All activation scripts run in serial upon boot and nixos-rebuild switch
etc., in contrast to preStart which run before a service starts, and can
run in parallel with other services.
The munin(-node) activation script is particularly slow. Change it to a
preStart script so that it can run in parallel with other services and
not slow down boot (or nixos-rebuild switch).
This reduces (repeated) "nixos-rebuild test" time from ~16 seconds to ~8
on my (old) laptop.
We now track copied files in /etc/.clean. This is important, because
otherwise files that are removed from environment.etc will not
actually be removed from the file system. In particular, changing
users.extraUsers.<user>.openssh.authorizedKeys.keys to an empty list
would not cause /etc/ssh/authorized_keys.d/<user> to be removed, which
was a security issue.
It only needs to be started during boot. Starting it at other times
shouldn't hurt, except that if systemd-journald is restarting at the
same time, the latter might not have a SIGUSR1 signal handler
installed yet, so it might be killed by systemd-journal-flush. (At
least that's my theory about the dead systemd-journald instances in
the build farm...)
Commit 89fee1006c ("nixos/redis: clean up
option types") broke nixos evaluation:
error: attempt to call something which is not a function but a set, at .../nixpkgs/nixos/modules/services/databases/redis.nix:111:28
Fix it.
Reported by Oliver Charles (thanks!).
Apart from s/types.string/types.str/ (or types.lines where appropriate):
* port is changed from string to int.
* extraFlags is changed from types.string (with unfortunate merge
semantics) into a list of strings. A list of strings merge better:
one space is added between elements.
It's only needed during early boot (in fact, it's probably not needed
at all on NixOS). Restarting it is expensive because it does a sync()
of the root file system.
This reverts commit a3331eb87b.
See https://github.com/NixOS/nixpkgs/issues/2559#issuecomment-47313334
for a description why this is not a good idea.
I guess it's better to implement a sane way to remove all files in
authorized_keys.d, especially because it is also backwards-compatible.
Reopens#2559.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>