diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md index cb005a1e9b96..4526cc88065d 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md @@ -168,6 +168,9 @@ to review the new defaults and description of [](#opt-services.nextcloud.poolSettings). +- The `services.locate` module does no longer support findutil's `locate` due to its inferior performance compared to `mlocate` and `plocate`. The new default is `plocate`. + As the `service.locate.localuser` option only applied when using findutil's `locate`, it has also been removed. + - `kmonad` is now hardened by default using common `systemd` settings. If KMonad is used to execute shell commands, hardening may make some of them fail. In that case, you can disable hardening using {option}`services.kmonad.keyboards..enableHardening` option. diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix index 5b57463bff6e..092852330437 100644 --- a/nixos/modules/misc/locate.nix +++ b/nixos/modules/misc/locate.nix @@ -9,14 +9,15 @@ let cfg = config.services.locate; isMLocate = lib.hasPrefix "mlocate" cfg.package.name; isPLocate = lib.hasPrefix "plocate" cfg.package.name; - isMorPLocate = isMLocate || isPLocate; - isFindutils = lib.hasPrefix "findutils" cfg.package.name; in { imports = [ (lib.mkRenamedOptionModule [ "services" "locate" "period" ] [ "services" "locate" "interval" ]) (lib.mkRenamedOptionModule [ "services" "locate" "locate" ] [ "services" "locate" "package" ]) (lib.mkRemovedOptionModule [ "services" "locate" "includeStore" ] "Use services.locate.prunePaths") + (lib.mkRemovedOptionModule [ "services" "locate" "localuser" ] + "The services.locate.localuser option has been removed because support for findutils locate has been removed." + ) ]; options.services.locate = { @@ -29,7 +30,7 @@ in ''; }; - package = lib.mkPackageOption pkgs [ "findutils" "locate" ] { + package = lib.mkPackageOption pkgs [ "plocate" ] { example = "mlocate"; }; @@ -65,15 +66,6 @@ in ''; }; - localuser = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = "nobody"; - description = '' - The user to search non-network directories as, using - {command}`su`. - ''; - }; - pruneFS = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ @@ -180,7 +172,7 @@ in pruneNames = lib.mkOption { type = lib.types.listOf lib.types.str; - default = lib.optionals (!isFindutils) [ + default = [ ".bzr" ".cache" ".git" @@ -229,7 +221,7 @@ in source = "${cfg.package}/bin/plocate"; }; in - lib.mkIf isMorPLocate { + { locate = lib.mkMerge [ common mlocate @@ -253,59 +245,31 @@ in ''; systemPackages = [ cfg.package ]; - - variables = lib.mkIf isFindutils { - LOCATE_PATH = cfg.output; - }; }; - warnings = - lib.optional (isMorPLocate && cfg.localuser != null) - "mlocate and plocate do not support the services.locate.localuser option. updatedb will run as root. Silence this warning by setting services.locate.localuser = null." - ++ lib.optional ( - isFindutils && cfg.pruneNames != [ ] - ) "findutils locate does not support pruning by directory component" - ++ lib.optional ( - isFindutils && cfg.pruneBindMounts - ) "findutils locate does not support skipping bind mounts"; - systemd.services.update-locatedb = { description = "Update Locate Database"; - path = lib.mkIf (!isMorPLocate) [ pkgs.su ]; # mlocate's updatedb takes flags via a configuration file or # on the command line, but not by environment variable. script = - if isMorPLocate then - let - toFlags = - x: lib.optional (cfg.${x} != [ ]) "--${lib.toLower x} '${lib.concatStringsSep " " cfg.${x}}'"; - args = lib.concatLists ( - map toFlags [ - "pruneFS" - "pruneNames" - "prunePaths" - ] - ); - in - '' - exec ${cfg.package}/bin/updatedb \ - --output ${toString cfg.output} ${lib.concatStringsSep " " args} \ - --prune-bind-mounts ${if cfg.pruneBindMounts then "yes" else "no"} \ - ${lib.concatStringsSep " " cfg.extraFlags} - '' - else - '' - exec ${cfg.package}/bin/updatedb \ - ${lib.optionalString (cfg.localuser != null && !isMorPLocate) "--localuser=${cfg.localuser}"} \ - --output=${toString cfg.output} ${lib.concatStringsSep " " cfg.extraFlags} - ''; - environment = lib.optionalAttrs (!isMorPLocate) { - PRUNEFS = lib.concatStringsSep " " cfg.pruneFS; - PRUNEPATHS = lib.concatStringsSep " " cfg.prunePaths; - PRUNENAMES = lib.concatStringsSep " " cfg.pruneNames; - PRUNE_BIND_MOUNTS = if cfg.pruneBindMounts then "yes" else "no"; - }; + let + toFlags = + x: lib.optional (cfg.${x} != [ ]) "--${lib.toLower x} '${lib.concatStringsSep " " cfg.${x}}'"; + args = lib.concatLists ( + map toFlags [ + "pruneFS" + "pruneNames" + "prunePaths" + ] + ); + in + '' + exec ${cfg.package}/bin/updatedb \ + --output ${toString cfg.output} ${lib.concatStringsSep " " args} \ + --prune-bind-mounts ${if cfg.pruneBindMounts then "yes" else "no"} \ + ${lib.concatStringsSep " " cfg.extraFlags} + ''; serviceConfig = { CapabilityBoundingSet = "CAP_DAC_READ_SEARCH CAP_CHOWN"; Nice = 19;