diff options
author | Peter Hoeg <peter@hoeg.com> | 2019-08-02 11:58:27 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-08-02 11:58:27 +0800 |
commit | f2639566b59152b6273cda3df3c329c1db4f3933 (patch) | |
tree | 8a36bc3008ea62a84114e858d50a6956c8539933 | |
parent | 43ac110d3b7aea8592437489f4e881f6cfcb7187 (diff) | |
parent | 0f04bbdc31f75031602d384adedb7292c720e44d (diff) | |
download | nixpkgs-f2639566b59152b6273cda3df3c329c1db4f3933.tar nixpkgs-f2639566b59152b6273cda3df3c329c1db4f3933.tar.gz nixpkgs-f2639566b59152b6273cda3df3c329c1db4f3933.tar.bz2 nixpkgs-f2639566b59152b6273cda3df3c329c1db4f3933.tar.lz nixpkgs-f2639566b59152b6273cda3df3c329c1db4f3933.tar.xz nixpkgs-f2639566b59152b6273cda3df3c329c1db4f3933.tar.zst nixpkgs-f2639566b59152b6273cda3df3c329c1db4f3933.zip |
Merge pull request #30712 from peterhoeg/f/service
systemd user services shouldn't run as root and other "non-interactive" users
-rw-r--r-- | nixos/modules/programs/ssh.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/network-filesystems/kbfs.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/networking/keybase.nix | 1 |
3 files changed, 3 insertions, 0 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 18b183eca9e..733b8f7636f 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -235,6 +235,7 @@ in systemd.user.services.ssh-agent = mkIf cfg.startAgent { description = "SSH Agent"; wantedBy = [ "default.target" ]; + unitConfig.ConditionUser = "!@system"; serviceConfig = { ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent"; ExecStart = diff --git a/nixos/modules/services/network-filesystems/kbfs.nix b/nixos/modules/services/network-filesystems/kbfs.nix index 7b2eea3b585..263b70d04a5 100644 --- a/nixos/modules/services/network-filesystems/kbfs.nix +++ b/nixos/modules/services/network-filesystems/kbfs.nix @@ -48,6 +48,7 @@ in { requires = [ "keybase.service" ]; after = [ "keybase.service" ]; path = [ "/run/wrappers" ]; + unitConfig.ConditionUser = "!@system"; serviceConfig = { ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${cfg.mountPoint}"; ExecStart = "${pkgs.kbfs}/bin/kbfsfuse ${toString cfg.extraFlags} ${cfg.mountPoint}"; diff --git a/nixos/modules/services/networking/keybase.nix b/nixos/modules/services/networking/keybase.nix index a149f16a84c..85f52be8a6a 100644 --- a/nixos/modules/services/networking/keybase.nix +++ b/nixos/modules/services/networking/keybase.nix @@ -26,6 +26,7 @@ in { systemd.user.services.keybase = { description = "Keybase service"; + unitConfig.ConditionUser = "!@system"; serviceConfig = { ExecStart = '' ${pkgs.keybase}/bin/keybase service --auto-forked |