BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nixos/dex: fix start with latest systemd update

Browse source 
With those settings starting dex crashed with:

Oct 03 21:37:51 hydrogen (tart-pre)[11048]: dex.service: Failed to set up mount namespacing: /run/systemd/mount-rootfs/sys/fs/cgroup/system.slice/dex.service/memory.pressure: No such file or directory
Oct 03 21:37:51 hydrogen (tart-pre)[11048]: dex.service: Failed at step NAMESPACE spawning /nix/store/q8clp1lm8jznxf9330jd8cwc6mdy6glz-dex-start-pre: No such file or directory
This commit is contained in:
Sandro Jäckel 2023-10-03 21:41:57 +02:00
parent e61356b986
commit 39e1727f0f
No known key found for this signature in database
GPG key ID: 3AF5A43A3EECC2E5
1 changed files with 2 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
nixos/modules/services/web-apps/dex.nix
View file

@ -108,8 +108,7 @@ in
ProtectClock = true;
ProtectHome = true;
ProtectHostname = true;
# Would re-mount paths ignored by temporary root
#ProtectSystem = "strict";
ProtectSystem = "strict";
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
@ -121,9 +120,7 @@ in
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ];
TemporaryFileSystem = "/:ro";
# Does not work well with the temporary root
#UMask = "0066";
UMask = "0066";
} // optionalAttrs (cfg.environmentFile != null) {
EnvironmentFile = cfg.environmentFile;
};