From c1e92fdca883c10e5b12586fcb7c3c8f6a011194 Mon Sep 17 00:00:00 2001 From: Oscar Najera Date: Wed, 21 Dec 2022 13:59:20 +0100 Subject: shepherd service & mpd socket on user systemd --- .../user/default.target.wants/shepherd.service | 1 + config/systemd/user/shepherd.service | 25 ++++++++++++++++++++++ .../systemd/user/sockets.target.wants/mpd.socket | 1 + 3 files changed, 27 insertions(+) create mode 120000 config/systemd/user/default.target.wants/shepherd.service create mode 100644 config/systemd/user/shepherd.service create mode 120000 config/systemd/user/sockets.target.wants/mpd.socket (limited to 'config/systemd') diff --git a/config/systemd/user/default.target.wants/shepherd.service b/config/systemd/user/default.target.wants/shepherd.service new file mode 120000 index 0000000..f25096b --- /dev/null +++ b/config/systemd/user/default.target.wants/shepherd.service @@ -0,0 +1 @@ +/home/titan/.config/systemd/user/shepherd.service \ No newline at end of file diff --git a/config/systemd/user/shepherd.service b/config/systemd/user/shepherd.service new file mode 100644 index 0000000..42d052d --- /dev/null +++ b/config/systemd/user/shepherd.service @@ -0,0 +1,25 @@ +[Unit] +Description=GNU Shepherd Daemon +After=network.target +Wants=guix-daemon.service + +[Service] +Type=forking +ExecStart=/usr/bin/bash -c "source $GUIX_PROFILE/etc/profile && shepherd" +ExecStop=herd stop root +ExecStopPost=rm %t/shepherd/socket -v +# disallow writing to /usr, /bin, /sbin, ... +# ProtectSystem=yes +Environment="GUIX_PROFILE=%h/.guix-profile" +Environment="GUIX_LOCPATH=%h/.guix-profile/lib/locale" + +# # more paranoid security settings +# NoNewPrivileges=yes +# ProtectKernelTunables=yes +# ProtectControlGroups=yes +# # AF_NETLINK is required by libsmbclient, or it will exit() .. *sigh* +# RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK +# RestrictNamespaces=yes + +[Install] +WantedBy=default.target diff --git a/config/systemd/user/sockets.target.wants/mpd.socket b/config/systemd/user/sockets.target.wants/mpd.socket new file mode 120000 index 0000000..ac109b9 --- /dev/null +++ b/config/systemd/user/sockets.target.wants/mpd.socket @@ -0,0 +1 @@ +/usr/lib/systemd/user/mpd.socket \ No newline at end of file -- cgit v1.2.3