" = if cfg.http.enable then cfg.http.address else null;
"http.port" = if cfg.http.enable then cfg.http.port else null;
"http.api" = if cfg.http.apis != null then lib.concatStringsSep "," cfg.http.apis else null;
ws = cfg.websocket.enable;
"ws.addr" = if cfg.websocket.enable then cfg.websocket.address else null;
"ws.port" = if cfg.websocket.enable then cfg.websocket.port else null;
"ws.api" = if cfg.websocket.apis != null then lib.concatStringsSep "," cfg.websocket.apis else null;
metrics = cfg.metrics.enable;
"metrics.addr" = if cfg.metrics.enable then cfg.metrics.address else null;
"metrics.port" = if cfg.metrics.enable then cfg.metrics.port else null;
"authrpc.addr" = cfg.authrpc.address;
"authrpc.port" = cfg.authrpc.port;
"authrpc.vhosts" = lib.concatStringsSep "," cfg.authrpc.vhosts;
"authrpc.jwtsecret" =
if cfg.authrpc.jwtsecret != "" then cfg.authrpc.jwtsecret else "${dataDir}/geth/jwtsecret";
};
in
"${lib.getExe cfg.package} ${args} ${lib.escapeShellArgs cfg.extraArgs}";
DynamicUser = true; DynamicUser = true;
Restart = "always"; Restart = "always";
StateDirectory = stateDir; StateDirectory = stateDir;
@@ -217,37 +254,6 @@ in
PrivateDevices = "true"; PrivateDevices = "true";
MemoryDenyWriteExecute = "true"; MemoryDenyWriteExecute = "true";
}; };
script = ''
${cfg.package}/bin/geth \
--nousb \
--ipcdisable \
${lib.optionalString (cfg.network != null) ''--${cfg.network}''} \
--syncmode ${cfg.syncmode} \
--gcmode ${cfg.gcmode} \
--port ${toString cfg.port} \
--maxpeers ${toString cfg.maxpeers} \
${lib.optionalString cfg.http.enable ''--http --http.addr ${cfg.http.address} --http.port ${toString cfg.http.port}''} \
${
lib.optionalString (cfg.http.apis != null) ''--http.api ${lib.concatStringsSep "," cfg.http.apis}''
} \
${lib.optionalString cfg.websocket.enable ''--ws --ws.addr ${cfg.websocket.address} --ws.port ${toString cfg.websocket.port}''} \
${
lib.optionalString (
cfg.websocket.apis != null
) ''--ws.api ${lib.concatStringsSep "," cfg.websocket.apis}''
} \
${lib.optionalString cfg.metrics.enable ''--metrics --metrics.addr ${cfg.metrics.address} --metrics.port ${toString cfg.metrics.port}''} \
--authrpc.addr ${cfg.authrpc.address} --authrpc.port ${toString cfg.authrpc.port} --authrpc.vhosts ${lib.concatStringsSep "," cfg.authrpc.vhosts} \
${
if (cfg.authrpc.jwtsecret != "") then
''--authrpc.jwtsecret ${cfg.authrpc.jwtsecret}''
else
''--authrpc.jwtsecret ${dataDir}/geth/jwtsecret''
} \
${lib.escapeShellArgs cfg.extraArgs} \
--datadir ${dataDir}
'';
} }
)) ))
) eachGeth; ) eachGeth;

4
nixos/modules/services/computing/boinc/client.nix
View File

@@ -99,10 +99,8 @@ in
description = "BOINC Client"; description = "BOINC Client";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
script = ''
exec ${fhsEnvExecutable} --dir ${cfg.dataDir} ${allowRemoteGuiRpcFlag}
'';
serviceConfig = { serviceConfig = {
ExecStart = "${fhsEnvExecutable} --dir ${cfg.dataDir} ${allowRemoteGuiRpcFlag}";
User = "boinc"; User = "boinc";
Nice = 10; Nice = 10;
}; };

6
nixos/modules/services/computing/slurm/slurm.nix
View File

@@ -475,15 +475,13 @@ in
''} ''}
''; '';
script = '' environment.SLURM_CONF = configPath;
export SLURM_CONF=${configPath}
exec ${cfg.package}/bin/slurmdbd -D
'';
serviceConfig = { serviceConfig = {
RuntimeDirectory = "slurmdbd"; RuntimeDirectory = "slurmdbd";
Type = "simple"; Type = "simple";
PIDFile = "/run/slurmdbd.pid"; PIDFile = "/run/slurmdbd.pid";
ExecStart = "${lib.getExe' cfg.package "slurmdbd"} -D";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
}; };
}; };

9
nixos/modules/services/games/minetest-server.nix
View File

@@ -172,12 +172,9 @@ in
serviceConfig.Restart = "always"; serviceConfig.Restart = "always";
serviceConfig.User = "minetest"; serviceConfig.User = "minetest";
serviceConfig.Group = "minetest"; serviceConfig.Group = "minetest";
serviceConfig.StateDirectory = "minetest";
script = '' serviceConfig.WorkingDirectory = "/var/lib/minetest";
cd /var/lib/minetest serviceConfig.ExecStart = "${pkgs.minetest}/bin/minetest ${lib.escapeShellArgs flags}";
exec ${pkgs.minetest}/bin/minetest ${lib.escapeShellArgs flags}
'';
}; };
}; };
} }

2
nixos/modules/services/hardware/pommed.nix
View File

@@ -51,7 +51,7 @@ in
systemd.services.pommed = { systemd.services.pommed = {
description = "Pommed Apple Hotkeys Daemon"; description = "Pommed Apple Hotkeys Daemon";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
script = "${pkgs.pommed_light}/bin/pommed -f"; serviceConfig.ExecStart = "${lib.getExe pkgs.pommed_light} -f";
}; };
}; };
} }

4
nixos/modules/services/home-automation/zigbee2mqtt.nix
View File

@@ -79,6 +79,7 @@ in
after = [ "network.target" ]; after = [ "network.target" ];
environment.ZIGBEE2MQTT_DATA = cfg.dataDir; environment.ZIGBEE2MQTT_DATA = cfg.dataDir;
serviceConfig = { serviceConfig = {
ExecStartPre = "${lib.getExe' pkgs.coreutils "cp"} --no-preserve=mode ${configFile} '${cfg.dataDir}/configuration.yaml'";
ExecStart = "${cfg.package}/bin/zigbee2mqtt"; ExecStart = "${cfg.package}/bin/zigbee2mqtt";
User = "zigbee2mqtt"; User = "zigbee2mqtt";
Group = "zigbee2mqtt"; Group = "zigbee2mqtt";
@@ -129,9 +130,6 @@ in
]; ];
UMask = "0077"; UMask = "0077";
}; };
preStart = ''
cp --no-preserve=mode ${configFile} "${cfg.dataDir}/configuration.yaml"
'';
}; };
users.users.zigbee2mqtt = { users.users.zigbee2mqtt = {

4
nixos/modules/services/logging/heartbeat.nix
View File

@@ -67,12 +67,10 @@ in
systemd.services.heartbeat = { systemd.services.heartbeat = {
description = "heartbeat log shipper"; description = "heartbeat log shipper";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -p "${cfg.stateDir}"/{data,logs}
'';
serviceConfig = { serviceConfig = {
User = "nobody"; User = "nobody";
AmbientCapabilities = "cap_net_raw"; AmbientCapabilities = "cap_net_raw";
ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} -p '${cfg.stateDir}'/data '${cfg.stateDir}'/logs";
ExecStart = "${cfg.package}/bin/heartbeat -c \"${heartbeatYml}\" -path.data \"${cfg.stateDir}/data\" -path.logs \"${cfg.stateDir}/logs\""; ExecStart = "${cfg.package}/bin/heartbeat -c \"${heartbeatYml}\" -path.data \"${cfg.stateDir}/data\" -path.logs \"${cfg.stateDir}/logs\"";
}; };
}; };

8
nixos/modules/services/logging/journalbeat.nix
View File

@@ -71,12 +71,12 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
wants = [ "elasticsearch.service" ]; wants = [ "elasticsearch.service" ];
after = [ "elasticsearch.service" ]; after = [ "elasticsearch.service" ];
preStart = ''
mkdir -p ${cfg.stateDir}/data
mkdir -p ${cfg.stateDir}/logs
'';
serviceConfig = { serviceConfig = {
StateDirectory = cfg.stateDir; StateDirectory = cfg.stateDir;
ExecStartPre = [
"${lib.getExe' pkgs.coreutils "mkdir"} -p ${cfg.stateDir}/data"
"${lib.getExe' pkgs.coreutils "mkdir"} -p ${cfg.stateDir}/logs"
];
ExecStart = '' ExecStart = ''
${cfg.package}/bin/journalbeat \ ${cfg.package}/bin/journalbeat \
-c ${journalbeatYml} \ -c ${journalbeatYml} \

2
nixos/modules/services/logging/journaldriver.nix
View File

@@ -91,12 +91,12 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services.journaldriver = { systemd.services.journaldriver = {
description = "Stackdriver Logging journal forwarder"; description = "Stackdriver Logging journal forwarder";
script = "${pkgs.journaldriver}/bin/journaldriver";
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
ExecStart = lib.getExe pkgs.journaldriver;
Restart = "always"; Restart = "always";
DynamicUser = true; DynamicUser = true;

5
nixos/modules/services/logging/promtail.nix
View File

@@ -66,14 +66,11 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
stopIfChanged = false; stopIfChanged = false;
preStart = ''
${lib.getExe pkgs.promtail} -config.file=${configFile} -check-syntax
'';
serviceConfig = { serviceConfig = {
Restart = "on-failure"; Restart = "on-failure";
TimeoutStopSec = 10; TimeoutStopSec = 10;
ExecStartPre = "${lib.getExe pkgs.promtail} -config.file=${configFile} -check-syntax";
ExecStart = "${pkgs.promtail}/bin/promtail -config.file=${configFile} ${escapeShellArgs cfg.extraFlags}"; ExecStart = "${pkgs.promtail}/bin/promtail -config.file=${configFile} ${escapeShellArgs cfg.extraFlags}";
ProtectSystem = "strict"; ProtectSystem = "strict";

2
nixos/modules/services/logging/syslog-ng.nix
View File

@@ -79,7 +79,6 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.services.syslog-ng = { systemd.services.syslog-ng = {
description = "syslog-ng daemon"; description = "syslog-ng daemon";
preStart = "mkdir -p /{var,run}/syslog-ng";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "multi-user.target" ]; # makes sure hostname etc is set after = [ "multi-user.target" ]; # makes sure hostname etc is set
serviceConfig = { serviceConfig = {
@@ -87,6 +86,7 @@ in
PIDFile = pidFile; PIDFile = pidFile;
StandardOutput = "null"; StandardOutput = "null";
Restart = "on-failure"; Restart = "on-failure";
ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} -p /var/syslog-ng /run/syslog-ng";
ExecStart = "${cfg.package}/sbin/syslog-ng ${lib.concatStringsSep " " syslogngOptions}"; ExecStart = "${cfg.package}/sbin/syslog-ng ${lib.concatStringsSep " " syslogngOptions}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
}; };

4
nixos/modules/services/mail/cyrus-imap.nix
View File

@@ -342,6 +342,7 @@ in
User = if (cfg.user == null) then "cyrus" else cfg.user; User = if (cfg.user == null) then "cyrus" else cfg.user;
Group = if (cfg.group == null) then "cyrus" else cfg.group; Group = if (cfg.group == null) then "cyrus" else cfg.group;
Type = "simple"; Type = "simple";
ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} -p '${cfg.imapdSettings.configdirectory}/socket' '${cfg.tmpDBDir}' /run/cyrus/proc /run/cyrus/lock";
ExecStart = "${cyrus-imapdPkg}/libexec/master -l $LISTENQUEUE -C /etc/imapd.conf -M /etc/cyrus.conf -p /run/cyrus/master.pid -D"; ExecStart = "${cyrus-imapdPkg}/libexec/master -l $LISTENQUEUE -C /etc/imapd.conf -M /etc/cyrus.conf -p /run/cyrus/master.pid -D";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "1s"; RestartSec = "1s";
@@ -367,9 +368,6 @@ in
RestrictNamespaces = true; RestrictNamespaces = true;
RestrictRealtime = true; RestrictRealtime = true;
}; };
preStart = ''
mkdir -p '${cfg.imapdSettings.configdirectory}/socket' '${cfg.tmpDBDir}' /run/cyrus/proc /run/cyrus/lock
'';
}; };
environment.systemPackages = [ cyrus-imapdPkg ]; environment.systemPackages = [ cyrus-imapdPkg ];
}; };

4
nixos/modules/services/mail/dkimproxy-out.nix
View File

@@ -109,10 +109,8 @@ in
chown -R dkimproxy-out:dkimproxy-out "${keydir}" chown -R dkimproxy-out:dkimproxy-out "${keydir}"
fi fi
''; '';
script = ''
exec ${pkgs.dkimproxy}/bin/dkimproxy.out --conf_file=${configfile}
'';
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.dkimproxy}/bin/dkimproxy.out --conf_file=${configfile}";
User = "dkimproxy-out"; User = "dkimproxy-out";
PermissionsStartOnly = true; PermissionsStartOnly = true;
}; };

8
nixos/modules/services/mail/nullmailer.nix
View File

@@ -245,13 +245,13 @@
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
preStart = ''
rm -f /var/spool/nullmailer/trigger && mkfifo -m 660 /var/spool/nullmailer/trigger
'';
serviceConfig = { serviceConfig = {
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
ExecStartPre = [
"${lib.getExe' pkgs.coreutils "rm"} -f /var/spool/nullmailer/trigger"
"${lib.getExe' pkgs.coreutils "mkfifo"} -m 660 /var/spool/nullmailer/trigger"
];
ExecStart = "${pkgs.nullmailer}/bin/nullmailer-send"; ExecStart = "${pkgs.nullmailer}/bin/nullmailer-send";
Restart = "always"; Restart = "always";
}; };

10
nixos/modules/services/mail/postgrey.nix
View File

@@ -210,13 +210,13 @@ in
description = "Postfix Greylisting Service"; description = "Postfix Greylisting Service";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
before = [ "postfix.service" ]; before = [ "postfix.service" ];
preStart = ''
mkdir -p /var/postgrey
chown postgrey:postgrey /var/postgrey
chmod 0770 /var/postgrey
'';
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStartPre = [
"${lib.getExe' pkgs.coreutils "mkdir"} -p /var/postgrey"
"${lib.getExe' pkgs.coreutils "chown"} postgrey:postgrey /var/postgrey"
"${lib.getExe' pkgs.coreutils "chmod"} 0770 /var/postgrey"
];
ExecStart = '' ExecStart = ''
${pkgs.postgrey}/bin/postgrey \ ${pkgs.postgrey}/bin/postgrey \
${bind-flag} \ ${bind-flag} \

19
nixos/modules/services/mail/stalwart-mail.nix
View File

@@ -162,17 +162,16 @@ in
"network.target" "network.target"
]; ];
preStart =
if useLegacyStorage then
''
mkdir -p ${cfg.dataDir}/data/blobs
''
else
''
mkdir -p ${cfg.dataDir}/db
'';
serviceConfig = { serviceConfig = {
ExecStartPre =
if useLegacyStorage then
''
${lib.getExe' pkgs.coreutils "mkdir"} -p ${cfg.dataDir}/data/blobs
''
else
''
${lib.getExe' pkgs.coreutils "mkdir"} -p ${cfg.dataDir}/db
'';
ExecStart = [ ExecStart = [
"" ""
"${lib.getExe cfg.package} --config=${configFile}" "${lib.getExe cfg.package} --config=${configFile}"

7
nixos/modules/services/misc/autofs.nix
View File

@@ -88,14 +88,11 @@ in
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = ''
# There should be only one autofs service managed by systemd, so this should be safe.
rm -f /tmp/autofs-running
'';
serviceConfig = { serviceConfig = {
Type = "forking"; Type = "forking";
PIDFile = "/run/autofs.pid"; PIDFile = "/run/autofs.pid";
# There should be only one autofs service managed by systemd, so this should be safe.
ExecStartPre = "${lib.getExe' pkgs.coreutils "rm"} -f /tmp/autofs-running";
ExecStart = "${pkgs.autofs5}/bin/automount ${lib.optionalString cfg.debug "-d"} -p /run/autofs.pid -t ${builtins.toString cfg.timeout} ${autoMaster}"; ExecStart = "${pkgs.autofs5}/bin/automount ${lib.optionalString cfg.debug "-d"} -p /run/autofs.pid -t ${builtins.toString cfg.timeout} ${autoMaster}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
}; };

2
nixos/modules/services/misc/dictd.nix
View File

@@ -78,7 +78,7 @@ in
# with code 143 instead of exiting with code 0. # with code 143 instead of exiting with code 0.
serviceConfig.SuccessExitStatus = [ 143 ]; serviceConfig.SuccessExitStatus = [ 143 ];
serviceConfig.Type = "forking"; serviceConfig.Type = "forking";
script = "${pkgs.dict}/sbin/dictd -s -c ${dictdb}/share/dictd/dictd.conf --locale en_US.UTF-8"; serviceConfig.ExecStart = "${pkgs.dict}/sbin/dictd -s -c ${dictdb}/share/dictd/dictd.conf --locale en_US.UTF-8";
}; };
}; };
} }

4
nixos/modules/services/misc/docker-registry.nix
View File

@@ -143,11 +143,9 @@ in
description = "Docker Container Registry"; description = "Docker Container Registry";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
script = ''
${cfg.package}/bin/registry serve ${configFile}
'';
serviceConfig = { serviceConfig = {
ExecStart = "${lib.getExe cfg.package} serve ${configFile}";
User = "docker-registry"; User = "docker-registry";
WorkingDirectory = cfg.storagePath; WorkingDirectory = cfg.storagePath;
AmbientCapabilities = lib.mkIf (cfg.port < 1024) "cap_net_bind_service"; AmbientCapabilities = lib.mkIf (cfg.port < 1024) "cap_net_bind_service";

8
nixos/modules/services/misc/errbot.nix
View File

@@ -100,13 +100,13 @@ in
{ {
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -p ${dataDir}
chown -R errbot:errbot ${dataDir}
'';
serviceConfig = { serviceConfig = {
User = "errbot"; User = "errbot";
Restart = "on-failure"; Restart = "on-failure";
ExecStartPre = [
"${lib.getExe' pkgs.coreutils "mkdir"} -p ${dataDir}"
"${lib.getExe' pkgs.coreutils "chown"} -R errbot:errbot ${dataDir}"
];
ExecStart = "${pkgs.errbot}/bin/errbot -c ${mkConfigDir instanceCfg dataDir}/config.py"; ExecStart = "${pkgs.errbot}/bin/errbot -c ${mkConfigDir instanceCfg dataDir}/config.py";
PermissionsStartOnly = true; PermissionsStartOnly = true;
}; };

8
nixos/modules/services/misc/gollum.nix
View File

@@ -138,17 +138,13 @@ in
description = "Gollum wiki"; description = "Gollum wiki";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = [ pkgs.git ];
preStart = ''
# This is safe to be run on an existing repo
git init ${cfg.stateDir}
'';
serviceConfig = { serviceConfig = {
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
WorkingDirectory = cfg.stateDir; WorkingDirectory = cfg.stateDir;
# This is safe to be run on an existing repo
ExecStartPre = "${lib.getExe pkgs.git} init ${cfg.stateDir}";
ExecStart = '' ExecStart = ''
${cfg.package}/bin/gollum \ ${cfg.package}/bin/gollum \
--port ${toString cfg.port} \ --port ${toString cfg.port} \

9
nixos/modules/services/misc/paperless.nix
View File

@@ -664,6 +664,9 @@ in
serviceConfig = { serviceConfig = {
User = cfg.user; User = cfg.user;
WorkingDirectory = cfg.dataDir; WorkingDirectory = cfg.dataDir;
ExecStart = "${manage}/bin/paperless-manage document_exporter ${cfg.exporter.directory} ${
lib.cli.toCommandLineShellGNU { } cfg.exporter.settings
}";
}; };
unitConfig = unitConfig =
let let
@@ -682,13 +685,7 @@ in
OnFailure = services; OnFailure = services;
OnSuccess = services; OnSuccess = services;
}; };
enableStrictShellChecks = true;
path = [ manage ]; path = [ manage ];
script = ''
paperless-manage document_exporter ${cfg.exporter.directory} ${
lib.cli.toCommandLineShellGNU { } cfg.exporter.settings
}
'';
}; };
}) })
] ]

4
nixos/modules/services/misc/svnserve.nix
View File

@@ -40,8 +40,8 @@ in
systemd.services.svnserve = { systemd.services.svnserve = {
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = "mkdir -p ${cfg.svnBaseDir}"; services.ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} -p ${cfg.svnBaseDir}";
script = "${pkgs.subversion.out}/bin/svnserve -r ${cfg.svnBaseDir} -d --foreground --pid-file=/run/svnserve.pid"; services.ExecStart = "${pkgs.subversion.out}/bin/svnserve -r ${cfg.svnBaseDir} -d --foreground --pid-file=/run/svnserve.pid";
}; };
}; };
} }

13
nixos/modules/services/misc/tandoor-recipes.nix
View File

@@ -119,6 +119,12 @@ in
after = lib.optional cfg.database.createLocally "postgresql.target"; after = lib.optional cfg.database.createLocally "postgresql.target";
serviceConfig = { serviceConfig = {
ExecStartPre = [
"${lib.getExe' pkgs.coreutils "ln"} -sf ${manage} tandoor-recipes-manage"
# Let django migrate the DB as needed
"${lib.getExe pkg} migrate"
];
ExecStart = '' ExecStart = ''
${pkg.python.pkgs.gunicorn}/bin/gunicorn recipes.wsgi ${pkg.python.pkgs.gunicorn}/bin/gunicorn recipes.wsgi
''; '';
@@ -172,13 +178,6 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = ''
ln -sf ${manage} tandoor-recipes-manage
# Let django migrate the DB as needed
${pkg}/bin/tandoor-recipes migrate
'';
environment = env // { environment = env // {
PYTHONPATH = "${pkg.python.pkgs.makePythonPath pkg.propagatedBuildInputs}:${pkg}/lib/tandoor-recipes"; PYTHONPATH = "${pkg.python.pkgs.makePythonPath pkg.propagatedBuildInputs}:${pkg}/lib/tandoor-recipes";
}; };

4
nixos/modules/services/monitoring/prometheus/exporters/pgbouncer.nix
View File

@@ -139,9 +139,9 @@ in
serviceOpts = { serviceOpts = {
after = [ "pgbouncer.service" ]; after = [ "pgbouncer.service" ];
script = concatStringsSep " " ( serviceConfig.ExecStart = concatStringsSep " " (
[ [
"exec -- ${escapeShellArg (getExe cfg.package)}" "${escapeShellArg (getExe cfg.package)}"
"--web.listen-address ${cfg.listenAddress}:${toString cfg.port}" "--web.listen-address ${cfg.listenAddress}:${toString cfg.port}"
] ]
++ optionals (cfg.connectionString != null) [ ++ optionals (cfg.connectionString != null) [

9
nixos/modules/services/networking/dnscache.nix
View File

@@ -108,17 +108,16 @@ in
daemontools daemontools
djbdns djbdns
]; ];
environment.FORWARDONLY = lib.mkIf cfg.forwardOnly "1";
preStart = '' preStart = ''
rm -rf /var/lib/dnscache rm -rf /var/lib/dnscache
dnscache-conf dnscache dnscache /var/lib/dnscache ${config.services.dnscache.ip} dnscache-conf dnscache dnscache /var/lib/dnscache ${config.services.dnscache.ip}
rm -rf /var/lib/dnscache/root rm -rf /var/lib/dnscache/root
ln -sf ${dnscache-root} /var/lib/dnscache/root ln -sf ${dnscache-root} /var/lib/dnscache/root
''; '';
script = '' serviceConfig.StateDirectory = "dnscache";
cd /var/lib/dnscache/ serviceConfig.WorkingDirectory = "/var/lib/dnscache";
${lib.optionalString cfg.forwardOnly "export FORWARDONLY=1"} serviceConfig.ExecStart = "/var/lib/dnscache/run";
exec ./run
'';
}; };
}; };
} }

4
nixos/modules/services/networking/freeradius.nix
View File

@@ -13,11 +13,9 @@ let
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
wants = [ "network.target" ]; wants = [ "network.target" ];
preStart = ''
${cfg.package}/bin/radiusd -C -d ${cfg.configDir} -l stdout
'';
serviceConfig = { serviceConfig = {
ExecStartPre = "${cfg.package}/bin/radiusd -C -d ${cfg.configDir} -l stdout";
ExecStart = ExecStart =
"${cfg.package}/bin/radiusd -f -d ${cfg.configDir} -l stdout" + lib.optionalString cfg.debug " -xx"; "${cfg.package}/bin/radiusd -f -d ${cfg.configDir} -l stdout" + lib.optionalString cfg.debug " -xx";
ExecReload = [ ExecReload = [

2
nixos/modules/services/networking/ircd-hybrid/default.nix
View File

@@ -152,7 +152,7 @@ in
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
script = "${ircdService}/bin/control start"; serviceConfig.ExecStart = "${ircdService}/bin/control start";
}; };
}; };
} }

5
nixos/modules/services/networking/ncps.nix
View File

@@ -275,12 +275,9 @@ in
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = ''
${lib.getExe cfg.dbmatePackage} --migrations-dir=${cfg.package}/share/ncps/db/migrations --url=${cfg.cache.databaseURL} up
'';
serviceConfig = lib.mkMerge [ serviceConfig = lib.mkMerge [
{ {
ExecStartPre = "${lib.getExe cfg.dbmatePackage} --migrations-dir=${cfg.package}/share/ncps/db/migrations --url=${cfg.cache.databaseURL} up";
ExecStart = "${lib.getExe cfg.package} ${globalFlags} serve ${serveFlags}"; ExecStart = "${lib.getExe cfg.package} ${globalFlags} serve ${serveFlags}";
User = "ncps"; User = "ncps";
Group = "ncps"; Group = "ncps";

4
nixos/modules/services/networking/nghttpx/default.nix
View File

@@ -115,11 +115,9 @@ in
nghttpx = { nghttpx = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
script = ''
${pkgs.nghttp2}/bin/nghttpx --conf=${configurationFile}
'';
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.nghttp2}/bin/nghttpx --conf=${configurationFile}";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 60; RestartSec = 60;
}; };

2
nixos/modules/services/networking/nm-file-secret-agent.nix
View File

@@ -125,7 +125,7 @@ in
after = [ "NetworkManager.service" ]; after = [ "NetworkManager.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
restartTriggers = [ nmFileSecretAgentConfigFile ]; restartTriggers = [ nmFileSecretAgentConfigFile ];
script = "${lib.getExe cfg.ensureProfiles.secrets.package} --conf ${nmFileSecretAgentConfigFile}"; serviceConfig.ExecStart = "${lib.getExe cfg.ensureProfiles.secrets.package} --conf ${nmFileSecretAgentConfigFile}";
}; };
}; };
} }

2
nixos/modules/services/networking/oidentd.nix
View File

@@ -32,7 +32,7 @@ with lib;
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "forking"; serviceConfig.Type = "forking";
script = "${pkgs.oidentd}/sbin/oidentd -u oidentd -g nogroup"; serviceConfig.ExecStart = "${lib.getExe pkgs.oidentd} -u oidentd -g nogroup";
}; };
users.users.oidentd = { users.users.oidentd = {

2
nixos/modules/services/networking/oink.nix
View File

@@ -84,8 +84,8 @@ in
description = "Dynamic DNS client for Porkbun"; description = "Dynamic DNS client for Porkbun";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
script = "${cfg.package}/bin/oink -c ${oinkConfig}";
serviceConfig = { serviceConfig = {
ExecStart = "${lib.getExe cfg.package} -c ${oinkConfig}";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "10"; RestartSec = "10";
}; };

29
nixos/modules/services/networking/opengfw.nix
View File

@@ -374,21 +374,22 @@ in
after = [ "network.target" ]; after = [ "network.target" ];
path = with pkgs; [ iptables ]; path = with pkgs; [ iptables ];
preStart = ''
${optionalString (rules != null) "ln -sf ${rules} rules.yaml"}
${optionalString (settings != null) "ln -sf ${settings} config.yaml"}
'';
script = ''
${config.security.wrapperDir}/OpenGFW \
-f ${cfg.logFormat} \
-l ${cfg.logLevel} \
${optionalString (cfg.pcapReplay != null) "-p ${cfg.pcapReplay}"} \
-c config.yaml \
rules.yaml
'';
serviceConfig = rec { serviceConfig = rec {
ExecStartPre =
lib.optionals (rules != null) [ "${lib.getExe' pkgs.coreutils "ln"} -sf ${rules} rules.yaml" ]
++ lib.optionals (settings != null) [
"${lib.getExe' pkgs.coreutils "ln"} -sf ${settings} config.yaml"
];
ExecStart =
let
args = lib.cli.toCommandLineShellGNU { } {
f = cfg.logFormat;
l = cfg.logLevel;
p = cfg.pcapReplay;
c = "config.yaml";
};
in
"${config.security.wrapperDir}/OpenGFW ${args} rules.yaml";
WorkingDirectory = cfg.dir; WorkingDirectory = cfg.dir;
ExecReload = "${lib.getExe' pkgs.coreutils "kill"} -HUP $MAINPID"; ExecReload = "${lib.getExe' pkgs.coreutils "kill"} -HUP $MAINPID";
Restart = "always"; Restart = "always";

4
nixos/modules/services/networking/ostinato.nix
View File

@@ -108,9 +108,7 @@ in
systemd.services.drone = { systemd.services.drone = {
description = "Ostinato agent-controller"; description = "Ostinato agent-controller";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
script = '' serviceConfig.ExecStart = "${pkg}/bin/drone ${toString cfg.port} ${configFile}";
${pkg}/bin/drone ${toString cfg.port} ${configFile}
'';
}; };
}; };

10
nixos/modules/services/networking/pangolin.nix
View File

@@ -241,11 +241,6 @@ in
requires = [ "network.target" ]; requires = [ "network.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
preStart = ''
mkdir -p ${cfg.dataDir}/config
cp -f ${cfgFile} ${cfg.dataDir}/config/config.yml
'';
serviceConfig = { serviceConfig = {
User = "pangolin"; User = "pangolin";
Group = "fossorial"; Group = "fossorial";
@@ -317,6 +312,11 @@ in
"~@swap:EPERM" "~@swap:EPERM"
"~@timer:EPERM" "~@timer:EPERM"
]; ];
ExecStartPre = [
"${lib.getExe' pkgs.coreutils "mkdir"} -p ${cfg.dataDir}/config"
"${lib.getExe' pkgs.coreutils "cp"} -f ${cfgFile} ${cfg.dataDir}/config/config.yml"
];
ExecStart = lib.getExe cfg.package; ExecStart = lib.getExe cfg.package;
}; };
}; };

10
nixos/modules/services/networking/pdnsd.nix
View File

@@ -80,13 +80,13 @@ in
systemd.services.pdnsd = { systemd.services.pdnsd = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
preStart = ''
mkdir -p "${cfg.cacheDir}"
touch "${cfg.cacheDir}/pdnsd.cache"
chown -R ${pdnsdUser}:${pdnsdGroup} "${cfg.cacheDir}"
'';
description = "pdnsd"; description = "pdnsd";
serviceConfig = { serviceConfig = {
ExecStartPre = [
"${lib.getExe' pkgs.coreutils "mkdir"} -p '${cfg.cacheDir}'"
"${lib.getExe' pkgs.coreutils "touch"} '${cfg.cacheDir}/pdnsd.cache'"
"${lib.getExe' pkgs.coreutils "chown"} -R ${pdnsdUser}:${pdnsdGroup} '${cfg.cacheDir}'"
];
ExecStart = "${pdnsd}/bin/pdnsd -c ${pdnsdConf}"; ExecStart = "${pdnsd}/bin/pdnsd -c ${pdnsdConf}";
}; };
}; };

2
nixos/modules/services/networking/redsocks.nix
View File

@@ -276,7 +276,7 @@ in
description = "Redsocks"; description = "Redsocks";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
script = "${pkgs.redsocks}/bin/redsocks -c ${configfile}"; serviceConfig.ExecStart = "${lib.getExe pkgs.redsocks} -c ${configfile}";
}; };
networking.firewall.extraCommands = iptables; networking.firewall.extraCommands = iptables;

8
nixos/modules/services/networking/smokeping.nix
View File

@@ -337,12 +337,12 @@ in
serviceConfig = { serviceConfig = {
User = cfg.user; User = cfg.user;
Restart = "on-failure"; Restart = "on-failure";
ExecStartPre = [
"${cfg.package}/bin/smokeping --check --config=${configPath}"
"${cfg.package}/bin/smokeping --static --config=${configPath}"
];
ExecStart = "${cfg.package}/bin/smokeping --config=/etc/smokeping.conf --nodaemon"; ExecStart = "${cfg.package}/bin/smokeping --config=/etc/smokeping.conf --nodaemon";
}; };
preStart = ''
${cfg.package}/bin/smokeping --check --config=${configPath}
${cfg.package}/bin/smokeping --static --config=${configPath}
'';
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

6
nixos/modules/services/networking/supybot.nix
View File

@@ -104,14 +104,12 @@ in
documentation = [ "https://limnoria.readthedocs.io/" ]; documentation = [ "https://limnoria.readthedocs.io/" ];
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = ''
# This needs to be created afresh every time
rm -f '${cfg.stateDir}/supybot.cfg.bak'
'';
startLimitIntervalSec = 5 * 60; # 5 min startLimitIntervalSec = 5 * 60; # 5 min
startLimitBurst = 1; startLimitBurst = 1;
serviceConfig = { serviceConfig = {
# This needs to be created afresh every time
ExecStartPre = "${lib.getExe' pkgs.coreutils "rm"} -f '${cfg.stateDir}/supybot.cfg.bak'";
ExecStart = "${pyEnv}/bin/supybot ${cfg.stateDir}/supybot.cfg"; ExecStart = "${pyEnv}/bin/supybot ${cfg.stateDir}/supybot.cfg";
PIDFile = "/run/supybot.pid"; PIDFile = "/run/supybot.pid";
User = "supybot"; User = "supybot";

4
nixos/modules/services/networking/tailscale.nix
View File

@@ -240,10 +240,8 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
ExecStart = "${lib.getExe cfg.package} set ${escapeShellArgs cfg.extraSetFlags}";
}; };
script = ''
${lib.getExe cfg.package} set ${escapeShellArgs cfg.extraSetFlags}
'';
}; };
boot.kernel.sysctl = mkIf (cfg.useRoutingFeatures == "server" || cfg.useRoutingFeatures == "both") { boot.kernel.sysctl = mkIf (cfg.useRoutingFeatures == "server" || cfg.useRoutingFeatures == "both") {

2
nixos/modules/services/networking/thelounge.nix
View File

@@ -112,11 +112,11 @@ in
systemd.services.thelounge = { systemd.services.thelounge = {
description = "The Lounge web IRC client"; description = "The Lounge web IRC client";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = "ln -sf ${pkgs.writeText "config.js" configJsData} ${dataDir}/config.js";
environment.THELOUNGE_PACKAGES = mkIf (cfg.plugins != [ ]) "${plugins}"; environment.THELOUNGE_PACKAGES = mkIf (cfg.plugins != [ ]) "${plugins}";
serviceConfig = { serviceConfig = {
User = "thelounge"; User = "thelounge";
StateDirectory = baseNameOf dataDir; StateDirectory = baseNameOf dataDir;
ExecStartPre = "${lib.getExe' pkgs.coreutils "ln"} -sf ${pkgs.writeText "config.js" configJsData} ${dataDir}/config.js";
ExecStart = "${getExe cfg.package} start"; ExecStart = "${getExe cfg.package} start";
}; };
}; };

9
nixos/modules/services/networking/tinydns.nix
View File

@@ -58,10 +58,11 @@ with lib;
ln -sf ${pkgs.writeText "tinydns-data" config.services.tinydns.data} data ln -sf ${pkgs.writeText "tinydns-data" config.services.tinydns.data} data
tinydns-data tinydns-data
''; '';
script = '' serviceConfig = {
cd /var/lib/tinydns StateDirectory = "tinydns";
exec ./run WorkingDirectory = "/var/lib/tinydns";
''; ExecStart = "/var/lib/tinydns/run";
};
}; };
}; };
} }

25
nixos/modules/services/networking/toxvpn.nix
View File

@@ -43,20 +43,19 @@ with lib;
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
preStart = ''
mkdir -p /run/toxvpn || true
chown toxvpn /run/toxvpn
'';
path = [ pkgs.toxvpn ];
script = ''
exec toxvpn -i ${config.services.toxvpn.localip} -l /run/toxvpn/control -u toxvpn -p ${toString config.services.toxvpn.port} ${
lib.concatMapStringsSep " " (x: "-a ${x}") config.services.toxvpn.auto_add_peers
}
'';
serviceConfig = { serviceConfig = {
ExecStart =
let
args = lib.cli.toCommandLineShellGNU { } {
i = config.services.toxvpn.localip;
l = "/run/toxvpn/control";
u = "toxvpn";
p = config.services.toxvpn.port;
a = config.services.toxvpn.auto_add_peers;
};
in
"${lib.getExe pkgs.toxvpn} ${args}";
RuntimeDirectory = "toxvpn";
KillMode = "process"; KillMode = "process";
Restart = "on-success"; Restart = "on-success";
Type = "notify"; Type = "notify";

2
nixos/modules/services/networking/twingate.nix
View File

@@ -17,7 +17,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.packages = [ cfg.package ]; systemd.packages = [ cfg.package ];
systemd.services.twingate = { systemd.services.twingate = {
preStart = "cp -r --update=none ${cfg.package}/etc/twingate/. /etc/twingate/"; serviceConfig.ExecStartPre = "${lib.getExe' pkgs.coreutils "cp"} -r --update=none ${cfg.package}/etc/twingate/. /etc/twingate/";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };

3
nixos/modules/services/networking/xinetd.nix
View File

@@ -143,8 +143,7 @@ in
description = "xinetd server"; description = "xinetd server";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = [ pkgs.xinetd ]; serviceConfig.ExecStart = "${lib.getExe pkgs.xinetd} -syslog daemon -dontfork -stayalive -f ${configFile}";
script = "exec xinetd -syslog daemon -dontfork -stayalive -f ${configFile}";
}; };
}; };
} }

4
nixos/modules/services/networking/xray.nix
View File

@@ -93,10 +93,8 @@ with lib;
description = "xray Daemon"; description = "xray Daemon";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
script = ''
exec "${cfg.package}/bin/xray" -config "$CREDENTIALS_DIRECTORY/config.json"
'';
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/xray -config %d/config.json";
DynamicUser = true; DynamicUser = true;
LoadCredential = "config.json:${settingsFile}"; LoadCredential = "config.json:${settingsFile}";
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE"; CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";

8
nixos/modules/services/networking/zerobin.nix
View File

@@ -91,14 +91,14 @@ in
enable = true; enable = true;
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStartPre = [
"${lib.getExe' pkgs.coreutils "mkdir"} -p ${cfg.dataDir}"
"${lib.getExe' pkgs.coreutils "chown"} ${cfg.user} ${cfg.dataDir}"
];
serviceConfig.ExecStart = "${pkgs.zerobin}/bin/zerobin ${cfg.listenAddress} ${toString cfg.listenPort} false ${cfg.user} ${cfg.group} ${zerobin_config}"; serviceConfig.ExecStart = "${pkgs.zerobin}/bin/zerobin ${cfg.listenAddress} ${toString cfg.listenPort} false ${cfg.user} ${cfg.group} ${zerobin_config}";
serviceConfig.PrivateTmp = "yes"; serviceConfig.PrivateTmp = "yes";
serviceConfig.User = cfg.user; serviceConfig.User = cfg.user;
serviceConfig.Group = cfg.group; serviceConfig.Group = cfg.group;
preStart = ''
mkdir -p ${cfg.dataDir}
chown ${cfg.user} ${cfg.dataDir}
'';
}; };
}; };
} }

2
nixos/modules/services/security/authelia.nix
View File

@@ -375,10 +375,10 @@ in
}) })
// instance.environmentVariables; // instance.environmentVariables;
preStart = "${execCommand} ${configArg} validate-config";
serviceConfig = { serviceConfig = {
User = instance.user; User = instance.user;
Group = instance.group; Group = instance.group;
ExecStartPre = "${execCommand} ${configArg} validate-config";
ExecStart = "${execCommand} ${configArg}"; ExecStart = "${execCommand} ${configArg}";
Restart = "always"; Restart = "always";
RestartSec = "5s"; RestartSec = "5s";

10
nixos/modules/services/security/certmgr.nix
View File

@@ -34,11 +34,6 @@ let
[ spec ] [ spec ]
) (lib.attrValues cfg.specs) ) (lib.attrValues cfg.specs)
); );
preStart = ''
${lib.concatStringsSep " \\\n" ([ "mkdir -p" ] ++ map lib.escapeShellArg specPaths)}
${cfg.package}/bin/certmgr -f ${certmgrYaml} check
'';
in in
{ {
options.services.certmgr = { options.services.certmgr = {
@@ -215,11 +210,14 @@ in
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
inherit preStart;
serviceConfig = { serviceConfig = {
Restart = "always"; Restart = "always";
RestartSec = "10s"; RestartSec = "10s";
ExecStartPre = [
"${lib.getExe' pkgs.coreutils "mkdir"} -p ${lib.escapeShellArgs specPaths}"
"${lib.getExe cfg.package} -f ${certmgrYaml} check"
];
ExecStart = "${cfg.package}/bin/certmgr -f ${certmgrYaml}"; ExecStart = "${cfg.package}/bin/certmgr -f ${certmgrYaml}";
}; };
}; };

4
nixos/modules/services/security/hologram-agent.nix
View File

@@ -55,10 +55,8 @@ in
"network-link-dummy0.service" "network-link-dummy0.service"
"network-addresses-dummy0.service" "network-addresses-dummy0.service"
]; ];
preStart = ''
/run/current-system/sw/bin/rm -fv /run/hologram.sock
'';
serviceConfig = { serviceConfig = {
ExecStartPre = "/run/current-system/sw/bin/rm -fv /run/hologram.sock";
ExecStart = "${pkgs.hologram}/bin/hologram-agent -debug -conf ${cfgFile} -port ${cfg.httpPort}"; ExecStart = "${pkgs.hologram}/bin/hologram-agent -debug -conf ${cfgFile} -port ${cfg.httpPort}";
}; };
}; };

4
nixos/modules/services/web-apps/bluemap.nix
View File

@@ -298,10 +298,8 @@ in
Type = "oneshot"; Type = "oneshot";
Group = "nginx"; Group = "nginx";
UMask = "026"; UMask = "026";
ExecStart = "${lib.getExe pkgs.bluemap} -c ${configFolder} -gs -r";
}; };
script = ''
${lib.getExe pkgs.bluemap} -c ${configFolder} -gs -r
'';
}; };
systemd.timers."render-bluemap-maps" = lib.mkIf cfg.enableRender { systemd.timers."render-bluemap-maps" = lib.mkIf cfg.enableRender {

21
nixos/modules/services/web-apps/cloudlog.nix
View File

@@ -383,37 +383,44 @@ in
cloudlog-upload-lotw = { cloudlog-upload-lotw = {
description = "Upload QSOs to LoTW if certs have been provided"; description = "Upload QSOs to LoTW if certs have been provided";
enable = cfg.upload-lotw.enable; enable = cfg.upload-lotw.enable;
script = "${pkgs.curl}/bin/curl -s ${cfg.baseUrl}/lotw/lotw_upload"; serviceConfig.ExecStart = "${lib.getExe pkgs.curl} -s ${cfg.baseUrl}/lotw/lotw_upload";
serviceConfig.Type = "oneshot";
}; };
cloudlog-update-lotw-users = { cloudlog-update-lotw-users = {
description = "Update LOTW Users Database"; description = "Update LOTW Users Database";
enable = cfg.update-lotw-users.enable; enable = cfg.update-lotw-users.enable;
script = "${pkgs.curl}/bin/curl -s ${cfg.baseUrl}/lotw/load_users"; serviceConfig.ExecStart = "${lib.getExe pkgs.curl} -s ${cfg.baseUrl}/lotw/load_users";
serviceConfig.Type = "oneshot";
}; };
cloudlog-update-dok = { cloudlog-update-dok = {
description = "Update DOK File for autocomplete"; description = "Update DOK File for autocomplete";
enable = cfg.update-dok.enable; enable = cfg.update-dok.enable;
script = "${pkgs.curl}/bin/curl -s ${cfg.baseUrl}/update/update_dok"; serviceConfig.ExecStart = "${lib.getExe pkgs.curl} -s ${cfg.baseUrl}/update/update_dok";
serviceConfig.Type = "oneshot";
}; };
cloudlog-update-clublog-scp = { cloudlog-update-clublog-scp = {
description = "Update Clublog SCP Database File"; description = "Update Clublog SCP Database File";
enable = cfg.update-clublog-scp.enable; enable = cfg.update-clublog-scp.enable;
script = "${pkgs.curl}/bin/curl -s ${cfg.baseUrl}/update/update_clublog_scp"; serviceConfig.ExecStart = "${lib.getExe pkgs.curl} -s ${cfg.baseUrl}/update/update_clublog_scp";
serviceConfig.Type = "oneshot";
}; };
cloudlog-update-wwff = { cloudlog-update-wwff = {
description = "Update WWFF File for autocomplete"; description = "Update WWFF File for autocomplete";
enable = cfg.update-wwff.enable; enable = cfg.update-wwff.enable;
script = "${pkgs.curl}/bin/curl -s ${cfg.baseUrl}/update/update_wwff"; serviceConfig.ExecStart = "${lib.getExe pkgs.curl} -s ${cfg.baseUrl}/update/update_wwff";
serviceConfig.Type = "oneshot";
}; };
cloudlog-upload-qrz = { cloudlog-upload-qrz = {
description = "Upload QSOs to QRZ Logbook"; description = "Upload QSOs to QRZ Logbook";
enable = cfg.upload-qrz.enable; enable = cfg.upload-qrz.enable;
script = "${pkgs.curl}/bin/curl -s ${cfg.baseUrl}/qrz/upload"; serviceConfig.ExecStart = "${lib.getExe pkgs.curl} -s ${cfg.baseUrl}/qrz/upload";
serviceConfig.Type = "oneshot";
}; };
cloudlog-update-sota = { cloudlog-update-sota = {
description = "Update SOTA File for autocomplete"; description = "Update SOTA File for autocomplete";
enable = cfg.update-sota.enable; enable = cfg.update-sota.enable;
script = "${pkgs.curl}/bin/curl -s ${cfg.baseUrl}/update/update_sota"; serviceConfig.ExecStart = "${lib.getExe pkgs.curl} -s ${cfg.baseUrl}/update/update_sota";
serviceConfig.Type = "oneshot";
}; };
}; };
timers = { timers = {

11
nixos/modules/services/web-apps/galene.nix
View File

@@ -133,19 +133,16 @@ in
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = ''
${optionalString (cfg.insecure != true && cfg.certFile != null && cfg.keyFile != null) ''
install -m 700 -o '${cfg.user}' -g '${cfg.group}' ${cfg.certFile} ${cfg.dataDir}/cert.pem
install -m 700 -o '${cfg.user}' -g '${cfg.group}' ${cfg.keyFile} ${cfg.dataDir}/key.pem
''}
'';
serviceConfig = mkMerge [ serviceConfig = mkMerge [
{ {
Type = "simple"; Type = "simple";
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
WorkingDirectory = cfg.stateDir; WorkingDirectory = cfg.stateDir;
ExecStartPre = lib.mkIf (cfg.insecure != true && cfg.certFile != null && cfg.keyFile != null) [
"${lib.getExe' pkgs.coreutils "install"} -m 700 -o '${cfg.user}' -g '${cfg.group}' ${cfg.certFile} ${cfg.dataDir}/cert.pem"
"${lib.getExe' pkgs.coreutils "install"} -m 700 -o '${cfg.user}' -g '${cfg.group}' ${cfg.keyFile} ${cfg.dataDir}/key.pem"
];
ExecStart = '' ExecStart = ''
${cfg.package}/bin/galene \ ${cfg.package}/bin/galene \
${optionalString (cfg.insecure) "-insecure"} \ ${optionalString (cfg.insecure) "-insecure"} \

5
nixos/modules/services/web-apps/glitchtip.nix
View File

@@ -236,11 +236,8 @@ in
glitchtip = commonService // { glitchtip = commonService // {
description = "GlitchTip"; description = "GlitchTip";
preStart = ''
${lib.getExe pkg} migrate
'';
serviceConfig = commonServiceConfig // { serviceConfig = commonServiceConfig // {
ExecStartPre = "${lib.getExe pkg} migrate";
ExecStart = '' ExecStart = ''
${lib.getExe python.pkgs.gunicorn} \ ${lib.getExe python.pkgs.gunicorn} \
--bind=${cfg.listenAddress}:${toString cfg.port} \ --bind=${cfg.listenAddress}:${toString cfg.port} \

11
nixos/modules/services/web-apps/healthchecks.nix
View File

@@ -237,14 +237,13 @@ in
wantedBy = [ "healthchecks.target" ]; wantedBy = [ "healthchecks.target" ];
after = [ "healthchecks-migration.service" ]; after = [ "healthchecks-migration.service" ];
preStart = ''
${pkg}/opt/healthchecks/manage.py collectstatic --no-input
${pkg}/opt/healthchecks/manage.py remove_stale_contenttypes --no-input
''
+ lib.optionalString (cfg.settings.DEBUG != "True") "${pkg}/opt/healthchecks/manage.py compress";
serviceConfig = commonConfig // { serviceConfig = commonConfig // {
Restart = "always"; Restart = "always";
ExecStartPre = [
"${pkg}/opt/healthchecks/manage.py collectstatic --no-input"
"${pkg}/opt/healthchecks/manage.py remove_stale_contenttypes --no-input"
]
++ lib.optionals (cfg.settings.DEBUG != "True") [ "${pkg}/opt/healthchecks/manage.py compress" ];
ExecStart = '' ExecStart = ''
${pkgs.python3Packages.gunicorn}/bin/gunicorn hc.wsgi \ ${pkgs.python3Packages.gunicorn}/bin/gunicorn hc.wsgi \
--bind ${cfg.listenAddress}:${toString cfg.port} \ --bind ${cfg.listenAddress}:${toString cfg.port} \

34
nixos/modules/services/web-apps/mediagoblin.nix
View File

@@ -310,19 +310,6 @@ in
in in
{ {
mediagoblin-celeryd = lib.recursiveUpdate serviceDefaults { mediagoblin-celeryd = lib.recursiveUpdate serviceDefaults {
# we cannot change DEFAULT.data_dir inside mediagoblin.ini because of an annoying bug
# https://todo.sr.ht/~mediagoblin/mediagoblin/57
preStart = ''
cp --remove-destination ${
pkgs.writeText "mediagoblin.ini" (
lib.generators.toINI { } (lib.filterAttrsRecursive (n: v: n != "plugins") cfg.settings)
+ "\n"
+ lib.generators.toINI { mkKeyValue = mkSubSectionKeyValue 2; } {
inherit (cfg.settings.mediagoblin) plugins;
}
)
} /var/lib/mediagoblin/mediagoblin.ini
'';
serviceConfig = { serviceConfig = {
Environment = [ Environment = [
"CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery" "CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery"
@@ -331,6 +318,19 @@ in
"MEDIAGOBLIN_CONFIG=/var/lib/mediagoblin/mediagoblin.ini" "MEDIAGOBLIN_CONFIG=/var/lib/mediagoblin/mediagoblin.ini"
"PASTE_CONFIG=${pasteConfig}" "PASTE_CONFIG=${pasteConfig}"
]; ];
# we cannot change DEFAULT.data_dir inside mediagoblin.ini because of an annoying bug
# https://todo.sr.ht/~mediagoblin/mediagoblin/57
ExecStartPre = ''
${lib.getExe' pkgs.coreutils "cp"} --remove-destination ${
pkgs.writeText "mediagoblin.ini" (
lib.generators.toINI { } (lib.filterAttrsRecursive (n: v: n != "plugins") cfg.settings)
+ "\n"
+ lib.generators.toINI { mkKeyValue = mkSubSectionKeyValue 2; } {
inherit (cfg.settings.mediagoblin) plugins;
}
)
} /var/lib/mediagoblin/mediagoblin.ini
'';
ExecStart = "${lib.getExe' finalPackage "celery"} worker --loglevel=INFO"; ExecStart = "${lib.getExe' finalPackage "celery"} worker --loglevel=INFO";
}; };
unitConfig.Description = "MediaGoblin Celery"; unitConfig.Description = "MediaGoblin Celery";
@@ -345,16 +345,16 @@ in
"mediagoblin-celeryd.service" "mediagoblin-celeryd.service"
"postgresql.target" "postgresql.target"
]; ];
preStart = ''
cp --remove-destination ${pasteConfig} /var/lib/mediagoblin/paste.ini
${lib.getExe' finalPackage "gmg"} dbupdate
'';
serviceConfig = { serviceConfig = {
Environment = [ Environment = [
"CELERY_ALWAYS_EAGER=false" "CELERY_ALWAYS_EAGER=false"
"GI_TYPELIB_PATH=${GI_TYPELIB_PATH}" "GI_TYPELIB_PATH=${GI_TYPELIB_PATH}"
"GST_PLUGIN_PATH=${GST_PLUGIN_PATH}" "GST_PLUGIN_PATH=${GST_PLUGIN_PATH}"
]; ];
ExecStartPre = [
"${lib.getExe' pkgs.coreutils "cp"} --remove-destination ${pasteConfig} /var/lib/mediagoblin/paste.ini"
"${lib.getExe' finalPackage "gmg"} dbupdate"
];
ExecStart = "${lib.getExe' finalPackage "paster"} serve /var/lib/mediagoblin/paste.ini"; ExecStart = "${lib.getExe' finalPackage "paster"} serve /var/lib/mediagoblin/paste.ini";
}; };
unitConfig.Description = "Mediagoblin"; unitConfig.Description = "Mediagoblin";

12
nixos/modules/services/web-apps/miniflux.nix
View File

@@ -18,14 +18,6 @@ let
cfg = config.services.miniflux; cfg = config.services.miniflux;
boolToInt = b: if b then 1 else 0; boolToInt = b: if b then 1 else 0;
pgbin = "${config.services.postgresql.package}/bin";
# The hstore extension is no longer needed as of v2.2.14
# and would prevent Miniflux from starting.
preStart = pkgs.writeScript "miniflux-pre-start" ''
#!${pkgs.runtimeShell}
${pgbin}/psql "miniflux" -c "DROP EXTENSION IF EXISTS hstore"
'';
in in
{ {
@@ -141,7 +133,9 @@ in
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = config.services.postgresql.superUser; User = config.services.postgresql.superUser;
ExecStart = preStart; # The hstore extension is no longer needed as of v2.2.14
# and would prevent Miniflux from starting.
ExecStart = ''${config.services.postgresql.package}/bin/psql "miniflux" -c "DROP EXTENSION IF EXISTS hstore"'';
}; };
}; };

24
nixos/modules/services/web-apps/misskey.nix
View File

@@ -326,19 +326,19 @@ in
environment = { environment = {
MISSKEY_CONFIG_YML = "/run/misskey/default.yml"; MISSKEY_CONFIG_YML = "/run/misskey/default.yml";
}; };
preStart = ''
install -m 700 ${settingsFormat.generate "misskey-config.yml" cfg.settings} /run/misskey/default.yml
''
+ (lib.optionalString (cfg.database.passwordFile != null) ''
${pkgs.replace-secret}/bin/replace-secret '@DATABASE_PASSWORD@' "${cfg.database.passwordFile}" /run/misskey/default.yml
'')
+ (lib.optionalString (cfg.redis.passwordFile != null) ''
${pkgs.replace-secret}/bin/replace-secret '@REDIS_PASSWORD@' "${cfg.redis.passwordFile}" /run/misskey/default.yml
'')
+ (lib.optionalString (cfg.meilisearch.keyFile != null) ''
${pkgs.replace-secret}/bin/replace-secret '@MEILISEARCH_KEY@' "${cfg.meilisearch.keyFile}" /run/misskey/default.yml
'');
serviceConfig = { serviceConfig = {
ExecStartPre = [
"${lib.getExe' pkgs.coreutils "install"} -m 700 ${settingsFormat.generate "misskey-config.yml" cfg.settings} /run/misskey/default.yml"
]
++ (lib.optionals (cfg.database.passwordFile != null) [
"${lib.getExe pkgs.replace-secret} '@DATABASE_PASSWORD@' '${cfg.database.passwordFile}' /run/misskey/default.yml"
])
++ (lib.optionals (cfg.redis.passwordFile != null) [
"${lib.getExe pkgs.replace-secret} '@REDIS_PASSWORD@' '${cfg.redis.passwordFile}' /run/misskey/default.yml"
])
++ (lib.optionals (cfg.meilisearch.keyFile != null) [
"${lib.getExe pkgs.replace-secret} '@MEILISEARCH_KEY@' '${cfg.meilisearch.keyFile}' /run/misskey/default.yml"
]);
ExecStart = "${cfg.package}/bin/misskey migrateandstart"; ExecStart = "${cfg.package}/bin/misskey migrateandstart";
RuntimeDirectory = "misskey"; RuntimeDirectory = "misskey";
RuntimeDirectoryMode = "700"; RuntimeDirectoryMode = "700";

3
nixos/modules/services/web-apps/nexus.nix
View File

@@ -142,9 +142,8 @@ in
fi fi
''; '';
script = "${cfg.package}/bin/nexus run";
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/nexus run";
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
PrivateTmp = true; PrivateTmp = true;

5
nixos/modules/services/web-apps/part-db.nix
View File

@@ -200,6 +200,7 @@ in
requires = [ "postgresql.target" ]; requires = [ "postgresql.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
ExecStart = "${lib.getExe cfg.phpPackage} ${lib.getExe' cfg.package "console"} doctrine:migrations:migrate --no-interaction";
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
User = "part-db"; User = "part-db";
@@ -207,10 +208,6 @@ in
restartTriggers = [ restartTriggers = [
cfg.package cfg.package
]; ];
script = ''
set -euo pipefail
${lib.getExe cfg.phpPackage} ${lib.getExe' cfg.package "console"} doctrine:migrations:migrate --no-interaction
'';
}; };
phpfpm-part-db = { phpfpm-part-db = {

5
nixos/modules/services/web-apps/peering-manager.nix
View File

@@ -307,11 +307,8 @@ in
] ]
++ lib.optionals (cfg.environmentFile != null) [ "peering-manager-config.service" ]; ++ lib.optionals (cfg.environmentFile != null) [ "peering-manager-config.service" ];
preStart = ''
${pkg}/bin/peering-manager remove_stale_contenttypes --no-input
'';
serviceConfig = { serviceConfig = {
ExecStartPre = "${pkg}/bin/peering-manager remove_stale_contenttypes --no-input";
ExecStart = '' ExecStart = ''
${pkg.python.pkgs.gunicorn}/bin/gunicorn peering_manager.wsgi \ ${pkg.python.pkgs.gunicorn}/bin/gunicorn peering_manager.wsgi \
--bind ${cfg.listenAddress}:${toString cfg.port} \ --bind ${cfg.listenAddress}:${toString cfg.port} \

4
nixos/modules/services/web-apps/silverbullet.nix
View File

@@ -95,7 +95,6 @@ in
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = lib.mkIf (!lib.hasPrefix "/var/lib/" cfg.spaceDir) "mkdir -p '${cfg.spaceDir}'";
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "${cfg.user}"; User = "${cfg.user}";
@@ -104,6 +103,9 @@ in
StateDirectory = lib.mkIf (lib.hasPrefix "/var/lib/" cfg.spaceDir) ( StateDirectory = lib.mkIf (lib.hasPrefix "/var/lib/" cfg.spaceDir) (
lib.last (lib.splitString "/" cfg.spaceDir) lib.last (lib.splitString "/" cfg.spaceDir)
); );
ExecStartPre = lib.mkIf (
!lib.hasPrefix "/var/lib/" cfg.spaceDir
) "${lib.getExe' pkgs.coreutils "mkdir"} -p '${cfg.spaceDir}'";
ExecStart = ExecStart =
"${lib.getExe cfg.package} --port ${toString cfg.listenPort} --hostname '${cfg.listenAddress}' '${cfg.spaceDir}' " "${lib.getExe cfg.package} --port ${toString cfg.listenPort} --hostname '${cfg.listenAddress}' '${cfg.spaceDir}' "
+ lib.concatStringsSep " " cfg.extraArgs; + lib.concatStringsSep " " cfg.extraArgs;

6
nixos/modules/services/web-apps/wakapi.nix
View File

@@ -143,10 +143,6 @@ in
++ optional (cfg.database.dialect == "postgres") "postgresql.target"; ++ optional (cfg.database.dialect == "postgres") "postgresql.target";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
script = ''
exec ${getExe cfg.package} -config ${settingsFile}
'';
serviceConfig = { serviceConfig = {
Environment = mkMerge [ Environment = mkMerge [
(mkIf (cfg.passwordSalt != null) "WAKAPI_PASSWORD_SALT=${cfg.passwordSalt}") (mkIf (cfg.passwordSalt != null) "WAKAPI_PASSWORD_SALT=${cfg.passwordSalt}")
@@ -157,6 +153,8 @@ in
(lib.optional (cfg.passwordSaltFile != null) cfg.passwordSaltFile) (lib.optional (cfg.passwordSaltFile != null) cfg.passwordSaltFile)
++ (lib.optional (cfg.smtpPasswordFile != null) cfg.smtpPasswordFile); ++ (lib.optional (cfg.smtpPasswordFile != null) cfg.smtpPasswordFile);
ExecStart = "${getExe cfg.package} -config ${settingsFile}";
User = config.users.users.wakapi.name; User = config.users.users.wakapi.name;
Group = config.users.users.wakapi.group; Group = config.users.users.wakapi.group;

3
nixos/modules/services/web-servers/h2o/default.nix
View File

@@ -443,6 +443,7 @@ in
++ builtins.map (certName: "acme-${certName}.service") acmeCertNames.all; ++ builtins.map (certName: "acme-${certName}.service") acmeCertNames.all;
serviceConfig = { serviceConfig = {
ExecStartPre = "${h2oExe} --mode 'test'";
ExecStart = "${h2oExe} --mode 'master'"; ExecStart = "${h2oExe} --mode 'master'";
ExecReload = [ ExecReload = [
"${h2oExe} --mode 'test'" "${h2oExe} --mode 'test'"
@@ -483,8 +484,6 @@ in
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
CapabilitiesBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; CapabilitiesBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
}; };
preStart = "${h2oExe} --mode 'test'";
}; };
# This service waits for all certificates to be available before reloading # This service waits for all certificates to be available before reloading

2
nixos/modules/services/web-servers/jboss/default.nix
View File

@@ -93,7 +93,7 @@ in
config = mkIf config.services.jboss.enable { config = mkIf config.services.jboss.enable {
systemd.services.jboss = { systemd.services.jboss = {
description = "JBoss server"; description = "JBoss server";
script = "${jbossService}/bin/control start"; serviceConfig.ExecStart = "${jbossService}/bin/control start";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
}; };

4
nixos/tests/paperless.nix
View File

@@ -116,9 +116,9 @@
assert "1 timers listed." in timers, "incorrect number of timers" assert "1 timers listed." in timers, "incorrect number of timers"
# Double check that our attrset option override works as expected # Double check that our attrset option override works as expected
cmdline = node.succeed("grep 'paperless-manage' $(systemctl cat paperless-exporter | grep ExecStart | cut -f 2 -d=)") cmdline = node.succeed("systemctl cat paperless-exporter | grep ExecStart | grep 'paperless-manage' | cut -f 2 -d=")
print(f"Exporter command line {cmdline!r}") print(f"Exporter command line {cmdline!r}")
assert cmdline.strip() == "paperless-manage document_exporter /var/lib/paperless/export --compare-checksums --delete --no-progress-bar --no-thumbnail", "Unexpected exporter command line" assert cmdline.strip().endswith("paperless-manage document_exporter /var/lib/paperless/export --compare-checksums --delete --no-progress-bar --no-thumbnail"), "Unexpected exporter command line"
test_paperless(simple) test_paperless(simple)
simple.send_monitor_command("quit") simple.send_monitor_command("quit")