systemd's PermissionsStartOnly is deprecated #53852
Description
PermissionsStartOnly is deprecated (but not yet removed); the replacement are the Special executable prefixes mentioned in https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=.
We have many occurrences this in nixpkgs (as per commit ad23ea3):
% git grep PermissionsStartOnly upstream/master | wc -l
130
It's not urgent, as it still works right now, but it's problematic that you can't any longer find any docs about a feature that we use almost everywhere.
Fixing it isn't totally trivial because PermissionsStartOnly is/was a separate setting, but with the new approach we actually have to write characters in front of ExecStartPre lines and so on.
Edit: Another key problem is that serviceConfig is an attrset, so you cannot use it to do what systemd allows: Creating multiple ExecStart lines (or similar lines) like:
ExecStart=+...something here...
ExecStart=...something else here...
because in an attrset there can be only 1 ExecStart. Edit: Likely workaround for that in #53852 (comment).