path:
root/
config/
systemd/
user/
shepherd.servicepre { line-height: 125%; }
td.linenos .normal { color: #37474F; background-color: #263238; padding-left: 5px; padding-right: 5px; }
span.linenos { color: #37474F; background-color: #263238; padding-left: 5px; padding-right: 5px; }
td.linenos .special { color: #607A86; background-color: #263238; padding-left: 5px; padding-right: 5px; }
span.linenos.special { color: #607A86; background-color: #263238; padding-left: 5px; padding-right: 5px; }
.highlight .hll { background-color: #2C3B41 }
.highlight { background: #263238; color: #EEFFFF }
.highlight .c { color: #546E7A; font-style: italic } /* Comment */
.highlight .err { color: #FF5370 } /* Error */
.highlight .esc { color: #89DDFF } /* Escape */
.highlight .g { color: #EEFFFF } /* Generic */
.highlight .k { color: #BB80B3 } /* Keyword */
.highlight .l { color: #C3E88D } /* Literal */
.highlight .n { color: #EEFFFF } /* Name */
.highlight .o { color: #89DDFF } /* Operator */
.highlight .p { color: #89DDFF } /* Punctuation */
.highlight .ch { color: #546E7A; font-style: italic } /* Comment.Hashbang */
.highlight .cm {
# -*- mode: conf-unix; -*-
[Unit]
Description=GNU Shepherd Daemon
After=network.target
Wants=guix-daemon.service
[Service]
Type=forking
ExecStart=/usr/bin/bash -c "source $GUIX_PROFILE/etc/profile && shepherd"
ExecStop=herd stop root
ExecStopPost=rm %t/shepherd/socket -v
# disallow writing to /usr, /bin, /sbin, ...
# ProtectSystem=yes
Environment="GUIX_PROFILE=%h/.guix-profile"
Environment="GUIX_LOCPATH=%h/.guix-profile/lib/locale"
# # more paranoid security settings
# NoNewPrivileges=yes
# ProtectKernelTunables=yes
# ProtectControlGroups=yes
# # AF_NETLINK is required by libsmbclient, or it will exit() .. *sigh*
# RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
# RestrictNamespaces=yes
[Install]
WantedBy=default.target
