mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-12-29 06:45:54 +03:00
Merge pull request #30712 from peterhoeg/f/service
systemd user services shouldn't run as root and other "non-interactive" users
This commit is contained in:
commit
f2639566b5
@ -235,6 +235,7 @@ in
|
|||||||
systemd.user.services.ssh-agent = mkIf cfg.startAgent
|
systemd.user.services.ssh-agent = mkIf cfg.startAgent
|
||||||
{ description = "SSH Agent";
|
{ description = "SSH Agent";
|
||||||
wantedBy = [ "default.target" ];
|
wantedBy = [ "default.target" ];
|
||||||
|
unitConfig.ConditionUser = "!@system";
|
||||||
serviceConfig =
|
serviceConfig =
|
||||||
{ ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
|
{ ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
|
||||||
ExecStart =
|
ExecStart =
|
||||||
|
@ -48,6 +48,7 @@ in {
|
|||||||
requires = [ "keybase.service" ];
|
requires = [ "keybase.service" ];
|
||||||
after = [ "keybase.service" ];
|
after = [ "keybase.service" ];
|
||||||
path = [ "/run/wrappers" ];
|
path = [ "/run/wrappers" ];
|
||||||
|
unitConfig.ConditionUser = "!@system";
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${cfg.mountPoint}";
|
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${cfg.mountPoint}";
|
||||||
ExecStart = "${pkgs.kbfs}/bin/kbfsfuse ${toString cfg.extraFlags} ${cfg.mountPoint}";
|
ExecStart = "${pkgs.kbfs}/bin/kbfsfuse ${toString cfg.extraFlags} ${cfg.mountPoint}";
|
||||||
|
@ -26,6 +26,7 @@ in {
|
|||||||
|
|
||||||
systemd.user.services.keybase = {
|
systemd.user.services.keybase = {
|
||||||
description = "Keybase service";
|
description = "Keybase service";
|
||||||
|
unitConfig.ConditionUser = "!@system";
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${pkgs.keybase}/bin/keybase service --auto-forked
|
${pkgs.keybase}/bin/keybase service --auto-forked
|
||||||
|
Loading…
Reference in New Issue
Block a user