Use preset files for conditionally enabling/disabling systemd services

[rocodes]

Preset files allow for the %post of a package installation to simply call systemctl preset mycoolservicename.service no matter what, and the service will be conditionally enabled/disabled depending on the contents of the preset file (or enabled if no preset file is present).

For example, instead of creating /var/lib/securedrop/{dev,staging,prod} in dom0 and using ConditionPathExists to test what type of build we're in, a more systemd-ish way might be to ship /usr/lib/systemd/user-preset/sd-config.preset that, in dev environments, disables our custom services:

#/usr/lib/systemd/user-preset/10-sd-preset.conf
disable user-xfce-settings.service

This approach may be preferable in cases where the other option (ConditionPathExists) involves dropping a flag file/directory during orchestration and then checking for it at boot.

[legoktm]

TIL about presets, but after reading the docs you link and poking around in /lib/systemd/system-preset in dom0, they seem like a good fit for our dom0 services. And they'll let us use https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd in our .spec file.

[rocodes]

I'm coming back to this now that we're thinking of having a separate keyring + repo bootstrap package, because it would be easy to ship a dev-only package that drops a preset file for the services we want to disable for dev machines (ensuring that services default to being enabled, which we'd want on prod).