diff options
author | Oscar Najera <hi@oscarnajera.com> | 2022-12-21 13:59:20 +0100 |
---|---|---|
committer | Oscar Najera <hi@oscarnajera.com> | 2022-12-21 13:59:20 +0100 |
commit | c1e92fdca883c10e5b12586fcb7c3c8f6a011194 (patch) | |
tree | 07711509687deb1c7d6763bd5f082d83e0002d1e /config/systemd/user | |
parent | b7c50febc307126a96babd8bb3f28676f53230a2 (diff) | |
download | dotfiles-c1e92fdca883c10e5b12586fcb7c3c8f6a011194.tar.gz dotfiles-c1e92fdca883c10e5b12586fcb7c3c8f6a011194.tar.bz2 dotfiles-c1e92fdca883c10e5b12586fcb7c3c8f6a011194.zip |
shepherd service & mpd socket on user systemd
Diffstat (limited to 'config/systemd/user')
l--------- | config/systemd/user/default.target.wants/shepherd.service | 1 | ||||
-rw-r--r-- | config/systemd/user/shepherd.service | 25 | ||||
l--------- | config/systemd/user/sockets.target.wants/mpd.socket | 1 |
3 files changed, 27 insertions, 0 deletions
diff --git a/config/systemd/user/default.target.wants/shepherd.service b/config/systemd/user/default.target.wants/shepherd.service new file mode 120000 index 0000000..f25096b --- /dev/null +++ b/config/systemd/user/default.target.wants/shepherd.service @@ -0,0 +1 @@ +/home/titan/.config/systemd/user/shepherd.service
\ No newline at end of file diff --git a/config/systemd/user/shepherd.service b/config/systemd/user/shepherd.service new file mode 100644 index 0000000..42d052d --- /dev/null +++ b/config/systemd/user/shepherd.service @@ -0,0 +1,25 @@ +[Unit] +Description=GNU Shepherd Daemon +After=network.target +Wants=guix-daemon.service + +[Service] +Type=forking +ExecStart=/usr/bin/bash -c "source $GUIX_PROFILE/etc/profile && shepherd" +ExecStop=herd stop root +ExecStopPost=rm %t/shepherd/socket -v +# disallow writing to /usr, /bin, /sbin, ... +# ProtectSystem=yes +Environment="GUIX_PROFILE=%h/.guix-profile" +Environment="GUIX_LOCPATH=%h/.guix-profile/lib/locale" + +# # more paranoid security settings +# NoNewPrivileges=yes +# ProtectKernelTunables=yes +# ProtectControlGroups=yes +# # AF_NETLINK is required by libsmbclient, or it will exit() .. *sigh* +# RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK +# RestrictNamespaces=yes + +[Install] +WantedBy=default.target diff --git a/config/systemd/user/sockets.target.wants/mpd.socket b/config/systemd/user/sockets.target.wants/mpd.socket new file mode 120000 index 0000000..ac109b9 --- /dev/null +++ b/config/systemd/user/sockets.target.wants/mpd.socket @@ -0,0 +1 @@ +/usr/lib/systemd/user/mpd.socket
\ No newline at end of file |