aboutsummaryrefslogtreecommitdiffstats
path: root/config/systemd/user/shepherd.service
diff options
context:
space:
mode:
Diffstat (limited to 'config/systemd/user/shepherd.service')
-rw-r--r--config/systemd/user/shepherd.service26
1 files changed, 26 insertions, 0 deletions
diff --git a/config/systemd/user/shepherd.service b/config/systemd/user/shepherd.service
new file mode 100644
index 0000000..b57d7ec
--- /dev/null
+++ b/config/systemd/user/shepherd.service
@@ -0,0 +1,26 @@
+# -*- mode: conf-unix; -*-
+[Unit]
+Description=GNU Shepherd Daemon
+After=network.target
+Wants=guix-daemon.service
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/bash -c "source $GUIX_PROFILE/etc/profile && shepherd"
+ExecStop=herd stop root
+ExecStopPost=rm %t/shepherd/socket -v
+# disallow writing to /usr, /bin, /sbin, ...
+# ProtectSystem=yes
+Environment="GUIX_PROFILE=%h/.guix-profile"
+Environment="GUIX_LOCPATH=%h/.guix-profile/lib/locale"
+
+# # more paranoid security settings
+# NoNewPrivileges=yes
+# ProtectKernelTunables=yes
+# ProtectControlGroups=yes
+# # AF_NETLINK is required by libsmbclient, or it will exit() .. *sigh*
+# RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
+# RestrictNamespaces=yes
+
+[Install]
+WantedBy=default.target
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-06 11:53:05 +0000