From d42f15936dc5374c39b5906525d4c71d28eeb59d Mon Sep 17 00:00:00 2001
From: Sergey Gulin <sergeygulin96@gmail.com>
Date: Wed, 20 Dec 2023 13:00:14 +0300
Subject: [PATCH] [OPS-1402] Add warning about missing systemd restart policy

Problem: We want to be notified that restart setup is needed when
developing/testing/deploying a new module.

Solution: Add warning about missing systemd restart policy.
---
 nixos/modules/system/boot/serviceNames | 1167 ++++++++++++++++++++++++
 nixos/modules/system/boot/systemd.nix  |   21 +
 2 files changed, 1188 insertions(+)
 create mode 100644 nixos/modules/system/boot/serviceNames

diff --git a/nixos/modules/system/boot/serviceNames b/nixos/modules/system/boot/serviceNames
new file mode 100644
index 0000000000000..68455dcbd847d
--- /dev/null
+++ b/nixos/modules/system/boot/serviceNames
@@ -0,0 +1,1167 @@
+3proxy
+accounts-daemon
+acme-dns
+acpid
+activemq
+activemq_init
+actkbd@
+adguardhome
+aerospike
+aesmd
+afsd
+agate
+airsonic
+akkoma
+akkoma-config
+akkoma-initdb
+alerta
+alertmanager
+alertmanager-irc-relay
+alps
+alsa-store
+amazon-init
+amazon-ssm-agent
+amuled
+anbox-container-manager
+ankisyncd
+anki-sync-server
+antennas
+apache-kafka
+apcupsd
+apcupsd-killpower
+apparmor
+apply-ec2-data
+argononed
+aria2
+asterisk
+atd
+atftpd
+athens
+atlassian-crowd
+atlassian-jira
+atuin
+audiobookshelf
+audit
+auditd
+auth-rpcgss-module
+auto-epp
+autofs
+automysqlbackup
+autorandr
+autosuspend
+autosuspend-detect-suspend
+autovt@
+avahi-daemon
+babeld
+backdoor
+backup-vaultwarden
+bacula-dir
+bacula-fd
+bacula-sd
+bazarr
+bbswitch
+bcg
+beanstalkd
+bee
+bee-clef
+biboumi
+bigclown-mqtt2influxdb
+bind
+bird2
+bitlbee
+blocky
+boinc
+bookstack-setup
+bosun
+botamusique
+bpftune
+brltty@
+buildbot-master
+buildbot-worker
+bumblebeed
+c2fmzq-server
+cachefilesd
+cachix-agent
+cachix-watch-store-agent
+caddy
+cadvisor
+cage-tty1
+calibre-server
+calibre-web
+carbonAggregator
+carbonCache
+carbonRelay
+cassandra
+cassandra-full-repair
+cassandra-incremental-repair
+castopod-scheduled
+castopod-setup
+centrifugo
+certmgr
+certspotter
+cfdyndns
+cfssl
+cgminer
+charybdis
+chatgpt-retrieval-plugin
+chisel-server
+chronyd
+cjdns
+ckb-next
+clamav-daemon
+clamav-fangfrisch
+clamav-fangfrisch-init
+clamav-freshclam
+clickhouse
+clightd
+cloud-config
+cloud-final
+cloudflare-dyndns
+cloud-init
+cloud-init-local
+cntlm
+cockpit
+cockpit-motd
+cockpit-wsinstance-http
+cockpit-wsinstance-https@
+cockpit-wsinstance-https-factory@
+cockroachdb
+coder
+collectd
+conduit
+confd
+confluence
+connman
+connman-vpn
+console-getty
+consul
+consul-alerts
+consume-hypervisor-entropy
+containerd
+container-getty@
+convos
+coredns
+corerad
+corosync
+coturn
+couchdb
+cpufreq
+cpuminer-cryptonight
+crio
+croc
+cron
+crossfire-server
+cups
+cups-browsed
+dae
+dante
+darkhttpd
+das_watchdog
+davmail
+dbus
+dbus-broker
+ddclient
+deconz
+deliantra-server
+deluged
+delugeweb
+dendrite
+DesktopVideoHelper
+dex
+dgraph-alpha
+dgraph-zero
+dhcpcd
+dictd
+digitalocean-entropy-seed
+digitalocean-init
+digitalocean-metadata
+digitalocean-set-hostname
+digitalocean-set-root-password
+digitalocean-ssh-keys
+diod
+disable-kernel-module-loading
+discourse
+discourse-mail-receiver-setup
+discourse-postgresql
+display-manager
+distccd
+dkimproxy-out
+dlm
+dnscache
+dnscrypt-proxy2
+dnscrypt-wrapper
+dnscrypt-wrapper-rotate
+dnsdist
+dnsmasq
+do-agent
+docker
+docker-prune
+docker-registry
+docker-registry-garbage-collect
+documize-server
+doh-proxy-rust
+dolibarr-config
+domainname
+domoticz
+dovecot2
+dragonflydb
+drbd
+drone
+dspam
+dspam-maintenance
+duckling
+duplicati
+earlyoom
+ebusd
+ecs-agent
+ejabberd
+elasticsearch
+elasticsearch-curator
+enable-ksm
+endlessh
+endlessh-go
+engelsystem-init
+engelsystem-migrate
+ensure-printers
+envoy
+epgstation
+epmd
+ergo
+ergochat
+erigon
+eris-server
+esdm-cuse-random
+esdm-cuse-urandom
+esdm-proc
+esdm-server
+esphome
+etcd
+etebase-server
+etesync-dav
+ethercalc
+evcc
+evdevremapkeys
+exim
+expressvpn
+factorio
+fail2ban
+fakeroute
+fancontrol
+fanout
+fastnetmon
+fastnetmon-setup
+fcgiwrap
+fcron
+felix
+ferm
+ferretdb
+fetch-ec2-data
+fetch-ec2-metadata
+fetch-ssh-keys
+filebeat
+firebird
+firefox-syncserver
+firefox-syncserver-setup
+fireqos
+firewall
+flannel
+fluentd
+foldingathome
+forgejo
+forgejo-dump
+foundationdb
+fprintd
+freeciv
+freenet
+freeradius
+freeswitch
+freeswitch-config-reload
+freshrss-config
+freshrss-updater
+frigate
+fusion-inventory
+galene
+gammu-smsd
+garage
+gateone
+gdm
+gdomap
+gemstash
+generate-shutdown-ramfs
+geoclue
+geoipupdate
+geoipupdate-create-db-dir
+gerrit
+getty@
+getty@tty1
+ghostunnel-server-podman-socket
+gitaly
+git-daemon
+gitea
+gitea-dump
+gitlab
+gitlab-backup
+gitlab-config
+gitlab-db-config
+gitlab-mailroom
+gitlab-pages
+gitlab-postgresql
+gitlab-registry-cert
+gitlab-runner
+gitlab-runner-clear-docker-cache
+gitlab-sidekiq
+gitlab-workhorse
+gitolite-init
+gitweb
+glusterd
+glustereventsd
+gnunet
+go2rtc
+gobgp
+gobgpd
+gocd-agent
+gocd-server
+goeland
+gogs
+gollum
+go-neb
+gonic
+google-guest-agent
+google-shutdown-scripts
+google-startup-scripts
+go-shadowsocks2-server
+goss
+gotify-server
+gotosocial
+gpm
+gpsd
+gpservice
+grafana
+grafana-agent
+grafana-image-renderer
+grafana_reporter
+graphiteWeb
+graylog
+greetd
+grocy-setup
+growpart
+guacamole-server
+gvpe
+haka
+haproxy
+harmonia
+haste-server
+haveged
+hbase
+hddfancontrol
+hddtemp
+headphones
+headscale
+heapster
+heartbeat
+hedgedoc
+heisenbridge
+hercules-ci-agent
+hercules-ci-agent-restarter
+hitch
+hledger-web
+hockeypuck
+hologram-agent
+hologram-server
+home-assistant
+homeassistant-satellite
+homepage-dashboard
+honk
+honk-initdb
+hoogle
+hostapd
+hound
+htpdate
+httpd
+httpd-config-reload
+https-dns-proxy
+hydra-check-space
+hydra-compress-logs
+hydra-evaluator
+hydra-init
+hydra-notify
+hydra-queue-runner
+hydra-send-stats
+hydra-server
+hydra-update-gc-roots
+hydron
+hydron-fetch
+i2p
+i2pd
+icecast
+icecc-daemon
+icecc-scheduler
+ihaskell
+illum
+imaginary
+incron
+incus
+incus-preseed
+infinoted
+influxdb
+influxdb2
+infnoise
+initrd-nixos-copy-secrets
+initrd-parse-etc
+input-remapper
+inspircd
+install-vagrant-ssh-key
+interception-tools
+invidious
+invidious-db-clean
+invoiceplane-config
+iperf3
+ipfs
+ipp-usb
+ipsec
+iptsd@
+ircd-hybrid
+irkerd
+irqbalance
+iscsi
+iscsid
+iscsi-target
+isso
+ivpn-service
+iwd
+jack
+jackett
+jack-session
+jboss
+jellyfin
+jellyseerr
+jenkins
+jenkins-job-builder
+jibri
+jibri-icewm
+jibri-xorg
+jicofo
+jitsi-excalidraw
+jitsi-meet-init-secrets
+jitsi-videobridge2
+jitterentropy
+jmusicbot
+journalbeat
+journaldriver
+journalwatch
+joycond
+jupyter
+jupyterhub
+k3s
+kadmind
+kanidm
+kanidm-unixd
+kanidm-unixd-tasks
+kapacitor
+karma
+kavita
+kdc
+kea-ctrl-agent
+kea-dhcp4-server
+kea-dhcp6-server
+kea-dhcp-ddns-server
+keepalived
+keter
+keycloak
+keycloakMySQLInit
+keycloakPostgreSQLInit
+keyd
+klipper
+kmod-static-nodes
+knot
+komga
+kpasswdd
+kresd@
+kthxbye
+kube-addon-manager
+kube-apiserver
+kube-certmgr-bootstrap
+kube-controller-manager
+kubelet
+kube-proxy
+kube-scheduler
+lambdabot
+languagetool
+lanraragi
+leaps
+legit
+lemmy
+lemmy-ui
+libreddit
+librenms-scheduler
+librenms-setup
+libvirtd
+libvirtd-config
+libvirt-guests
+lidarr
+lifecycled
+lifecycled-queue-cleaner
+lighthouse-beacon
+lighthouse-validator
+lighttpd
+limesurvey-init
+lircd
+listmonk
+litestream
+lldap
+lldpd
+load-keter-bundle
+localtimed
+localtimed-geoclue-agent
+login-duo
+logkeys
+logmein-hamachi
+logrotate
+logrotate-checkconf
+logstash
+loki
+lokinet
+longview
+lshd
+lvm2-monitor
+lxcfs
+lxd
+lxd-agent
+lxd-image-server
+lxd-preseed
+mackerel-agent
+magic-wormhole-mailbox-server
+magneticod
+magneticow
+mailcatcher
+mailhog
+mame
+mastodon-init-db
+mastodon-init-dirs
+mastodon-media-auto-remove
+mastodon-web
+matomo-archive-processing
+matomo-setup-update
+matrix-appservice-discord
+matrix-appservice-irc
+matrix-sliding-sync
+matterbridge
+matterircd
+mattermost
+maubot
+mautrix-facebook
+mautrix-telegram
+mautrix-whatsapp
+mbpfan
+mchprs
+mediamtx
+mediatomb
+mediawiki-init
+meilisearch
+memcached
+meme-bingo-web
+merecat
+meshcentral
+metabase
+metricbeat
+mfs-chunkserver
+mfs-master
+mfs-metalogger
+microbin
+mighttpd2
+mimir
+minecraft-server
+minetest-server
+minidlna
+miniflux
+miniflux-dbsetup
+miniupnpd
+mirakurun
+miredo
+mjolnir
+mjpg-streamer
+mlmmj-maintd
+mobilizon
+mobilizon-postgresql
+mobilizon-setup-secrets
+ModemManager
+molly-brown
+monero
+monetdb
+mongodb
+monica-scheduler
+monica-setup
+monit
+moodle-cron
+moodle-init
+moonraker
+mopidy
+mopidy-scan
+morty
+mosquitto
+mpd
+mpdscribble
+mstpd
+mtprotoproxy
+mtr-exporter
+mullvad-daemon
+multipass
+munged
+munin-cron
+munin-node
+murmur
+mxisd
+mx-puppet-discord
+mysql
+n8n
+nagios
+<name>
+namecoind
+<name>-fou-encap`;
+nar-serve
+nats
+navidrome
+nbd-server
+ncdns
+ndppd
+neo4j
+netatalk
+netbird
+netclient
+net-connman-vpn
+netdata
+networkaudiod
+NetworkManager
+NetworkManager-dispatcher
+NetworkManager-ensure-profiles
+NetworkManager-wait-online
+nextcloud-notify_push
+nextdns
+nexus
+nfs-blkmap
+nfs-idmapd
+nfs-mountd
+nfs-server
+nftables
+nginx
+nginx-config-reload
+nginx-sso
+ngircd
+nifi
+nitter
+nix-daemon
+nix-daemon`
+nix-gc
+nixops-dns
+nixos-upgrade
+nix-serve
+nncp-caller
+nncp-config
+nncp-daemon
+nncp-daemon@
+nntp-proxy
+node-red
+nomad
+novacomd
+nscd
+nsd
+nsd-dnssec
+ntfy-sh
+ntopng
+ntpd
+nullidentdmod@
+nullmailer
+nvidia-fabricmanager
+nzbget
+nzbhydra2
+oauth2_proxy
+ocserv
+ocsinventory-agent
+octoprint
+oddjobd
+odoo
+ofono
+oidentd
+ombi
+openarena
+opendkim
+openldap
+openntpd
+openrgb
+opensearch
+opensmtpd
+opensnitchd
+openstack-init
+opentelemetry-collector
+opentracker
+opentsdb
+openvpn
+openvscode-server
+openwebrx
+orangefs-client
+orangefs-server
+osqueryd
+osrm
+outline
+ovsdb
+ovs-vswitchd
+owamp
+owncast
+oxidized
+pacemaker
+pam-duo
+paperless-consumer
+paperless-copy-password
+paperless-download-nltk-data
+paperless-scheduler
+paperless-task-queue
+paperless-web
+parsedmarc
+parsoid
+pcscd
+pdns
+pdnsd
+pdns-recursor
+peerflix
+peertube
+peertube-init-db
+peroxide
+persistent-evdev
+pfix-srsd
+pgadmin
+pgbouncer
+pgmanage
+phosh
+photoprism
+phpfpm-dolibarr
+phpfpm-engelsystem
+phpfpm-pixelfed
+phpfpm-roundcube
+phylactery
+physlock
+picosnitch
+pict-rs
+pinnwand
+pipewire
+pixelfed-cron
+pixelfed-data-setup
+pixelfed-horizon
+pixiecore
+plantuml-server
+pleroma
+plex
+plikd
+plymouth-halt
+plymouth-kexec
+plymouth-poweroff
+plymouth-quit
+plymouth-quit-wait
+plymouth-read-write
+plymouth-reboot
+plymouth-start
+podgrab
+podman-prune
+polaris
+polipo
+polkit
+pomerium
+pomerium-config-reload
+pommed
+postfix
+postfixadmin-postgres
+postfix-setup
+postgresql
+postgresqlBackup
+postgrey
+post-resume
+postsrsd
+powerdns-admin
+pptpd
+preload
+prepare-kexec
+pre-sleep
+print-host-key
+privoxy
+prlfsmountd
+prlshprint
+prltoolsd
+prometheus
+prometheus-config-reload
+prometheus-xmpp-alerts
+promtail
+prosody
+prosody-filer
+prowlarr
+public-inbox-httpd
+public-inbox-imapd
+public-inbox-init
+public-inbox-nntpd
+pufferpanel
+pulseaudio
+pushgateway
+pykms
+q3ds
+qdrant
+qemu-guest-agent
+quassel
+quorum
+r53-ddns
+rabbitmq
+radarr
+radicale
+radvd
+rdnssd
+readarr
+redmine
+redsocks
+reload-systemd-vconsole-setup
+resilio
+resolvconf
+restic-rest-server
+restya-board-init
+restya-board-timers
+rethinkdb
+riemann
+riemann-dash
+riemann-health
+rimgo
+rippled
+ripple-data-api
+ripple-data-importer
+rmfakecloud
+robustirc-bridge
+roon-bridge
+roon-server
+rosenpass
+roundcube-setup
+routedns
+rpcbind
+rpc-gssd
+rpc-statd
+rrdcached
+rshim
+rspamd
+rss2email
+rstudio-server
+rust-motd
+rustus
+rxe
+sabnzbd
+sachet
+salt-master
+salt-minion
+samba-wsdd
+saned@
+sanoid
+saslauthd
+sa-update
+save-hwclock
+scollector
+sdrplayApi
+searx
+searx-init
+seatd
+self-deploy
+selfoss-config
+selfoss-update
+serial-getty@
+serial-getty@hvc0
+serial-getty@tty1
+serial-getty@ttyS0
+serviio
+set-cfs-tweaks
+seyren
+sftpgo
+shadowsocks-libev
+shairport-sync
+shellhub-agent
+shibauthorizer
+shibboleth-sp
+shibresponder
+shiori
+shorewall
+shorewall6
+shout
+sickbeard
+signald
+sing-box
+siproxd
+sitespeed-io
+skydns
+slimserver
+slskd
+slskd-rotatelogs
+slurmctld
+slurmd
+slurmdbd
+smartd
+smartdns
+smokeping
+snapper-boot
+snapper-cleanup
+snapperd
+snapper-timeline
+snapserver
+snipe-it-setup
+sniproxy
+snowflake-proxy
+softether-init
+soft-serve
+sogo
+sogo-ealarms
+sogo-tmpwatch
+soju
+solanum
+sonarr
+sonic-server
+spacecookie
+spamd
+spice-vdagentd
+spice-webdavd
+spiped@
+spotifyd
+squeezelite
+squid
+sshd
+sshguard
+sslh
+sssd
+sssd-kcm
+stalwart-mail
+stargazer
+static-web-server
+statsd
+step-ca
+stratisd
+strongswan
+strongswan-swanctl
+stubby
+stunnel
+subsonic
+suid-sgid-wrappers
+sundtek
+supergfxd
+supybot
+surrealdb
+svnserve
+sympa
+sympa-archive
+sympa-bounce
+sympa-bulk
+sympa-task
+syncplay
+syncthing-relay
+syslog
+syslog-ng
+sysstat
+sysstat-collect
+sysstat-summary
+system76-firmware-daemon
+system76-power
+system76-scheduler
+systemd-ask-password-plymouth
+systemd-backlight@
+systemd-fsck@
+systemd-importd
+SystemdJournal2Gelf
+systemd-journald@
+systemd-journald
+systemd-journal-flush
+systemd-logind
+systemd-makefs@
+systemd-mkswap@
+systemd-modules-load
+systemd-networkd
+systemd-networkd-wait-online
+systemd-network-generator
+systemd-network-wait-online@
+systemd-oomd
+systemd-pstore
+systemd-random-seed
+systemd-remount-fs
+systemd-resolved
+systemd-sysctl
+systemd-timedated
+systemd-timesyncd
+systemd-udevd
+systemd-udev-settle
+systemd-update-utmp
+systemd-user-sessions
+systemd-vconsole-setup
+systemd-zram-setup@
+tailscaled
+tailscaled-autoconnect
+tandoor-recipes
+tangd@
+taskserver
+taskserver-ca
+taskserver-init
+tautulli
+tayga
+tcpcrypt
+tcsd
+teamspeak3-server
+teamviewerd
+teeworlds
+telegraf
+teleport
+tempo
+terminal-server@
+terraria
+thanos-compact
+thanos-downsample
+thanos-query
+thanos-query-frontend
+thanos-receive
+thanos-rule
+thanos-sidecar
+thanos-store
+thelounge
+thermald
+throttled
+thttpd
+tinydns
+tinyproxy
+tmate-ssh-server
+tomcat
+tor
+torque-mom
+torque-mom-init
+torque-scheduler
+torque-server
+torque-server-init
+torrentstream
+touchegg
+tox-bootstrapd
+tox-node
+toxvpn
+tp-auto-kbbl
+tpm2-abrmd
+traefik
+traffic_db
+trafficserver
+transmission
+tremor-rs
+trezord
+trickster
+triggerhappy
+trilium-server
+trqauthd
+trust-dns
+tsm-backup
+ttyd
+tvheadend
+twingate
+typesense
+tzupdate
+ucarp
+ulogd
+unbound
+undervolt
+unifi
+unifi-poller
+unifi-video
+unit
+update-locatedb
+upsd
+upsdrv
+upsmon
+uptermd
+uptime
+uptimed
+uptime-kuma
+uptime-monitor
+usbmuxd
+user@
+user-runtime-dir@
+uwsgi
+v2ray
+v2raya
+varnish
+vault
+vaultwarden
+vboxnet0
+vdr
+vector
+victoriametrics
+vikunja-api
+virtchd
+virtlockd
+virtlogd
+virtualbox
+vmagent
+vmalert
+vmware
+vmware-authdlauncher
+vmware-networks
+vmware-networks-configuration
+vmware-usbarbitrator
+vnstat
+vpnbridge
+vpnclient
+vpnserver
+waagent
+wasabibackend
+waydroid-container
+webdav
+webdav-server-rs
+webhook
+websockify@
+weechat
+wgautomesh
+wg-netmanager
+whitebophir
+wiki-js
+wireplumber
+wpa_supplicant
+writefreely
+writefreely-mysql-init
+writefreely-sqlite-init
+wwsympa
+wyoming-openwakeword
+x2goserver
+xandikos
+xe-daemon
+xe-linux-distribution
+xen-bridge
+xen-console
+xen-domains
+xen-qemu
+xen-store
+xen-watchdog
+xfs
+xinetd
+xl2tpd
+xmrig
+xmr-stak
+xonotic
+xray
+xtreemfs-dir
+xtreemfs-mrc
+xtreemfs-osd
+yandex-disk
+yarn-nodemanager
+yarn-resourcemanager
+yggdrasil
+ympd
+youtrack
+zabbix-agent
+zabbix-proxy
+zabbix-server
+zammad-scheduler
+zammad-web
+zammad-websocket
+zerobin
+zeronet
+zerotierone
+zfs-replication
+zfs-scrub
+zigbee2mqtt
+zitadel
+znc
+zookeeper
+zpool-expand@
+zpool-expand-pools
+zpool-trim
+zrepl
+zwave-js
diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix
index 87333999313e4..dd7f7dcfdd575 100644
--- a/nixos/modules/system/boot/systemd.nix
+++ b/nixos/modules/system/boot/systemd.nix
@@ -435,6 +435,25 @@ in
             type = service.serviceConfig.Type or "";
             restart = service.serviceConfig.Restart or "no";
             hasDeprecated = builtins.hasAttr "StartLimitInterval" service.serviceConfig;
+
+            # We exclude systemd services in nixpkgs to reduce noise,
+            # so we can notice restart policy warnings associated with our services
+            isExternalService = !(elem name serviceNames) && !(any (pref: lib.hasPrefix pref name) extraServiceNames);
+            # File serviceNames is created manually using
+            # grep -RPho '(?<=systemd\.services\.)(?!.*\$)(.*?)(?=\.| )' ./nixos/modules --include=\*.nix | sort | uniq | sed 's/\"//g' > ./nixos/modules/system/boot/serviceNames
+            serviceNames = lib.splitString "\n" (builtins.readFile ./serviceNames);
+            # Some services are missing from the serviceNames, so we need to add them separately
+            extraServiceNames = [
+              "network-"
+              "nix-optimise"
+              "mount-pstore"
+              "wireguard-"
+              "acme-"
+              "mdmonitor"
+              "iodined"
+              "restic-backups-"
+              "borgbackup-"
+            ];
           in
             concatLists [
               (optional (type == "oneshot" && (restart == "always" || restart == "on-success"))
@@ -446,6 +465,8 @@ in
               (optional (service.reloadIfChanged && service.reloadTriggers != [])
                 "Service '${name}.service' has both 'reloadIfChanged' and 'reloadTriggers' set. This is probably not what you want, because 'reloadTriggers' behave the same whay as 'restartTriggers' if 'reloadIfChanged' is set."
               )
+              (optional (restart == "no" && isExternalService)
+                "Service '${name}.service' does not have a restart policy, please consider adding one.")
             ]
         )
         cfg.services