foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-07 12:19:07 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

nixos/services/crowdsec: update systemd service unit config

Browse Source
This commit is contained in:
Gabriel Arazas 2024-09-22 18:05:05 +08:00
parent 77dec408cd
commit b02896bf15
No known key found for this signature in database
GPG Key ID: 62104B43D00AA360
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/nixos/services/crowdsec.nix
View File

@ -213,11 +213,20 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
ExecReload = "kill -HUP $MAINPID";
ReadWritePaths = ReadWritePaths =
lib.optionals (cfg.settings.common.log_media or "" == "file") [ lib.optionals (cfg.settings.common.log_media or "" == "file") [
cfg.settings.common.log_folder cfg.settings.common.log_folder
]; ];
User = "crowdsec";
Group = "crowdsec";
# TODO: Ideally, this should be set conditionally.
# To enable access to systemd journal files.
SupplementaryGroups = [ "systemd-journal" ];
DynamicUser = true;
Type = "notify"; Type = "notify";
Restart = "always"; Restart = "always";
RestartSec = "60"; RestartSec = "60";
@ -237,7 +246,7 @@ in
RemoveIPC = true; RemoveIPC = true;
StandardOutput = "journal"; StandardOutput = "journal";
StandardError = "journal"; StandardError = "journal";
SystemCallFilter = "@system-service"; SystemCallFilter = [ "@system-service" ];
SystemCallErrorNumber = "EPERM"; SystemCallErrorNumber = "EPERM";
RestrictAddressFamilies = [ RestrictAddressFamilies = [