diff options
| author | Oscar Najera <hi@oscarnajera.com> | 2022-12-21 13:59:20 +0100 |
|---|---|---|
| committer | Oscar Najera <hi@oscarnajera.com> | 2022-12-21 13:59:20 +0100 |
| commit | c1e92fdca883c10e5b12586fcb7c3c8f6a011194 (patch) | |
| tree | 07711509687deb1c7d6763bd5f082d83e0002d1e /config/systemd/user/shepherd.service | |
| parent | b7c50febc307126a96babd8bb3f28676f53230a2 (diff) | |
| download | dotfiles-c1e92fdca883c10e5b12586fcb7c3c8f6a011194.tar.gz dotfiles-c1e92fdca883c10e5b12586fcb7c3c8f6a011194.tar.bz2 dotfiles-c1e92fdca883c10e5b12586fcb7c3c8f6a011194.zip | |
shepherd service & mpd socket on user systemd
Diffstat (limited to 'config/systemd/user/shepherd.service')
| -rw-r--r-- | config/systemd/user/shepherd.service | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/config/systemd/user/shepherd.service b/config/systemd/user/shepherd.service new file mode 100644 index 0000000..42d052d --- /dev/null +++ b/config/systemd/user/shepherd.service @@ -0,0 +1,25 @@ +[Unit] +Description=GNU Shepherd Daemon +After=network.target +Wants=guix-daemon.service + +[Service] +Type=forking +ExecStart=/usr/bin/bash -c "source $GUIX_PROFILE/etc/profile && shepherd" +ExecStop=herd stop root +ExecStopPost=rm %t/shepherd/socket -v +# disallow writing to /usr, /bin, /sbin, ... +# ProtectSystem=yes +Environment="GUIX_PROFILE=%h/.guix-profile" +Environment="GUIX_LOCPATH=%h/.guix-profile/lib/locale" + +# # more paranoid security settings +# NoNewPrivileges=yes +# ProtectKernelTunables=yes +# ProtectControlGroups=yes +# # AF_NETLINK is required by libsmbclient, or it will exit() .. *sigh* +# RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK +# RestrictNamespaces=yes + +[Install] +WantedBy=default.target |