Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead.
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
`allowKeysForGroup` is no longer available so this drops
```
security.acme.certs."example.com".allowKeysForGroup = true;
```
line. `SupplementaryGroups` should be enough for
allowing access to certificates.
While looking at the sphinx package I noticed it was heavily
undermaintained, which is when we noticed nand0p has been inactive for
roughly 18 months. It is therefore prudent to assume they will not be
maintaining their packages, modules and tests.
- Their last contribution to nixpkgs was in 2019/12
- On 2021/05/08 I wrote them an email to the address listed in the
maintainer-list, which they didn't reply to.
Or … none! Because forcing a string always results in an OnCalender=
setting, but an empty string leads to an empty value.
> postgresqlBackup-hass.timer: Timer unit lacks value setting. Refusing.
or
> postgresqlBackup-miniflux.timer: Cannot add dependency job, ignoring: Unit postgresqlBackup-miniflux.timer has a bad unit file setting.
I require the postgresqlBackup in my borgbackup unit, so I don't
strictly need the timer and could previously set it to an empty list.
* add an example for services.tor.settings.HidServAuth
* fix HidServAuth validation to require ".onion"
Per https://manpages.debian.org/testing/tor/torrc.5.en.html :
> Valid onion addresses contain 16 characters in a-z2-7 plus ".onion"
