diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
index de2cd7bef6d6..edc6b5c50d05 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
@@ -596,6 +596,14 @@
+
+
+ services.uptimed now uses
+ /var/lib/uptimed as its stateDirectory
+ instead of /var/spool/uptimed. Make sure to
+ move all files to the new directory.
+
+
diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md
index 1ce78a4d7745..d49d6af26a5e 100644
--- a/nixos/doc/manual/release-notes/rl-2111.section.md
+++ b/nixos/doc/manual/release-notes/rl-2111.section.md
@@ -151,6 +151,8 @@ pt-services.clipcat.enable).
- `CoenraadS.bracket-pair-colorizer` -> `coenraads.bracket-pair-colorizer`
- `golang.Go` -> `golang.go`
+- `services.uptimed` now uses `/var/lib/uptimed` as its stateDirectory instead of `/var/spool/uptimed`. Make sure to move all files to the new directory.
+
## Other Notable Changes {#sec-release-21.11-notable-changes}
- The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.
diff --git a/nixos/modules/services/system/uptimed.nix b/nixos/modules/services/system/uptimed.nix
index 1e256c51408e..67a03876e19f 100644
--- a/nixos/modules/services/system/uptimed.nix
+++ b/nixos/modules/services/system/uptimed.nix
@@ -4,7 +4,7 @@ with lib;
let
cfg = config.services.uptimed;
- stateDir = "/var/spool/uptimed";
+ stateDir = "/var/lib/uptimed";
in
{
options = {
@@ -21,12 +21,16 @@ in
};
config = mkIf cfg.enable {
+
+ environment.systemPackages = [ pkgs.uptimed ];
+
users.users.uptimed = {
description = "Uptimed daemon user";
home = stateDir;
- createHome = true;
uid = config.ids.uids.uptimed;
+ group = "uptimed";
};
+ users.groups.uptimed = {};
systemd.services.uptimed = {
unitConfig.Documentation = "man:uptimed(8) man:uprecords(1)";
@@ -41,7 +45,7 @@ in
PrivateTmp = "yes";
PrivateNetwork = "yes";
NoNewPrivileges = "yes";
- ReadWriteDirectories = stateDir;
+ StateDirectory = [ "uptimed" ];
InaccessibleDirectories = "/home";
ExecStart = "${pkgs.uptimed}/sbin/uptimed -f -p ${stateDir}/pid";
};
diff --git a/pkgs/tools/system/uptimed/default.nix b/pkgs/tools/system/uptimed/default.nix
index 5d0d49f198e1..ac991436f53e 100644
--- a/pkgs/tools/system/uptimed/default.nix
+++ b/pkgs/tools/system/uptimed/default.nix
@@ -14,6 +14,11 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ autoreconfHook ];
patches = [ ./no-var-spool-install.patch ];
+ postPatch = ''
+ substituteInPlace libuptimed/urec.h \
+ --replace /var/spool /var/lib
+ '';
+
meta = with lib; {
description = "Uptime record daemon";
longDescription = ''