lldpd: 0.9.7 -> 0.9.8

Now uses the upstream systemd unit which adds lots of hardening flags.

nixos/modules/services/networking/lldpd.nix

@@ -28,16 +28,11 @@ in
     users.extraGroups._lldpd = {};
 
     environment.systemPackages = [ pkgs.lldpd ];
+    systemd.packages = [ pkgs.lldpd ];
 
     systemd.services.lldpd = {
       wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" ];
-      requires = [ "network.target" ];
-      serviceConfig = {
-        ExecStart = "${pkgs.lldpd}/bin/lldpd -d ${concatStringsSep " " cfg.extraArgs}";
-        PrivateTmp = true;
-        PrivateDevices = true;
-      };
+      environment.LLDPD_OPTIONS = concatStringsSep " " cfg.extraArgs;
     };
   };
 }

pkgs/tools/networking/lldpd/default.nix

@@ -3,17 +3,18 @@
 
 stdenv.mkDerivation rec {
   name = "lldpd-${version}";
-  version = "0.9.7";
+  version = "0.9.8";
 
   src = fetchurl {
     url = "https://media.luffy.cx/files/lldpd/${name}.tar.gz";
-    sha256 = "1f0d5s4643pjmgycc5ssgl1pggyq5a7navhabkyhcg0aqdah6dmr";
+    sha256 = "0kwck17cr2f1a395a8bfmj7fz1n4i1hv429cbdbkhff33glr9r4y";
   };
 
   configureFlags = [
     "--localstatedir=/var"
     "--enable-pie"
     "--with-snmp"
+    "--with-systemdsystemunitdir=\${out}/lib/systemd/system"
   ];
 
   nativeBuildInputs = [ pkgconfig removeReferencesTo ];