nixos/services/hoogle use DynamicUser instead of nobody

I've also removed PrivateTmp = true because this is implied by dynamic user.

I've left ProtectHome = true because I believe this is stronger than
ProtectHome = "read-only" which DynamicUser implies.
This commit is contained in:
Nathan van Doorn 2020-10-29 17:05:57 +00:00
parent c5d33689da
commit 12c3e0a465

View File

@ -61,10 +61,8 @@ in {
Restart = "always";
ExecStart = ''${hoogleEnv}/bin/hoogle server --local --port ${toString cfg.port} --home ${cfg.home}'';
User = "nobody";
Group = "nogroup";
DynamicUser = true;
PrivateTmp = true;
ProtectHome = true;
RuntimeDirectory = "hoogle";