diff options
| author | Peter Hoeg <peter@hoeg.com> | 2019-08-02 11:58:27 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-08-02 11:58:27 +0800 |
| commit | f2639566b59152b6273cda3df3c329c1db4f3933 (patch) | |
| tree | 8a36bc3008ea62a84114e858d50a6956c8539933 /nixos/modules/services | |
| parent | 43ac110d3b7aea8592437489f4e881f6cfcb7187 (diff) | |
| parent | 0f04bbdc31f75031602d384adedb7292c720e44d (diff) | |
| download | nixpkgs-f2639566b59152b6273cda3df3c329c1db4f3933.tar nixpkgs-f2639566b59152b6273cda3df3c329c1db4f3933.tar.gz nixpkgs-f2639566b59152b6273cda3df3c329c1db4f3933.tar.bz2 nixpkgs-f2639566b59152b6273cda3df3c329c1db4f3933.tar.lz nixpkgs-f2639566b59152b6273cda3df3c329c1db4f3933.tar.xz nixpkgs-f2639566b59152b6273cda3df3c329c1db4f3933.tar.zst nixpkgs-f2639566b59152b6273cda3df3c329c1db4f3933.zip | |
Merge pull request #30712 from peterhoeg/f/service
systemd user services shouldn't run as root and other "non-interactive" users
Diffstat (limited to 'nixos/modules/services')
| -rw-r--r-- | nixos/modules/services/network-filesystems/kbfs.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/networking/keybase.nix | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/nixos/modules/services/network-filesystems/kbfs.nix b/nixos/modules/services/network-filesystems/kbfs.nix index 7b2eea3b585..263b70d04a5 100644 --- a/nixos/modules/services/network-filesystems/kbfs.nix +++ b/nixos/modules/services/network-filesystems/kbfs.nix @@ -48,6 +48,7 @@ in { requires = [ "keybase.service" ]; after = [ "keybase.service" ]; path = [ "/run/wrappers" ]; + unitConfig.ConditionUser = "!@system"; serviceConfig = { ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${cfg.mountPoint}"; ExecStart = "${pkgs.kbfs}/bin/kbfsfuse ${toString cfg.extraFlags} ${cfg.mountPoint}"; diff --git a/nixos/modules/services/networking/keybase.nix b/nixos/modules/services/networking/keybase.nix index a149f16a84c..85f52be8a6a 100644 --- a/nixos/modules/services/networking/keybase.nix +++ b/nixos/modules/services/networking/keybase.nix @@ -26,6 +26,7 @@ in { systemd.user.services.keybase = { description = "Keybase service"; + unitConfig.ConditionUser = "!@system"; serviceConfig = { ExecStart = '' ${pkgs.keybase}/bin/keybase service --auto-forked |