aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
l---------config/systemd/user/default.target.wants/shepherd.service1
-rw-r--r--config/systemd/user/shepherd.service25
l---------config/systemd/user/sockets.target.wants/mpd.socket1
3 files changed, 27 insertions, 0 deletions
diff --git a/config/systemd/user/default.target.wants/shepherd.service b/config/systemd/user/default.target.wants/shepherd.service
new file mode 120000
index 0000000..f25096b
--- /dev/null
+++ b/config/systemd/user/default.target.wants/shepherd.service
@@ -0,0 +1 @@
+/home/titan/.config/systemd/user/shepherd.service \ No newline at end of file
diff --git a/config/systemd/user/shepherd.service b/config/systemd/user/shepherd.service
new file mode 100644
index 0000000..42d052d
--- /dev/null
+++ b/config/systemd/user/shepherd.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=GNU Shepherd Daemon
+After=network.target
+Wants=guix-daemon.service
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/bash -c "source $GUIX_PROFILE/etc/profile && shepherd"
+ExecStop=herd stop root
+ExecStopPost=rm %t/shepherd/socket -v
+# disallow writing to /usr, /bin, /sbin, ...
+# ProtectSystem=yes
+Environment="GUIX_PROFILE=%h/.guix-profile"
+Environment="GUIX_LOCPATH=%h/.guix-profile/lib/locale"
+
+# # more paranoid security settings
+# NoNewPrivileges=yes
+# ProtectKernelTunables=yes
+# ProtectControlGroups=yes
+# # AF_NETLINK is required by libsmbclient, or it will exit() .. *sigh*
+# RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
+# RestrictNamespaces=yes
+
+[Install]
+WantedBy=default.target
diff --git a/config/systemd/user/sockets.target.wants/mpd.socket b/config/systemd/user/sockets.target.wants/mpd.socket
new file mode 120000
index 0000000..ac109b9
--- /dev/null
+++ b/config/systemd/user/sockets.target.wants/mpd.socket
@@ -0,0 +1 @@
+/usr/lib/systemd/user/mpd.socket \ No newline at end of file