diff options
-rw-r--r-- | nixos/modules/services/hardware/upower.nix | 41 |
1 files changed, 5 insertions, 36 deletions
diff --git a/nixos/modules/services/hardware/upower.nix b/nixos/modules/services/hardware/upower.nix index 96d88da6e8b..f6ce1101d54 100644 --- a/nixos/modules/services/hardware/upower.nix +++ b/nixos/modules/services/hardware/upower.nix @@ -5,8 +5,11 @@ with lib; let + cfg = config.services.upower; + in + { ###### interface @@ -49,42 +52,8 @@ in services.udev.packages = [ cfg.package ]; - systemd.services.upower = - { description = "Power Management Daemon"; - path = [ pkgs.glib.out ]; # needed for gdbus - serviceConfig = - { Type = "dbus"; - BusName = "org.freedesktop.UPower"; - ExecStart = "@${cfg.package}/libexec/upowerd upowerd"; - Restart = "on-failure"; - # Upstream lockdown: - # Filesystem lockdown - ProtectSystem = "strict"; - # Needed by keyboard backlight support - ProtectKernelTunables = false; - ProtectControlGroups = true; - ReadWritePaths = "/var/lib/upower"; - ProtectHome = true; - PrivateTmp = true; - - # Network - # PrivateNetwork=true would block udev's netlink socket - RestrictAddressFamilies = "AF_UNIX AF_NETLINK"; - - # Execute Mappings - MemoryDenyWriteExecute = true; - - # Modules - ProtectKernelModules = true; - - # Real-time - RestrictRealtime = true; - - # Privilege escalation - NoNewPrivileges = true; - }; - }; - + systemd.packages = [ cfg.package ]; + # The upower daemon seems to get stuck after doing a suspend # (i.e. subsequent suspend requests will say "Sleep has already # been requested and is pending"). So as a workaround, restart |